ansible-playbook [core 2.12.6]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.9/site-packages/ansible
ansible collection location = /tmp/tmpke2c_s6q
executable location = /usr/bin/ansible-playbook
python version = 3.9.13 (main, May 18 2022, 00:00:00) [GCC 11.3.1 20220421 (Red Hat 11.3.1-2)]
jinja version = 2.11.3
libyaml = True
Using /etc/ansible/ansible.cfg as config file
Skipping callback 'debug', as we already have a stdout callback.
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
PLAYBOOK: rhel-7_setup.yml *****************************************************
1 plays in /cache/rhel-7_setup.yml
PLAY [Setup repos] *************************************************************
META: ran handlers
TASK [set up internal repositories] ********************************************
task path: /cache/rhel-7_setup.yml:5
Wednesday 06 July 2022 22:29:06 +0000 (0:00:00.018) 0:00:00.018 ********
ok: [/cache/rhel-7.qcow2] => (item=None) => {
"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result",
"changed": false
}
ok: [/cache/rhel-7.qcow2] => (item=None) => {
"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result",
"changed": false
}
ok: [/cache/rhel-7.qcow2] => (item=None) => {
"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result",
"changed": false
}
ok: [/cache/rhel-7.qcow2] => (item=None) => {
"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result",
"changed": false
}
ok: [/cache/rhel-7.qcow2] => {
"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result",
"changed": false
}
META: ran handlers
META: ran handlers
PLAY RECAP *********************************************************************
/cache/rhel-7.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Wednesday 06 July 2022 22:29:07 +0000 (0:00:01.410) 0:00:01.428 ********
===============================================================================
set up internal repositories -------------------------------------------- 1.41s
/cache/rhel-7_setup.yml:5 -----------------------------------------------------
PLAYBOOK: tests_fs_attrs.yml ***************************************************
3 plays in /tmp/tmpjbt6cq54/tests/tests_fs_attrs.yml
PLAY [Ensure UID and GID exists] ***********************************************
TASK [Gathering Facts] *********************************************************
task path: /tmp/tmpjbt6cq54/tests/tests_fs_attrs.yml:2
Wednesday 06 July 2022 22:29:07 +0000 (0:00:00.019) 0:00:01.447 ********
ok: [/cache/rhel-7.qcow2]
META: ran handlers
TASK [Ensure user exists] ******************************************************
task path: /tmp/tmpjbt6cq54/tests/tests_fs_attrs.yml:5
Wednesday 06 July 2022 22:29:08 +0000 (0:00:00.914) 0:00:02.362 ********
changed: [/cache/rhel-7.qcow2] => {
"changed": true,
"comment": "",
"create_home": true,
"group": 1040,
"home": "/home/user1",
"name": "user1",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1040
}
TASK [Ensure group "somegroup" exists] *****************************************
task path: /tmp/tmpjbt6cq54/tests/tests_fs_attrs.yml:9
Wednesday 06 July 2022 22:29:09 +0000 (0:00:00.540) 0:00:02.902 ********
changed: [/cache/rhel-7.qcow2] => {
"changed": true,
"gid": 1041,
"name": "somegroup",
"state": "present",
"system": false
}
META: ran handlers
META: ran handlers
PLAY [Issue certificate setting user/group] ************************************
TASK [Gathering Facts] *********************************************************
task path: /tmp/tmpjbt6cq54/tests/tests_fs_attrs.yml:13
Wednesday 06 July 2022 22:29:09 +0000 (0:00:00.483) 0:00:03.385 ********
ok: [/cache/rhel-7.qcow2]
META: ran handlers
TASK [linux-system-roles.certificate : Set version specific variables] *********
task path: /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:2
Wednesday 06 July 2022 22:29:10 +0000 (0:00:00.704) 0:00:04.090 ********
included: /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/rhel-7.qcow2
TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ******
task path: /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2
Wednesday 06 July 2022 22:29:10 +0000 (0:00:00.026) 0:00:04.116 ********
ok: [/cache/rhel-7.qcow2]
TASK [linux-system-roles.certificate : Set platform/version specific variables] ***
task path: /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8
Wednesday 06 July 2022 22:29:10 +0000 (0:00:00.406) 0:00:04.523 ********
skipping: [/cache/rhel-7.qcow2] => (item=RedHat.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "RedHat.yml",
"skip_reason": "Conditional result was False"
}
skipping: [/cache/rhel-7.qcow2] => (item=RedHat.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "RedHat.yml",
"skip_reason": "Conditional result was False"
}
ok: [/cache/rhel-7.qcow2] => (item=RedHat_7.yml) => {
"ansible_facts": {
"__certificate_default_directory": "/etc/pki/tls",
"__certificate_packages": [
"python-pyasn1",
"python-cryptography",
"python-dbus"
]
},
"ansible_included_var_files": [
"/tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/vars/RedHat_7.yml"
],
"ansible_loop_var": "item",
"changed": false,
"item": "RedHat_7.yml"
}
skipping: [/cache/rhel-7.qcow2] => (item=RedHat_7.9.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "RedHat_7.9.yml",
"skip_reason": "Conditional result was False"
}
TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] ***
task path: /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:5
Wednesday 06 July 2022 22:29:10 +0000 (0:00:00.051) 0:00:04.574 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"rc": 0,
"results": [
"python2-pyasn1-0.1.9-7.el7.noarch providing python-pyasn1 is already installed",
"python2-cryptography-1.7.2-2.el7.x86_64 providing python-cryptography is already installed",
"dbus-python-1.1.1-9.el7.x86_64 providing python-dbus is already installed"
]
}
TASK [linux-system-roles.certificate : Ensure provider packages are installed] ***
task path: /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:22
Wednesday 06 July 2022 22:29:12 +0000 (0:00:01.213) 0:00:05.788 ********
ok: [/cache/rhel-7.qcow2] => (item=certmonger) => {
"__certificate_provider": "certmonger",
"ansible_loop_var": "__certificate_provider",
"changed": false,
"rc": 0,
"results": [
"certmonger-0.78.4-17.el7_9.x86_64 providing certmonger is already installed"
]
}
TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] ***
task path: /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:33
Wednesday 06 July 2022 22:29:12 +0000 (0:00:00.562) 0:00:06.350 ********
ok: [/cache/rhel-7.qcow2] => (item=certmonger) => {
"__certificate_provider": "certmonger",
"ansible_loop_var": "__certificate_provider",
"changed": false,
"gid": 0,
"group": "root",
"mode": "0700",
"owner": "root",
"path": "/etc/certmonger//pre-scripts",
"secontext": "unconfined_u:object_r:etc_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] ***
task path: /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:59
Wednesday 06 July 2022 22:29:13 +0000 (0:00:00.463) 0:00:06.814 ********
ok: [/cache/rhel-7.qcow2] => (item=certmonger) => {
"__certificate_provider": "certmonger",
"ansible_loop_var": "__certificate_provider",
"changed": false,
"gid": 0,
"group": "root",
"mode": "0700",
"owner": "root",
"path": "/etc/certmonger//post-scripts",
"secontext": "unconfined_u:object_r:etc_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
TASK [linux-system-roles.certificate : Ensure provider service is running] *****
task path: /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:88
Wednesday 06 July 2022 22:29:13 +0000 (0:00:00.347) 0:00:07.161 ********
ok: [/cache/rhel-7.qcow2] => (item=certmonger) => {
"__certificate_provider": "certmonger",
"ansible_loop_var": "__certificate_provider",
"changed": false,
"enabled": true,
"name": "certmonger",
"state": "started",
"status": {
"ActiveEnterTimestamp": "Wed 2022-07-06 18:25:22 EDT",
"ActiveEnterTimestampMonotonic": "168479309",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
"After": "syslog.target basic.target systemd-journald.socket network.target dbus.service system.slice",
"AllowIsolate": "no",
"AmbientCapabilities": "0",
"AssertResult": "yes",
"AssertTimestamp": "Wed 2022-07-06 18:25:22 EDT",
"AssertTimestampMonotonic": "168468173",
"Before": "shutdown.target multi-user.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "18446744073709551615",
"BusName": "org.fedorahosted.certmonger",
"CPUAccounting": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "18446744073709551615",
"CanIsolate": "no",
"CanReload": "no",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "18446744073709551615",
"CollectMode": "inactive",
"ConditionResult": "yes",
"ConditionTimestamp": "Wed 2022-07-06 18:25:22 EDT",
"ConditionTimestampMonotonic": "168468173",
"Conflicts": "shutdown.target",
"ControlGroup": "/system.slice/certmonger.service",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "Certificate monitoring and PKI enrollment",
"DevicePolicy": "auto",
"EnvironmentFile": "/etc/sysconfig/certmonger (ignore_errors=yes)",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "12368",
"ExecMainStartTimestamp": "Wed 2022-07-06 18:25:22 EDT",
"ExecMainStartTimestampMonotonic": "168468803",
"ExecMainStatus": "0",
"ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /var/run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/certmonger.service",
"GuessMainPID": "yes",
"IOScheduling": "0",
"Id": "certmonger.service",
"IgnoreOnIsolate": "no",
"IgnoreOnSnapshot": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestampMonotonic": "0",
"InactiveExitTimestamp": "Wed 2022-07-06 18:25:22 EDT",
"InactiveExitTimestampMonotonic": "168468833",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "0",
"KillMode": "control-group",
"KillSignal": "15",
"LimitAS": "18446744073709551615",
"LimitCORE": "18446744073709551615",
"LimitCPU": "18446744073709551615",
"LimitDATA": "18446744073709551615",
"LimitFSIZE": "18446744073709551615",
"LimitLOCKS": "18446744073709551615",
"LimitMEMLOCK": "65536",
"LimitMSGQUEUE": "819200",
"LimitNICE": "0",
"LimitNOFILE": "4096",
"LimitNPROC": "14956",
"LimitRSS": "18446744073709551615",
"LimitRTPRIO": "0",
"LimitRTTIME": "18446744073709551615",
"LimitSIGPENDING": "14956",
"LimitSTACK": "18446744073709551615",
"LoadState": "loaded",
"MainPID": "12368",
"MemoryAccounting": "no",
"MemoryCurrent": "18446744073709551615",
"MemoryLimit": "18446744073709551615",
"MountFlags": "0",
"Names": "certmonger.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "none",
"OOMScoreAdjust": "0",
"OnFailureJobMode": "replace",
"PIDFile": "/var/run/certmonger.pid",
"PermissionsStartOnly": "no",
"PrivateDevices": "no",
"PrivateNetwork": "no",
"PrivateTmp": "no",
"ProtectHome": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"Requires": "basic.target system.slice",
"Restart": "no",
"RestartUSec": "100ms",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitInterval": "10000000",
"StartupBlockIOWeight": "18446744073709551615",
"StartupCPUShares": "18446744073709551615",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "running",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "no",
"TasksCurrent": "18446744073709551615",
"TasksMax": "18446744073709551615",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "dbus",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "enabled",
"WantedBy": "multi-user.target",
"WatchdogTimestamp": "Wed 2022-07-06 18:25:22 EDT",
"WatchdogTimestampMonotonic": "168479205",
"WatchdogUSec": "0"
}
}
TASK [linux-system-roles.certificate : Ensure certificate requests] ************
task path: /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:100
Wednesday 06 July 2022 22:29:14 +0000 (0:00:00.672) 0:00:07.834 ********
changed: [/cache/rhel-7.qcow2] => (item={'name': 'mycert_fs_attrs', 'dns': 'www.example.com', 'owner': 'ftp', 'group': 'ftp', 'ca': 'self-sign'}) => {
"ansible_loop_var": "item",
"changed": true,
"item": {
"ca": "self-sign",
"dns": "www.example.com",
"group": "ftp",
"name": "mycert_fs_attrs",
"owner": "ftp"
}
}
MSG:
Certificate requested (new). File attributes updated.
changed: [/cache/rhel-7.qcow2] => (item={'name': 'certid', 'dns': 'www.example.com', 'owner': 1040, 'group': 1041, 'ca': 'self-sign'}) => {
"ansible_loop_var": "item",
"changed": true,
"item": {
"ca": "self-sign",
"dns": "www.example.com",
"group": 1041,
"name": "certid",
"owner": 1040
}
}
MSG:
Certificate requested (new). File attributes updated.
META: role_complete for /cache/rhel-7.qcow2
META: ran handlers
META: ran handlers
PLAY [Verify certificate] ******************************************************
TASK [Gathering Facts] *********************************************************
task path: /tmp/tmpjbt6cq54/tests/tests_fs_attrs.yml:31
Wednesday 06 July 2022 22:29:15 +0000 (0:00:01.522) 0:00:09.357 ********
ok: [/cache/rhel-7.qcow2]
META: ran handlers
TASK [Verify each certificate] *************************************************
task path: /tmp/tmpjbt6cq54/tests/tests_fs_attrs.yml:60
Wednesday 06 July 2022 22:29:16 +0000 (0:00:00.692) 0:00:10.049 ********
included: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-7.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert_fs_attrs.crt', 'key_path': '/etc/pki/tls/private/mycert_fs_attrs.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'owner': 'ftp', 'group': 'ftp', 'mode': '0640'})
included: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-7.qcow2 => (item={'path': '/etc/pki/tls/certs/certid.crt', 'key_path': '/etc/pki/tls/private/certid.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'owner': 1040, 'group': 1041, 'mode': '0640'})
TASK [Set virtualenv_path] *****************************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:2
Wednesday 06 July 2022 22:29:16 +0000 (0:00:00.046) 0:00:10.095 ********
ok: [/cache/rhel-7.qcow2] => {
"ansible_facts": {
"__virtualenv_path": "/tmp/certificate-tests-venv"
},
"changed": false
}
TASK [Ensure python3 is installed] *********************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:6
Wednesday 06 July 2022 22:29:16 +0000 (0:00:00.027) 0:00:10.122 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"rc": 0,
"results": [
"python3-3.6.8-18.el7.x86_64 providing python3 is already installed"
]
}
TASK [Install the package, force upgrade] **************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:11
Wednesday 06 July 2022 22:29:16 +0000 (0:00:00.553) 0:00:10.676 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"cmd": [
"/tmp/certificate-tests-venv/bin/pip",
"install",
"-U",
"pip"
],
"name": [
"pip"
],
"requirements": null,
"state": "latest",
"version": null,
"virtualenv": "/tmp/certificate-tests-venv"
}
STDOUT:
Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1)
TASK [Install certreader] ******************************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:18
Wednesday 06 July 2022 22:29:18 +0000 (0:00:01.049) 0:00:11.726 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"cmd": [
"/tmp/certificate-tests-venv/bin/pip",
"install",
"cryptography<35",
"certreader>=0.1.1"
],
"name": [
"cryptography<35",
"certreader>=0.1.1"
],
"requirements": null,
"state": "present",
"version": null,
"virtualenv": "/tmp/certificate-tests-venv"
}
STDOUT:
Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8)
Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1)
Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.1)
Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8)
Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0)
Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21)
TASK [Retrieve certificate file stats] *****************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:26
Wednesday 06 July 2022 22:29:18 +0000 (0:00:00.813) 0:00:12.539 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"stat": {
"atime": 1657146554.4857876,
"attr_flags": "",
"attributes": [],
"block_size": 4096,
"blocks": 8,
"charset": "us-ascii",
"checksum": "4b9518b4b98d37bea6da9318e2f87f203772cf61",
"ctime": 1657146554.5207877,
"dev": 64769,
"device_type": 0,
"executable": false,
"exists": true,
"gid": 50,
"gr_name": "ftp",
"inode": 883782,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": true,
"issock": false,
"isuid": false,
"mimetype": "text/plain",
"mode": "0640",
"mtime": 1657146554.4817877,
"nlink": 1,
"path": "/etc/pki/tls/certs/mycert_fs_attrs.crt",
"pw_name": "ftp",
"readable": true,
"rgrp": true,
"roth": false,
"rusr": true,
"size": 1294,
"uid": 14,
"version": "1240543313",
"wgrp": false,
"woth": false,
"writeable": true,
"wusr": true,
"xgrp": false,
"xoth": false,
"xusr": false
}
}
TASK [Verify if certificate file exists] ***************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:31
Wednesday 06 July 2022 22:29:19 +0000 (0:00:00.435) 0:00:12.975 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify certificate file owner and group] *********************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:37
Wednesday 06 July 2022 22:29:19 +0000 (0:00:00.032) 0:00:13.007 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify certificate permissions] ******************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:49
Wednesday 06 July 2022 22:29:19 +0000 (0:00:00.046) 0:00:13.053 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Retrieve key file stats] *************************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:55
Wednesday 06 July 2022 22:29:19 +0000 (0:00:00.041) 0:00:13.095 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"stat": {
"atime": 1657146554.4357877,
"attr_flags": "",
"attributes": [],
"block_size": 4096,
"blocks": 8,
"charset": "us-ascii",
"checksum": "973cc0399c77427de48647217344a6bd565a6186",
"ctime": 1657146554.5207877,
"dev": 64769,
"device_type": 0,
"executable": false,
"exists": true,
"gid": 50,
"gr_name": "ftp",
"inode": 883781,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": true,
"issock": false,
"isuid": false,
"mimetype": "text/plain",
"mode": "0640",
"mtime": 1657146554.4817877,
"nlink": 1,
"path": "/etc/pki/tls/private/mycert_fs_attrs.key",
"pw_name": "ftp",
"readable": true,
"rgrp": true,
"roth": false,
"rusr": true,
"size": 1708,
"uid": 14,
"version": "18446744071672833585",
"wgrp": false,
"woth": false,
"writeable": true,
"wusr": true,
"xgrp": false,
"xoth": false,
"xusr": false
}
}
TASK [Verify if key file exists] ***********************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:60
Wednesday 06 July 2022 22:29:19 +0000 (0:00:00.326) 0:00:13.421 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify key file owner and group] *****************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:66
Wednesday 06 July 2022 22:29:19 +0000 (0:00:00.031) 0:00:13.453 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Parse certificate] *******************************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:78
Wednesday 06 July 2022 22:29:19 +0000 (0:00:00.044) 0:00:13.498 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"cmd": [
"/tmp/certificate-tests-venv/bin/certreader2json",
"/etc/pki/tls/certs/mycert_fs_attrs.crt"
],
"delta": "0:00:00.252809",
"end": "2022-07-06 18:29:20.042413",
"rc": 0,
"start": "2022-07-06 18:29:19.789604"
}
STDOUT:
{
"subject": [
{
"name": "commonName",
"oid": "2.5.4.3",
"value": "www.example.com"
}
],
"extensions": {
"keyUsage": {
"value": [
"digital_signature",
"key_encipherment"
],
"critical": false
},
"subjectAltName": {
"value": [
{
"name": "DNS",
"value": "www.example.com"
}
],
"critical": false
},
"extendedKeyUsage": {
"value": [
{
"name": "id-kp-serverAuth",
"oid": "1.3.6.1.5.5.7.3.1"
},
{
"name": "id-kp-clientAuth",
"oid": "1.3.6.1.5.5.7.3.2"
}
],
"critical": false
},
"basicConstraints": {
"value": {
"ca": false
},
"critical": true
},
"subjectKeyIdentifier": {
"value": "79:D3:94:FA:50:5B:94:AE:D3:B7:42:40:14:B4:54:E7:72:57:A2:41",
"critical": false
},
"authorityKeyIdentifier": {
"value": "5C:B5:F9:EF:37:B6:3A:00:66:75:0F:29:55:98:7E:09:7A:9C:E0:10",
"critical": false
}
},
"signature_algorithm": {
"algorithm": "sha256WithRSAEncryption",
"signature": "5D:BC:82:02:EE:C5:04:B8:45:49:64:95:7F:32:EE:E8:A9:0D:E4:DE:7C:49:02:5C:B5:04:DA:0B:A2:1E:07:0E:6C:EA:74:35:91:8C:CB:13:7E:88:DA:46:B6:84:C1:FB:55:FC:AC:89:F0:77:BB:BC:B8:64:3E:19:DD:FE:FD:C7:92:B7:30:C9:C9:BB:29:D3:2D:C1:CE:D0:DA:CB:8C:EA:50:AD:38:C7:88:04:62:11:CC:14:65:80:1D:2E:D6:6D:8A:62:99:B3:72:87:0D:1B:D4:AF:60:A3:73:23:81:B6:9F:42:DE:E5:0D:1F:5D:69:95:11:BD:21:A8:CA:E5:B2:2A:B3:21:DF:5A:F0:5D:DF:83:F2:19:45:B3:F8:8D:88:C3:CC:C7:20:13:A3:82:7B:22:7D:5A:84:E6:0C:CB:F9:E9:99:03:C5:52:11:E3:74:6C:8C:C5:A4:EC:41:94:7F:96:06:EE:2B:A3:3E:8C:36:13:88:6C:C8:64:94:B1:73:67:8A:1A:10:BF:58:E9:37:8F:82:E4:27:94:C6:21:8D:A8:0F:25:DB:8E:43:91:A0:62:24:E4:79:E0:2B:78:73:E5:0F:EB:06:CB:0C:2E:C2:93:4D:81:9B:D9:7B:C1:66:B6:2A:1E:18:5A:F9:0C:D6:B2:AF:B9:2F:D9:BB:3E:65"
},
"key_size": 2048,
"validity": {
"not_valid_after": "2023-07-06 22:25:22",
"not_valid_before": "2022-07-06 22:29:14"
}
}
TASK [Load certificate YAML to cert_issued variable] ***************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:83
Wednesday 06 July 2022 22:29:20 +0000 (0:00:00.677) 0:00:14.175 ********
ok: [/cache/rhel-7.qcow2] => {
"ansible_facts": {
"cert_issued": {
"extensions": {
"authorityKeyIdentifier": {
"critical": false,
"value": "5C:B5:F9:EF:37:B6:3A:00:66:75:0F:29:55:98:7E:09:7A:9C:E0:10"
},
"basicConstraints": {
"critical": true,
"value": {
"ca": false
}
},
"extendedKeyUsage": {
"critical": false,
"value": [
{
"name": "id-kp-serverAuth",
"oid": "1.3.6.1.5.5.7.3.1"
},
{
"name": "id-kp-clientAuth",
"oid": "1.3.6.1.5.5.7.3.2"
}
]
},
"keyUsage": {
"critical": false,
"value": [
"digital_signature",
"key_encipherment"
]
},
"subjectAltName": {
"critical": false,
"value": [
{
"name": "DNS",
"value": "www.example.com"
}
]
},
"subjectKeyIdentifier": {
"critical": false,
"value": "79:D3:94:FA:50:5B:94:AE:D3:B7:42:40:14:B4:54:E7:72:57:A2:41"
}
},
"key_size": 2048,
"signature_algorithm": {
"algorithm": "sha256WithRSAEncryption",
"signature": "5D:BC:82:02:EE:C5:04:B8:45:49:64:95:7F:32:EE:E8:A9:0D:E4:DE:7C:49:02:5C:B5:04:DA:0B:A2:1E:07:0E:6C:EA:74:35:91:8C:CB:13:7E:88:DA:46:B6:84:C1:FB:55:FC:AC:89:F0:77:BB:BC:B8:64:3E:19:DD:FE:FD:C7:92:B7:30:C9:C9:BB:29:D3:2D:C1:CE:D0:DA:CB:8C:EA:50:AD:38:C7:88:04:62:11:CC:14:65:80:1D:2E:D6:6D:8A:62:99:B3:72:87:0D:1B:D4:AF:60:A3:73:23:81:B6:9F:42:DE:E5:0D:1F:5D:69:95:11:BD:21:A8:CA:E5:B2:2A:B3:21:DF:5A:F0:5D:DF:83:F2:19:45:B3:F8:8D:88:C3:CC:C7:20:13:A3:82:7B:22:7D:5A:84:E6:0C:CB:F9:E9:99:03:C5:52:11:E3:74:6C:8C:C5:A4:EC:41:94:7F:96:06:EE:2B:A3:3E:8C:36:13:88:6C:C8:64:94:B1:73:67:8A:1A:10:BF:58:E9:37:8F:82:E4:27:94:C6:21:8D:A8:0F:25:DB:8E:43:91:A0:62:24:E4:79:E0:2B:78:73:E5:0F:EB:06:CB:0C:2E:C2:93:4D:81:9B:D9:7B:C1:66:B6:2A:1E:18:5A:F9:0C:D6:B2:AF:B9:2F:D9:BB:3E:65"
},
"subject": [
{
"name": "commonName",
"oid": "2.5.4.3",
"value": "www.example.com"
}
],
"validity": {
"not_valid_after": "2023-07-06 22:25:22",
"not_valid_before": "2022-07-06 22:29:14"
}
}
},
"changed": false
}
TASK [Verify certificate subject] **********************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:87
Wednesday 06 July 2022 22:29:20 +0000 (0:00:00.044) 0:00:14.220 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify certificate SAN] **************************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:96
Wednesday 06 July 2022 22:29:20 +0000 (0:00:00.043) 0:00:14.263 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify key size] *********************************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:105
Wednesday 06 July 2022 22:29:20 +0000 (0:00:00.033) 0:00:14.296 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify certificate Key Usage] ********************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:112
Wednesday 06 July 2022 22:29:20 +0000 (0:00:00.043) 0:00:14.339 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify certificate Extended Key Usage] ***********************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:125
Wednesday 06 July 2022 22:29:20 +0000 (0:00:00.044) 0:00:14.384 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Retrieve auto-renew flag] ************************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:141
Wednesday 06 July 2022 22:29:20 +0000 (0:00:00.044) 0:00:14.428 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_fs_attrs.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'",
"delta": "0:00:00.064429",
"end": "2022-07-06 18:29:20.676819",
"rc": 0,
"start": "2022-07-06 18:29:20.612390"
}
STDOUT:
yes
TASK [Verify certificate auto-renew flag] **************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:150
Wednesday 06 July 2022 22:29:21 +0000 (0:00:00.383) 0:00:14.812 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Set virtualenv_path] *****************************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:2
Wednesday 06 July 2022 22:29:21 +0000 (0:00:00.045) 0:00:14.857 ********
ok: [/cache/rhel-7.qcow2] => {
"ansible_facts": {
"__virtualenv_path": "/tmp/certificate-tests-venv"
},
"changed": false
}
TASK [Ensure python3 is installed] *********************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:6
Wednesday 06 July 2022 22:29:21 +0000 (0:00:00.026) 0:00:14.884 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"rc": 0,
"results": [
"python3-3.6.8-18.el7.x86_64 providing python3 is already installed"
]
}
TASK [Install the package, force upgrade] **************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:11
Wednesday 06 July 2022 22:29:21 +0000 (0:00:00.552) 0:00:15.437 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"cmd": [
"/tmp/certificate-tests-venv/bin/pip",
"install",
"-U",
"pip"
],
"name": [
"pip"
],
"requirements": null,
"state": "latest",
"version": null,
"virtualenv": "/tmp/certificate-tests-venv"
}
STDOUT:
Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1)
TASK [Install certreader] ******************************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:18
Wednesday 06 July 2022 22:29:22 +0000 (0:00:00.934) 0:00:16.371 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"cmd": [
"/tmp/certificate-tests-venv/bin/pip",
"install",
"cryptography<35",
"certreader>=0.1.1"
],
"name": [
"cryptography<35",
"certreader>=0.1.1"
],
"requirements": null,
"state": "present",
"version": null,
"virtualenv": "/tmp/certificate-tests-venv"
}
STDOUT:
Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8)
Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1)
Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.1)
Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8)
Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0)
Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21)
TASK [Retrieve certificate file stats] *****************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:26
Wednesday 06 July 2022 22:29:23 +0000 (0:00:00.814) 0:00:17.186 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"stat": {
"atime": 1657146555.1597877,
"attr_flags": "",
"attributes": [],
"block_size": 4096,
"blocks": 8,
"charset": "us-ascii",
"checksum": "a6aae0619c93543d03bf77a8ca703f549774f467",
"ctime": 1657146555.1877878,
"dev": 64769,
"device_type": 0,
"executable": false,
"exists": true,
"gid": 1041,
"gr_name": "somegroup",
"inode": 883780,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": true,
"issock": false,
"isuid": false,
"mimetype": "text/plain",
"mode": "0640",
"mtime": 1657146555.1567876,
"nlink": 1,
"path": "/etc/pki/tls/certs/certid.crt",
"pw_name": "user1",
"readable": true,
"rgrp": true,
"roth": false,
"rusr": true,
"size": 1294,
"uid": 1040,
"version": "18446744071958802394",
"wgrp": false,
"woth": false,
"writeable": true,
"wusr": true,
"xgrp": false,
"xoth": false,
"xusr": false
}
}
TASK [Verify if certificate file exists] ***************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:31
Wednesday 06 July 2022 22:29:23 +0000 (0:00:00.322) 0:00:17.508 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify certificate file owner and group] *********************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:37
Wednesday 06 July 2022 22:29:23 +0000 (0:00:00.032) 0:00:17.540 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify certificate permissions] ******************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:49
Wednesday 06 July 2022 22:29:23 +0000 (0:00:00.046) 0:00:17.586 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Retrieve key file stats] *************************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:55
Wednesday 06 July 2022 22:29:23 +0000 (0:00:00.044) 0:00:17.631 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"stat": {
"atime": 1657146555.1127877,
"attr_flags": "",
"attributes": [],
"block_size": 4096,
"blocks": 8,
"charset": "us-ascii",
"checksum": "3baf82e6e14e5100e95c535d03deaa429a8353ab",
"ctime": 1657146555.1887877,
"dev": 64769,
"device_type": 0,
"executable": false,
"exists": true,
"gid": 1041,
"gr_name": "somegroup",
"inode": 421241,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": true,
"issock": false,
"isuid": false,
"mimetype": "text/plain",
"mode": "0640",
"mtime": 1657146555.1567876,
"nlink": 1,
"path": "/etc/pki/tls/private/certid.key",
"pw_name": "user1",
"readable": true,
"rgrp": true,
"roth": false,
"rusr": true,
"size": 1704,
"uid": 1040,
"version": "18446744072287611060",
"wgrp": false,
"woth": false,
"writeable": true,
"wusr": true,
"xgrp": false,
"xoth": false,
"xusr": false
}
}
TASK [Verify if key file exists] ***********************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:60
Wednesday 06 July 2022 22:29:24 +0000 (0:00:00.328) 0:00:17.959 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify key file owner and group] *****************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:66
Wednesday 06 July 2022 22:29:24 +0000 (0:00:00.032) 0:00:17.991 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Parse certificate] *******************************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:78
Wednesday 06 July 2022 22:29:24 +0000 (0:00:00.045) 0:00:18.037 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"cmd": [
"/tmp/certificate-tests-venv/bin/certreader2json",
"/etc/pki/tls/certs/certid.crt"
],
"delta": "0:00:00.252821",
"end": "2022-07-06 18:29:24.473492",
"rc": 0,
"start": "2022-07-06 18:29:24.220671"
}
STDOUT:
{
"subject": [
{
"name": "commonName",
"oid": "2.5.4.3",
"value": "www.example.com"
}
],
"extensions": {
"keyUsage": {
"value": [
"digital_signature",
"key_encipherment"
],
"critical": false
},
"subjectAltName": {
"value": [
{
"name": "DNS",
"value": "www.example.com"
}
],
"critical": false
},
"extendedKeyUsage": {
"value": [
{
"name": "id-kp-serverAuth",
"oid": "1.3.6.1.5.5.7.3.1"
},
{
"name": "id-kp-clientAuth",
"oid": "1.3.6.1.5.5.7.3.2"
}
],
"critical": false
},
"basicConstraints": {
"value": {
"ca": false
},
"critical": true
},
"subjectKeyIdentifier": {
"value": "D0:7E:C9:C2:35:96:17:76:82:05:1E:33:0C:59:BE:C2:8B:9E:75:FB",
"critical": false
},
"authorityKeyIdentifier": {
"value": "5C:B5:F9:EF:37:B6:3A:00:66:75:0F:29:55:98:7E:09:7A:9C:E0:10",
"critical": false
}
},
"signature_algorithm": {
"algorithm": "sha256WithRSAEncryption",
"signature": "56:5F:04:2C:B5:34:C7:84:2D:9E:34:8D:17:C9:0C:20:80:BB:AA:5F:51:80:72:6A:D5:83:73:37:30:77:53:74:96:16:57:6B:BE:DD:69:3E:E3:AB:D2:F5:A9:58:D9:E2:1E:77:65:41:A1:BC:44:17:20:08:37:8B:53:A5:AA:31:7D:9A:18:E1:6F:6B:EC:F4:15:4B:F1:D3:31:A3:13:E8:5C:DD:AB:20:C2:95:AB:08:6B:8C:6C:7B:70:C7:9E:49:71:EE:66:8E:C9:54:E0:34:59:84:DD:1F:AB:48:C1:89:17:B8:8F:C6:C5:04:DC:C1:7C:9F:00:42:FF:23:05:1A:FA:87:92:11:2E:4C:56:E3:2D:CD:19:0E:3C:98:2A:AC:21:4D:1E:E1:C2:8D:5F:CF:58:A6:60:68:CA:51:63:46:C1:E5:73:1B:15:03:CE:D7:47:06:E3:9D:7B:78:F7:FC:3E:AA:69:C5:43:5E:1A:3E:1D:AB:22:DC:0C:A4:DF:41:97:FE:90:1F:48:0D:18:9D:84:08:6A:23:61:66:65:A4:1A:79:5E:D1:A3:69:AA:42:43:D6:C2:FC:96:A7:C7:73:D5:5F:93:04:76:A5:D7:9D:4F:3B:87:B0:2B:CC:B2:4A:B2:6E:98:42:FC:75:12:EE:F0:7C:C6:02:3A:BB:FA:F9"
},
"key_size": 2048,
"validity": {
"not_valid_after": "2023-07-06 22:25:22",
"not_valid_before": "2022-07-06 22:29:15"
}
}
TASK [Load certificate YAML to cert_issued variable] ***************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:83
Wednesday 06 July 2022 22:29:24 +0000 (0:00:00.569) 0:00:18.607 ********
ok: [/cache/rhel-7.qcow2] => {
"ansible_facts": {
"cert_issued": {
"extensions": {
"authorityKeyIdentifier": {
"critical": false,
"value": "5C:B5:F9:EF:37:B6:3A:00:66:75:0F:29:55:98:7E:09:7A:9C:E0:10"
},
"basicConstraints": {
"critical": true,
"value": {
"ca": false
}
},
"extendedKeyUsage": {
"critical": false,
"value": [
{
"name": "id-kp-serverAuth",
"oid": "1.3.6.1.5.5.7.3.1"
},
{
"name": "id-kp-clientAuth",
"oid": "1.3.6.1.5.5.7.3.2"
}
]
},
"keyUsage": {
"critical": false,
"value": [
"digital_signature",
"key_encipherment"
]
},
"subjectAltName": {
"critical": false,
"value": [
{
"name": "DNS",
"value": "www.example.com"
}
]
},
"subjectKeyIdentifier": {
"critical": false,
"value": "D0:7E:C9:C2:35:96:17:76:82:05:1E:33:0C:59:BE:C2:8B:9E:75:FB"
}
},
"key_size": 2048,
"signature_algorithm": {
"algorithm": "sha256WithRSAEncryption",
"signature": "56:5F:04:2C:B5:34:C7:84:2D:9E:34:8D:17:C9:0C:20:80:BB:AA:5F:51:80:72:6A:D5:83:73:37:30:77:53:74:96:16:57:6B:BE:DD:69:3E:E3:AB:D2:F5:A9:58:D9:E2:1E:77:65:41:A1:BC:44:17:20:08:37:8B:53:A5:AA:31:7D:9A:18:E1:6F:6B:EC:F4:15:4B:F1:D3:31:A3:13:E8:5C:DD:AB:20:C2:95:AB:08:6B:8C:6C:7B:70:C7:9E:49:71:EE:66:8E:C9:54:E0:34:59:84:DD:1F:AB:48:C1:89:17:B8:8F:C6:C5:04:DC:C1:7C:9F:00:42:FF:23:05:1A:FA:87:92:11:2E:4C:56:E3:2D:CD:19:0E:3C:98:2A:AC:21:4D:1E:E1:C2:8D:5F:CF:58:A6:60:68:CA:51:63:46:C1:E5:73:1B:15:03:CE:D7:47:06:E3:9D:7B:78:F7:FC:3E:AA:69:C5:43:5E:1A:3E:1D:AB:22:DC:0C:A4:DF:41:97:FE:90:1F:48:0D:18:9D:84:08:6A:23:61:66:65:A4:1A:79:5E:D1:A3:69:AA:42:43:D6:C2:FC:96:A7:C7:73:D5:5F:93:04:76:A5:D7:9D:4F:3B:87:B0:2B:CC:B2:4A:B2:6E:98:42:FC:75:12:EE:F0:7C:C6:02:3A:BB:FA:F9"
},
"subject": [
{
"name": "commonName",
"oid": "2.5.4.3",
"value": "www.example.com"
}
],
"validity": {
"not_valid_after": "2023-07-06 22:25:22",
"not_valid_before": "2022-07-06 22:29:15"
}
}
},
"changed": false
}
TASK [Verify certificate subject] **********************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:87
Wednesday 06 July 2022 22:29:24 +0000 (0:00:00.043) 0:00:18.650 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify certificate SAN] **************************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:96
Wednesday 06 July 2022 22:29:24 +0000 (0:00:00.043) 0:00:18.694 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify key size] *********************************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:105
Wednesday 06 July 2022 22:29:25 +0000 (0:00:00.031) 0:00:18.725 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify certificate Key Usage] ********************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:112
Wednesday 06 July 2022 22:29:25 +0000 (0:00:00.043) 0:00:18.768 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify certificate Extended Key Usage] ***********************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:125
Wednesday 06 July 2022 22:29:25 +0000 (0:00:00.043) 0:00:18.811 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Retrieve auto-renew flag] ************************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:141
Wednesday 06 July 2022 22:29:25 +0000 (0:00:00.042) 0:00:18.854 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/certid.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'",
"delta": "0:00:00.060073",
"end": "2022-07-06 18:29:25.082870",
"rc": 0,
"start": "2022-07-06 18:29:25.022797"
}
STDOUT:
yes
TASK [Verify certificate auto-renew flag] **************************************
task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:150
Wednesday 06 July 2022 22:29:25 +0000 (0:00:00.360) 0:00:19.215 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
META: ran handlers
META: ran handlers
PLAY RECAP *********************************************************************
/cache/rhel-7.qcow2 : ok=57 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Wednesday 06 July 2022 22:29:25 +0000 (0:00:00.050) 0:00:19.265 ********
===============================================================================
linux-system-roles.certificate : Ensure certificate requests ------------ 1.52s
/tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:100
set up internal repositories -------------------------------------------- 1.41s
/cache/rhel-7_setup.yml:5 -----------------------------------------------------
linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 1.21s
/tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 --
Install the package, force upgrade -------------------------------------- 1.05s
/tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:11 -------------
Install the package, force upgrade -------------------------------------- 0.93s
/tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:11 -------------
Gathering Facts --------------------------------------------------------- 0.91s
/tmp/tmpjbt6cq54/tests/tests_fs_attrs.yml:2 -----------------------------------
Install certreader ------------------------------------------------------ 0.81s
/tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:18 -------------
Install certreader ------------------------------------------------------ 0.81s
/tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:18 -------------
Gathering Facts --------------------------------------------------------- 0.70s
/tmp/tmpjbt6cq54/tests/tests_fs_attrs.yml:13 ----------------------------------
Gathering Facts --------------------------------------------------------- 0.69s
/tmp/tmpjbt6cq54/tests/tests_fs_attrs.yml:31 ----------------------------------
Parse certificate ------------------------------------------------------- 0.68s
/tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:78 -------------
linux-system-roles.certificate : Ensure provider service is running ----- 0.67s
/tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 -
Parse certificate ------------------------------------------------------- 0.57s
/tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:78 -------------
linux-system-roles.certificate : Ensure provider packages are installed --- 0.56s
/tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 -
Ensure python3 is installed --------------------------------------------- 0.55s
/tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:6 --------------
Ensure python3 is installed --------------------------------------------- 0.55s
/tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:6 --------------
Ensure user exists ------------------------------------------------------ 0.54s
/tmp/tmpjbt6cq54/tests/tests_fs_attrs.yml:5 -----------------------------------
Ensure group "somegroup" exists ----------------------------------------- 0.48s
/tmp/tmpjbt6cq54/tests/tests_fs_attrs.yml:9 -----------------------------------
linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.46s
/tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 -
Retrieve certificate file stats ----------------------------------------- 0.44s
/tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:26 -------------
ansible-playbook [core 2.12.6]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.9/site-packages/ansible
ansible collection location = /tmp/tmpke2c_s6q
executable location = /usr/bin/ansible-playbook
python version = 3.9.13 (main, May 18 2022, 00:00:00) [GCC 11.3.1 20220421 (Red Hat 11.3.1-2)]
jinja version = 2.11.3
libyaml = True
Using /etc/ansible/ansible.cfg as config file
Skipping callback 'debug', as we already have a stdout callback.
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
PLAYBOOK: rhel-7_setup.yml *****************************************************
1 plays in /cache/rhel-7_setup.yml
PLAY [Setup repos] *************************************************************
META: ran handlers
TASK [set up internal repositories] ********************************************
task path: /cache/rhel-7_setup.yml:5
Wednesday 06 July 2022 22:38:45 +0000 (0:00:00.026) 0:00:00.026 ********
ok: [/cache/rhel-7.qcow2] => (item=None) => {
"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result",
"changed": false
}
ok: [/cache/rhel-7.qcow2] => (item=None) => {
"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result",
"changed": false
}
ok: [/cache/rhel-7.qcow2] => (item=None) => {
"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result",
"changed": false
}
ok: [/cache/rhel-7.qcow2] => (item=None) => {
"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result",
"changed": false
}
ok: [/cache/rhel-7.qcow2] => {
"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result",
"changed": false
}
META: ran handlers
META: ran handlers
PLAY RECAP *********************************************************************
/cache/rhel-7.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Wednesday 06 July 2022 22:38:47 +0000 (0:00:01.437) 0:00:01.463 ********
===============================================================================
set up internal repositories -------------------------------------------- 1.44s
/cache/rhel-7_setup.yml:5 -----------------------------------------------------
PLAYBOOK: tests_fs_attrs.yml ***************************************************
3 plays in /tmp/tmp5zfmitu6/tests/certificate/tests_fs_attrs.yml
PLAY [Ensure UID and GID exists] ***********************************************
TASK [Gathering Facts] *********************************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tests_fs_attrs.yml:2
Wednesday 06 July 2022 22:38:47 +0000 (0:00:00.023) 0:00:01.487 ********
ok: [/cache/rhel-7.qcow2]
META: ran handlers
TASK [Ensure user exists] ******************************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tests_fs_attrs.yml:5
Wednesday 06 July 2022 22:38:47 +0000 (0:00:00.926) 0:00:02.413 ********
changed: [/cache/rhel-7.qcow2] => {
"changed": true,
"comment": "",
"create_home": true,
"group": 1040,
"home": "/home/user1",
"name": "user1",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1040
}
TASK [Ensure group "somegroup" exists] *****************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tests_fs_attrs.yml:9
Wednesday 06 July 2022 22:38:48 +0000 (0:00:00.533) 0:00:02.947 ********
changed: [/cache/rhel-7.qcow2] => {
"changed": true,
"gid": 1041,
"name": "somegroup",
"state": "present",
"system": false
}
META: ran handlers
META: ran handlers
PLAY [Issue certificate setting user/group] ************************************
TASK [Gathering Facts] *********************************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tests_fs_attrs.yml:13
Wednesday 06 July 2022 22:38:48 +0000 (0:00:00.462) 0:00:03.410 ********
ok: [/cache/rhel-7.qcow2]
META: ran handlers
TASK [fedora.linux_system_roles.certificate : Set version specific variables] ***
task path: /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2
Wednesday 06 July 2022 22:38:49 +0000 (0:00:00.694) 0:00:04.104 ********
included: /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/rhel-7.qcow2
TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] ***
task path: /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2
Wednesday 06 July 2022 22:38:49 +0000 (0:00:00.027) 0:00:04.131 ********
ok: [/cache/rhel-7.qcow2]
TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] ***
task path: /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7
Wednesday 06 July 2022 22:38:50 +0000 (0:00:00.425) 0:00:04.557 ********
skipping: [/cache/rhel-7.qcow2] => (item=RedHat.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "RedHat.yml",
"skip_reason": "Conditional result was False"
}
skipping: [/cache/rhel-7.qcow2] => (item=RedHat.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "RedHat.yml",
"skip_reason": "Conditional result was False"
}
ok: [/cache/rhel-7.qcow2] => (item=RedHat_7.yml) => {
"ansible_facts": {
"__certificate_default_directory": "/etc/pki/tls",
"__certificate_packages": [
"python-pyasn1",
"python-cryptography",
"python-dbus"
]
},
"ansible_included_var_files": [
"/tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/RedHat_7.yml"
],
"ansible_loop_var": "item",
"changed": false,
"item": "RedHat_7.yml"
}
skipping: [/cache/rhel-7.qcow2] => (item=RedHat_7.9.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "RedHat_7.9.yml",
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] ***
task path: /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5
Wednesday 06 July 2022 22:38:50 +0000 (0:00:00.050) 0:00:04.607 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"rc": 0,
"results": [
"python2-pyasn1-0.1.9-7.el7.noarch providing python-pyasn1 is already installed",
"python2-cryptography-1.7.2-2.el7.x86_64 providing python-cryptography is already installed",
"dbus-python-1.1.1-9.el7.x86_64 providing python-dbus is already installed"
]
}
TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] ***
task path: /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22
Wednesday 06 July 2022 22:38:51 +0000 (0:00:01.197) 0:00:05.805 ********
ok: [/cache/rhel-7.qcow2] => (item=certmonger) => {
"__certificate_provider": "certmonger",
"ansible_loop_var": "__certificate_provider",
"changed": false,
"rc": 0,
"results": [
"certmonger-0.78.4-17.el7_9.x86_64 providing certmonger is already installed"
]
}
TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] ***
task path: /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33
Wednesday 06 July 2022 22:38:51 +0000 (0:00:00.590) 0:00:06.396 ********
ok: [/cache/rhel-7.qcow2] => (item=certmonger) => {
"__certificate_provider": "certmonger",
"ansible_loop_var": "__certificate_provider",
"changed": false,
"gid": 0,
"group": "root",
"mode": "0700",
"owner": "root",
"path": "/etc/certmonger//pre-scripts",
"secontext": "unconfined_u:object_r:etc_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] ***
task path: /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59
Wednesday 06 July 2022 22:38:52 +0000 (0:00:00.461) 0:00:06.857 ********
ok: [/cache/rhel-7.qcow2] => (item=certmonger) => {
"__certificate_provider": "certmonger",
"ansible_loop_var": "__certificate_provider",
"changed": false,
"gid": 0,
"group": "root",
"mode": "0700",
"owner": "root",
"path": "/etc/certmonger//post-scripts",
"secontext": "unconfined_u:object_r:etc_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] ***
task path: /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88
Wednesday 06 July 2022 22:38:52 +0000 (0:00:00.342) 0:00:07.200 ********
ok: [/cache/rhel-7.qcow2] => (item=certmonger) => {
"__certificate_provider": "certmonger",
"ansible_loop_var": "__certificate_provider",
"changed": false,
"enabled": true,
"name": "certmonger",
"state": "started",
"status": {
"ActiveEnterTimestamp": "Wed 2022-07-06 18:34:59 EDT",
"ActiveEnterTimestampMonotonic": "168076552",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
"After": "basic.target systemd-journald.socket dbus.service syslog.target network.target system.slice",
"AllowIsolate": "no",
"AmbientCapabilities": "0",
"AssertResult": "yes",
"AssertTimestamp": "Wed 2022-07-06 18:34:59 EDT",
"AssertTimestampMonotonic": "168065283",
"Before": "multi-user.target shutdown.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "18446744073709551615",
"BusName": "org.fedorahosted.certmonger",
"CPUAccounting": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "18446744073709551615",
"CanIsolate": "no",
"CanReload": "no",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "18446744073709551615",
"CollectMode": "inactive",
"ConditionResult": "yes",
"ConditionTimestamp": "Wed 2022-07-06 18:34:59 EDT",
"ConditionTimestampMonotonic": "168065282",
"Conflicts": "shutdown.target",
"ControlGroup": "/system.slice/certmonger.service",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "Certificate monitoring and PKI enrollment",
"DevicePolicy": "auto",
"EnvironmentFile": "/etc/sysconfig/certmonger (ignore_errors=yes)",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "12367",
"ExecMainStartTimestamp": "Wed 2022-07-06 18:34:59 EDT",
"ExecMainStartTimestampMonotonic": "168065868",
"ExecMainStatus": "0",
"ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /var/run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/certmonger.service",
"GuessMainPID": "yes",
"IOScheduling": "0",
"Id": "certmonger.service",
"IgnoreOnIsolate": "no",
"IgnoreOnSnapshot": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestampMonotonic": "0",
"InactiveExitTimestamp": "Wed 2022-07-06 18:34:59 EDT",
"InactiveExitTimestampMonotonic": "168065897",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "0",
"KillMode": "control-group",
"KillSignal": "15",
"LimitAS": "18446744073709551615",
"LimitCORE": "18446744073709551615",
"LimitCPU": "18446744073709551615",
"LimitDATA": "18446744073709551615",
"LimitFSIZE": "18446744073709551615",
"LimitLOCKS": "18446744073709551615",
"LimitMEMLOCK": "65536",
"LimitMSGQUEUE": "819200",
"LimitNICE": "0",
"LimitNOFILE": "4096",
"LimitNPROC": "14956",
"LimitRSS": "18446744073709551615",
"LimitRTPRIO": "0",
"LimitRTTIME": "18446744073709551615",
"LimitSIGPENDING": "14956",
"LimitSTACK": "18446744073709551615",
"LoadState": "loaded",
"MainPID": "12367",
"MemoryAccounting": "no",
"MemoryCurrent": "18446744073709551615",
"MemoryLimit": "18446744073709551615",
"MountFlags": "0",
"Names": "certmonger.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "none",
"OOMScoreAdjust": "0",
"OnFailureJobMode": "replace",
"PIDFile": "/var/run/certmonger.pid",
"PermissionsStartOnly": "no",
"PrivateDevices": "no",
"PrivateNetwork": "no",
"PrivateTmp": "no",
"ProtectHome": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"Requires": "basic.target system.slice",
"Restart": "no",
"RestartUSec": "100ms",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitInterval": "10000000",
"StartupBlockIOWeight": "18446744073709551615",
"StartupCPUShares": "18446744073709551615",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "running",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "no",
"TasksCurrent": "18446744073709551615",
"TasksMax": "18446744073709551615",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "dbus",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "enabled",
"WantedBy": "multi-user.target",
"WatchdogTimestamp": "Wed 2022-07-06 18:34:59 EDT",
"WatchdogTimestampMonotonic": "168076513",
"WatchdogUSec": "0"
}
}
TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] *****
task path: /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99
Wednesday 06 July 2022 22:38:53 +0000 (0:00:00.674) 0:00:07.874 ********
changed: [/cache/rhel-7.qcow2] => (item={'name': 'mycert_fs_attrs', 'dns': 'www.example.com', 'owner': 'ftp', 'group': 'ftp', 'ca': 'self-sign'}) => {
"ansible_loop_var": "item",
"changed": true,
"item": {
"ca": "self-sign",
"dns": "www.example.com",
"group": "ftp",
"name": "mycert_fs_attrs",
"owner": "ftp"
}
}
MSG:
Certificate requested (new). File attributes updated.
changed: [/cache/rhel-7.qcow2] => (item={'name': 'certid', 'dns': 'www.example.com', 'owner': 1040, 'group': 1041, 'ca': 'self-sign'}) => {
"ansible_loop_var": "item",
"changed": true,
"item": {
"ca": "self-sign",
"dns": "www.example.com",
"group": 1041,
"name": "certid",
"owner": 1040
}
}
MSG:
Certificate requested (new). File attributes updated.
META: role_complete for /cache/rhel-7.qcow2
META: ran handlers
META: ran handlers
PLAY [Verify certificate] ******************************************************
TASK [Gathering Facts] *********************************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tests_fs_attrs.yml:31
Wednesday 06 July 2022 22:38:55 +0000 (0:00:01.847) 0:00:09.722 ********
ok: [/cache/rhel-7.qcow2]
META: ran handlers
TASK [Verify each certificate] *************************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tests_fs_attrs.yml:60
Wednesday 06 July 2022 22:38:55 +0000 (0:00:00.699) 0:00:10.422 ********
included: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-7.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert_fs_attrs.crt', 'key_path': '/etc/pki/tls/private/mycert_fs_attrs.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'owner': 'ftp', 'group': 'ftp', 'mode': '0640'})
included: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-7.qcow2 => (item={'path': '/etc/pki/tls/certs/certid.crt', 'key_path': '/etc/pki/tls/private/certid.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'owner': 1040, 'group': 1041, 'mode': '0640'})
TASK [Set virtualenv_path] *****************************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:2
Wednesday 06 July 2022 22:38:56 +0000 (0:00:00.071) 0:00:10.494 ********
ok: [/cache/rhel-7.qcow2] => {
"ansible_facts": {
"__virtualenv_path": "/tmp/certificate-tests-venv"
},
"changed": false
}
TASK [Ensure python3 is installed] *********************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:6
Wednesday 06 July 2022 22:38:56 +0000 (0:00:00.025) 0:00:10.519 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"rc": 0,
"results": [
"python3-3.6.8-18.el7.x86_64 providing python3 is already installed"
]
}
TASK [Install the package, force upgrade] **************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:11
Wednesday 06 July 2022 22:38:56 +0000 (0:00:00.545) 0:00:11.064 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"cmd": [
"/tmp/certificate-tests-venv/bin/pip",
"install",
"-U",
"pip"
],
"name": [
"pip"
],
"requirements": null,
"state": "latest",
"version": null,
"virtualenv": "/tmp/certificate-tests-venv"
}
STDOUT:
Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1)
TASK [Install certreader] ******************************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:18
Wednesday 06 July 2022 22:38:57 +0000 (0:00:01.058) 0:00:12.123 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"cmd": [
"/tmp/certificate-tests-venv/bin/pip",
"install",
"cryptography<35",
"certreader>=0.1.1"
],
"name": [
"cryptography<35",
"certreader>=0.1.1"
],
"requirements": null,
"state": "present",
"version": null,
"virtualenv": "/tmp/certificate-tests-venv"
}
STDOUT:
Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8)
Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1)
Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.1)
Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8)
Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0)
Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21)
TASK [Retrieve certificate file stats] *****************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:26
Wednesday 06 July 2022 22:38:58 +0000 (0:00:00.799) 0:00:12.922 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"stat": {
"atime": 1657147133.2243166,
"attr_flags": "",
"attributes": [],
"block_size": 4096,
"blocks": 8,
"charset": "us-ascii",
"checksum": "483b56665be3f94a5154c215874337b88a71cef1",
"ctime": 1657147133.2893167,
"dev": 64769,
"device_type": 0,
"executable": false,
"exists": true,
"gid": 50,
"gr_name": "ftp",
"inode": 884887,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": true,
"issock": false,
"isuid": false,
"mimetype": "text/plain",
"mode": "0640",
"mtime": 1657147133.2213166,
"nlink": 1,
"path": "/etc/pki/tls/certs/mycert_fs_attrs.crt",
"pw_name": "ftp",
"readable": true,
"rgrp": true,
"roth": false,
"rusr": true,
"size": 1294,
"uid": 14,
"version": "18446744071927301363",
"wgrp": false,
"woth": false,
"writeable": true,
"wusr": true,
"xgrp": false,
"xoth": false,
"xusr": false
}
}
TASK [Verify if certificate file exists] ***************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:31
Wednesday 06 July 2022 22:38:58 +0000 (0:00:00.441) 0:00:13.364 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify certificate file owner and group] *********************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:37
Wednesday 06 July 2022 22:38:58 +0000 (0:00:00.030) 0:00:13.394 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify certificate permissions] ******************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:47
Wednesday 06 July 2022 22:38:58 +0000 (0:00:00.044) 0:00:13.439 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Retrieve key file stats] *************************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:53
Wednesday 06 July 2022 22:38:59 +0000 (0:00:00.041) 0:00:13.481 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"stat": {
"atime": 1657147133.1773167,
"attr_flags": "",
"attributes": [],
"block_size": 4096,
"blocks": 8,
"charset": "us-ascii",
"checksum": "6ee9346d2c4ff08b8d246a65c78e7e82f16637da",
"ctime": 1657147133.2903166,
"dev": 64769,
"device_type": 0,
"executable": false,
"exists": true,
"gid": 50,
"gr_name": "ftp",
"inode": 884886,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": true,
"issock": false,
"isuid": false,
"mimetype": "text/plain",
"mode": "0640",
"mtime": 1657147133.2213166,
"nlink": 1,
"path": "/etc/pki/tls/private/mycert_fs_attrs.key",
"pw_name": "ftp",
"readable": true,
"rgrp": true,
"roth": false,
"rusr": true,
"size": 1704,
"uid": 14,
"version": "18446744073042884344",
"wgrp": false,
"woth": false,
"writeable": true,
"wusr": true,
"xgrp": false,
"xoth": false,
"xusr": false
}
}
TASK [Verify if key file exists] ***********************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:58
Wednesday 06 July 2022 22:38:59 +0000 (0:00:00.319) 0:00:13.800 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify key file owner and group] *****************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:64
Wednesday 06 July 2022 22:38:59 +0000 (0:00:00.030) 0:00:13.831 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Parse certificate] *******************************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:74
Wednesday 06 July 2022 22:38:59 +0000 (0:00:00.045) 0:00:13.877 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"cmd": [
"/tmp/certificate-tests-venv/bin/certreader2json",
"/etc/pki/tls/certs/mycert_fs_attrs.crt"
],
"delta": "0:00:00.267167",
"end": "2022-07-06 18:38:59.041862",
"rc": 0,
"start": "2022-07-06 18:38:58.774695"
}
STDOUT:
{
"subject": [
{
"name": "commonName",
"oid": "2.5.4.3",
"value": "www.example.com"
}
],
"extensions": {
"keyUsage": {
"value": [
"digital_signature",
"key_encipherment"
],
"critical": false
},
"subjectAltName": {
"value": [
{
"name": "DNS",
"value": "www.example.com"
}
],
"critical": false
},
"extendedKeyUsage": {
"value": [
{
"name": "id-kp-serverAuth",
"oid": "1.3.6.1.5.5.7.3.1"
},
{
"name": "id-kp-clientAuth",
"oid": "1.3.6.1.5.5.7.3.2"
}
],
"critical": false
},
"basicConstraints": {
"value": {
"ca": false
},
"critical": true
},
"subjectKeyIdentifier": {
"value": "A7:C2:EA:3A:77:0E:DC:DB:3B:91:0E:5C:6B:4B:E3:DF:36:FE:8E:9C",
"critical": false
},
"authorityKeyIdentifier": {
"value": "AA:FA:3B:D5:1D:F9:BA:48:A3:9E:42:C6:70:FF:42:C3:C1:C4:59:A8",
"critical": false
}
},
"signature_algorithm": {
"algorithm": "sha256WithRSAEncryption",
"signature": "5D:5F:0A:5E:56:46:14:7F:83:D3:C4:3B:5F:0A:74:B1:30:F6:71:77:9E:3D:2E:85:07:C4:4C:E9:22:64:4E:2F:80:ED:01:F1:2A:71:C4:04:E9:DD:39:3C:D3:6F:B8:30:F9:61:31:85:5B:E5:90:95:CA:21:6D:26:FA:9E:81:99:B4:91:E3:D9:79:09:2C:B1:7A:C7:38:74:AF:D0:38:22:F2:F8:02:70:30:FE:DE:EC:E9:C0:FF:06:88:A6:2E:69:CB:B9:C1:BD:9E:4B:AE:FF:3A:E3:DD:AC:4B:60:F6:23:8D:55:D9:4A:70:E5:FB:11:9F:70:2C:5D:05:D8:2B:D7:D1:3F:6F:D8:D3:1B:28:23:97:7D:77:AF:6A:14:83:5B:83:51:38:AD:3D:61:E1:66:78:43:9D:57:20:A1:27:5A:42:FA:EA:24:21:5E:4F:F7:52:28:EC:5D:91:8E:C0:7A:1F:33:F9:B8:CA:42:59:6F:26:8B:F7:BD:58:CE:94:3E:25:73:77:1E:C4:54:39:6D:27:75:83:4E:6C:55:47:32:66:E4:0D:4D:D5:47:28:CE:EF:AC:BD:D6:45:1D:B8:33:4B:D4:E9:03:38:6C:58:BA:3B:E0:01:D1:9B:D9:50:A2:D7:42:38:3C:2B:7C:CE:78:2D:A1:17:8C:AA:73:18:3E"
},
"key_size": 2048,
"validity": {
"not_valid_after": "2023-07-06 22:34:59",
"not_valid_before": "2022-07-06 22:38:53"
}
}
TASK [Load certificate YAML to cert_issued variable] ***************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:79
Wednesday 06 July 2022 22:39:00 +0000 (0:00:00.698) 0:00:14.575 ********
ok: [/cache/rhel-7.qcow2] => {
"ansible_facts": {
"cert_issued": {
"extensions": {
"authorityKeyIdentifier": {
"critical": false,
"value": "AA:FA:3B:D5:1D:F9:BA:48:A3:9E:42:C6:70:FF:42:C3:C1:C4:59:A8"
},
"basicConstraints": {
"critical": true,
"value": {
"ca": false
}
},
"extendedKeyUsage": {
"critical": false,
"value": [
{
"name": "id-kp-serverAuth",
"oid": "1.3.6.1.5.5.7.3.1"
},
{
"name": "id-kp-clientAuth",
"oid": "1.3.6.1.5.5.7.3.2"
}
]
},
"keyUsage": {
"critical": false,
"value": [
"digital_signature",
"key_encipherment"
]
},
"subjectAltName": {
"critical": false,
"value": [
{
"name": "DNS",
"value": "www.example.com"
}
]
},
"subjectKeyIdentifier": {
"critical": false,
"value": "A7:C2:EA:3A:77:0E:DC:DB:3B:91:0E:5C:6B:4B:E3:DF:36:FE:8E:9C"
}
},
"key_size": 2048,
"signature_algorithm": {
"algorithm": "sha256WithRSAEncryption",
"signature": "5D:5F:0A:5E:56:46:14:7F:83:D3:C4:3B:5F:0A:74:B1:30:F6:71:77:9E:3D:2E:85:07:C4:4C:E9:22:64:4E:2F:80:ED:01:F1:2A:71:C4:04:E9:DD:39:3C:D3:6F:B8:30:F9:61:31:85:5B:E5:90:95:CA:21:6D:26:FA:9E:81:99:B4:91:E3:D9:79:09:2C:B1:7A:C7:38:74:AF:D0:38:22:F2:F8:02:70:30:FE:DE:EC:E9:C0:FF:06:88:A6:2E:69:CB:B9:C1:BD:9E:4B:AE:FF:3A:E3:DD:AC:4B:60:F6:23:8D:55:D9:4A:70:E5:FB:11:9F:70:2C:5D:05:D8:2B:D7:D1:3F:6F:D8:D3:1B:28:23:97:7D:77:AF:6A:14:83:5B:83:51:38:AD:3D:61:E1:66:78:43:9D:57:20:A1:27:5A:42:FA:EA:24:21:5E:4F:F7:52:28:EC:5D:91:8E:C0:7A:1F:33:F9:B8:CA:42:59:6F:26:8B:F7:BD:58:CE:94:3E:25:73:77:1E:C4:54:39:6D:27:75:83:4E:6C:55:47:32:66:E4:0D:4D:D5:47:28:CE:EF:AC:BD:D6:45:1D:B8:33:4B:D4:E9:03:38:6C:58:BA:3B:E0:01:D1:9B:D9:50:A2:D7:42:38:3C:2B:7C:CE:78:2D:A1:17:8C:AA:73:18:3E"
},
"subject": [
{
"name": "commonName",
"oid": "2.5.4.3",
"value": "www.example.com"
}
],
"validity": {
"not_valid_after": "2023-07-06 22:34:59",
"not_valid_before": "2022-07-06 22:38:53"
}
}
},
"changed": false
}
TASK [Verify certificate subject] **********************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:83
Wednesday 06 July 2022 22:39:00 +0000 (0:00:00.042) 0:00:14.617 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify certificate SAN] **************************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:91
Wednesday 06 July 2022 22:39:00 +0000 (0:00:00.041) 0:00:14.659 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify key size] *********************************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:99
Wednesday 06 July 2022 22:39:00 +0000 (0:00:00.031) 0:00:14.690 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify certificate Key Usage] ********************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:106
Wednesday 06 July 2022 22:39:00 +0000 (0:00:00.043) 0:00:14.734 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify certificate Extended Key Usage] ***********************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:118
Wednesday 06 July 2022 22:39:00 +0000 (0:00:00.043) 0:00:14.777 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Retrieve auto-renew flag] ************************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:132
Wednesday 06 July 2022 22:39:00 +0000 (0:00:00.045) 0:00:14.823 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_fs_attrs.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'",
"delta": "0:00:00.064565",
"end": "2022-07-06 18:38:59.674075",
"rc": 0,
"start": "2022-07-06 18:38:59.609510"
}
STDOUT:
yes
TASK [Verify certificate auto-renew flag] **************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:141
Wednesday 06 July 2022 22:39:00 +0000 (0:00:00.380) 0:00:15.203 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Set virtualenv_path] *****************************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:2
Wednesday 06 July 2022 22:39:00 +0000 (0:00:00.058) 0:00:15.262 ********
ok: [/cache/rhel-7.qcow2] => {
"ansible_facts": {
"__virtualenv_path": "/tmp/certificate-tests-venv"
},
"changed": false
}
TASK [Ensure python3 is installed] *********************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:6
Wednesday 06 July 2022 22:39:00 +0000 (0:00:00.025) 0:00:15.287 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"rc": 0,
"results": [
"python3-3.6.8-18.el7.x86_64 providing python3 is already installed"
]
}
TASK [Install the package, force upgrade] **************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:11
Wednesday 06 July 2022 22:39:01 +0000 (0:00:00.538) 0:00:15.826 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"cmd": [
"/tmp/certificate-tests-venv/bin/pip",
"install",
"-U",
"pip"
],
"name": [
"pip"
],
"requirements": null,
"state": "latest",
"version": null,
"virtualenv": "/tmp/certificate-tests-venv"
}
STDOUT:
Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1)
TASK [Install certreader] ******************************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:18
Wednesday 06 July 2022 22:39:02 +0000 (0:00:00.975) 0:00:16.802 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"cmd": [
"/tmp/certificate-tests-venv/bin/pip",
"install",
"cryptography<35",
"certreader>=0.1.1"
],
"name": [
"cryptography<35",
"certreader>=0.1.1"
],
"requirements": null,
"state": "present",
"version": null,
"virtualenv": "/tmp/certificate-tests-venv"
}
STDOUT:
Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8)
Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1)
Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.1)
Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8)
Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0)
Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21)
TASK [Retrieve certificate file stats] *****************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:26
Wednesday 06 July 2022 22:39:03 +0000 (0:00:00.791) 0:00:17.593 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"stat": {
"atime": 1657147134.0943167,
"attr_flags": "",
"attributes": [],
"block_size": 4096,
"blocks": 8,
"charset": "us-ascii",
"checksum": "5c88b59a8def11863265fc8cace20c8142340aed",
"ctime": 1657147134.1533167,
"dev": 64769,
"device_type": 0,
"executable": false,
"exists": true,
"gid": 1041,
"gr_name": "somegroup",
"inode": 884885,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": true,
"issock": false,
"isuid": false,
"mimetype": "text/plain",
"mode": "0640",
"mtime": 1657147134.0913167,
"nlink": 1,
"path": "/etc/pki/tls/certs/certid.crt",
"pw_name": "user1",
"readable": true,
"rgrp": true,
"roth": false,
"rusr": true,
"size": 1294,
"uid": 1040,
"version": "18446744073164595885",
"wgrp": false,
"woth": false,
"writeable": true,
"wusr": true,
"xgrp": false,
"xoth": false,
"xusr": false
}
}
TASK [Verify if certificate file exists] ***************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:31
Wednesday 06 July 2022 22:39:03 +0000 (0:00:00.330) 0:00:17.924 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify certificate file owner and group] *********************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:37
Wednesday 06 July 2022 22:39:03 +0000 (0:00:00.030) 0:00:17.955 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify certificate permissions] ******************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:47
Wednesday 06 July 2022 22:39:03 +0000 (0:00:00.046) 0:00:18.001 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Retrieve key file stats] *************************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:53
Wednesday 06 July 2022 22:39:03 +0000 (0:00:00.043) 0:00:18.045 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"stat": {
"atime": 1657147134.0473166,
"attr_flags": "",
"attributes": [],
"block_size": 4096,
"blocks": 8,
"charset": "us-ascii",
"checksum": "fe6d8ab8e83f79232faf3f46a141b7c85704d35f",
"ctime": 1657147134.1533167,
"dev": 64769,
"device_type": 0,
"executable": false,
"exists": true,
"gid": 1041,
"gr_name": "somegroup",
"inode": 421241,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": true,
"issock": false,
"isuid": false,
"mimetype": "text/plain",
"mode": "0640",
"mtime": 1657147134.0913167,
"nlink": 1,
"path": "/etc/pki/tls/private/certid.key",
"pw_name": "user1",
"readable": true,
"rgrp": true,
"roth": false,
"rusr": true,
"size": 1708,
"uid": 1040,
"version": "489274381",
"wgrp": false,
"woth": false,
"writeable": true,
"wusr": true,
"xgrp": false,
"xoth": false,
"xusr": false
}
}
TASK [Verify if key file exists] ***********************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:58
Wednesday 06 July 2022 22:39:03 +0000 (0:00:00.319) 0:00:18.364 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify key file owner and group] *****************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:64
Wednesday 06 July 2022 22:39:03 +0000 (0:00:00.032) 0:00:18.396 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Parse certificate] *******************************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:74
Wednesday 06 July 2022 22:39:03 +0000 (0:00:00.046) 0:00:18.443 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"cmd": [
"/tmp/certificate-tests-venv/bin/certreader2json",
"/etc/pki/tls/certs/certid.crt"
],
"delta": "0:00:00.268293",
"end": "2022-07-06 18:39:03.493762",
"rc": 0,
"start": "2022-07-06 18:39:03.225469"
}
STDOUT:
{
"subject": [
{
"name": "commonName",
"oid": "2.5.4.3",
"value": "www.example.com"
}
],
"extensions": {
"keyUsage": {
"value": [
"digital_signature",
"key_encipherment"
],
"critical": false
},
"subjectAltName": {
"value": [
{
"name": "DNS",
"value": "www.example.com"
}
],
"critical": false
},
"extendedKeyUsage": {
"value": [
{
"name": "id-kp-serverAuth",
"oid": "1.3.6.1.5.5.7.3.1"
},
{
"name": "id-kp-clientAuth",
"oid": "1.3.6.1.5.5.7.3.2"
}
],
"critical": false
},
"basicConstraints": {
"value": {
"ca": false
},
"critical": true
},
"subjectKeyIdentifier": {
"value": "84:3C:A4:36:85:61:41:AA:55:AF:5D:43:4D:11:C1:85:24:A5:5C:42",
"critical": false
},
"authorityKeyIdentifier": {
"value": "AA:FA:3B:D5:1D:F9:BA:48:A3:9E:42:C6:70:FF:42:C3:C1:C4:59:A8",
"critical": false
}
},
"signature_algorithm": {
"algorithm": "sha256WithRSAEncryption",
"signature": "6E:C4:7F:B8:AF:73:E9:74:CD:CB:91:B9:26:E5:02:D9:BC:6B:D8:AA:2D:90:33:DE:0E:9F:26:D6:1B:1F:AB:80:42:2E:E0:86:B0:3F:26:AC:9C:73:B3:10:DA:27:FD:74:E1:03:CC:B5:00:B3:40:B6:2A:AF:49:28:67:65:F1:21:73:93:89:AF:98:27:98:74:48:51:AB:0C:4B:09:68:75:4C:12:6D:B4:5F:59:77:8B:0E:6D:34:D3:F0:1B:75:FD:F0:F1:B4:F2:B7:CF:A8:FD:09:85:78:7C:07:A7:73:0F:79:C6:F4:54:F6:47:4D:35:3D:EF:EC:89:BE:EE:92:32:54:2B:2B:3A:31:21:19:D8:DE:F8:15:F9:C0:04:E8:05:EA:B0:15:7C:99:F5:FD:94:CC:FF:33:45:51:46:43:77:96:E5:A4:26:FE:A0:BB:5D:A6:88:DE:D7:9A:8F:5D:67:C2:36:02:73:A6:9A:13:F9:00:21:EC:15:5E:42:AF:99:76:EB:32:1B:E4:AF:D4:94:D7:3C:83:43:3E:9E:92:1B:21:2F:5A:3F:06:FE:D1:71:4D:3D:0A:3B:69:09:F9:44:F3:80:75:25:04:4F:01:6B:90:58:AC:EA:21:82:2B:AD:F9:AC:73:2F:1B:0F:38:91:A6:89:A1:DC:BD:30:CB:27"
},
"key_size": 2048,
"validity": {
"not_valid_after": "2023-07-06 22:34:59",
"not_valid_before": "2022-07-06 22:38:54"
}
}
TASK [Load certificate YAML to cert_issued variable] ***************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:79
Wednesday 06 July 2022 22:39:04 +0000 (0:00:00.581) 0:00:19.024 ********
ok: [/cache/rhel-7.qcow2] => {
"ansible_facts": {
"cert_issued": {
"extensions": {
"authorityKeyIdentifier": {
"critical": false,
"value": "AA:FA:3B:D5:1D:F9:BA:48:A3:9E:42:C6:70:FF:42:C3:C1:C4:59:A8"
},
"basicConstraints": {
"critical": true,
"value": {
"ca": false
}
},
"extendedKeyUsage": {
"critical": false,
"value": [
{
"name": "id-kp-serverAuth",
"oid": "1.3.6.1.5.5.7.3.1"
},
{
"name": "id-kp-clientAuth",
"oid": "1.3.6.1.5.5.7.3.2"
}
]
},
"keyUsage": {
"critical": false,
"value": [
"digital_signature",
"key_encipherment"
]
},
"subjectAltName": {
"critical": false,
"value": [
{
"name": "DNS",
"value": "www.example.com"
}
]
},
"subjectKeyIdentifier": {
"critical": false,
"value": "84:3C:A4:36:85:61:41:AA:55:AF:5D:43:4D:11:C1:85:24:A5:5C:42"
}
},
"key_size": 2048,
"signature_algorithm": {
"algorithm": "sha256WithRSAEncryption",
"signature": "6E:C4:7F:B8:AF:73:E9:74:CD:CB:91:B9:26:E5:02:D9:BC:6B:D8:AA:2D:90:33:DE:0E:9F:26:D6:1B:1F:AB:80:42:2E:E0:86:B0:3F:26:AC:9C:73:B3:10:DA:27:FD:74:E1:03:CC:B5:00:B3:40:B6:2A:AF:49:28:67:65:F1:21:73:93:89:AF:98:27:98:74:48:51:AB:0C:4B:09:68:75:4C:12:6D:B4:5F:59:77:8B:0E:6D:34:D3:F0:1B:75:FD:F0:F1:B4:F2:B7:CF:A8:FD:09:85:78:7C:07:A7:73:0F:79:C6:F4:54:F6:47:4D:35:3D:EF:EC:89:BE:EE:92:32:54:2B:2B:3A:31:21:19:D8:DE:F8:15:F9:C0:04:E8:05:EA:B0:15:7C:99:F5:FD:94:CC:FF:33:45:51:46:43:77:96:E5:A4:26:FE:A0:BB:5D:A6:88:DE:D7:9A:8F:5D:67:C2:36:02:73:A6:9A:13:F9:00:21:EC:15:5E:42:AF:99:76:EB:32:1B:E4:AF:D4:94:D7:3C:83:43:3E:9E:92:1B:21:2F:5A:3F:06:FE:D1:71:4D:3D:0A:3B:69:09:F9:44:F3:80:75:25:04:4F:01:6B:90:58:AC:EA:21:82:2B:AD:F9:AC:73:2F:1B:0F:38:91:A6:89:A1:DC:BD:30:CB:27"
},
"subject": [
{
"name": "commonName",
"oid": "2.5.4.3",
"value": "www.example.com"
}
],
"validity": {
"not_valid_after": "2023-07-06 22:34:59",
"not_valid_before": "2022-07-06 22:38:54"
}
}
},
"changed": false
}
TASK [Verify certificate subject] **********************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:83
Wednesday 06 July 2022 22:39:04 +0000 (0:00:00.042) 0:00:19.067 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify certificate SAN] **************************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:91
Wednesday 06 July 2022 22:39:04 +0000 (0:00:00.044) 0:00:19.112 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify key size] *********************************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:99
Wednesday 06 July 2022 22:39:04 +0000 (0:00:00.031) 0:00:19.144 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify certificate Key Usage] ********************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:106
Wednesday 06 July 2022 22:39:04 +0000 (0:00:00.064) 0:00:19.208 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Verify certificate Extended Key Usage] ***********************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:118
Wednesday 06 July 2022 22:39:04 +0000 (0:00:00.041) 0:00:19.250 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
TASK [Retrieve auto-renew flag] ************************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:132
Wednesday 06 July 2022 22:39:04 +0000 (0:00:00.043) 0:00:19.293 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false,
"cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/certid.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'",
"delta": "0:00:00.063434",
"end": "2022-07-06 18:39:04.136097",
"rc": 0,
"start": "2022-07-06 18:39:04.072663"
}
STDOUT:
yes
TASK [Verify certificate auto-renew flag] **************************************
task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:141
Wednesday 06 July 2022 22:39:05 +0000 (0:00:00.371) 0:00:19.665 ********
ok: [/cache/rhel-7.qcow2] => {
"changed": false
}
MSG:
All assertions passed
META: ran handlers
META: ran handlers
PLAY RECAP *********************************************************************
/cache/rhel-7.qcow2 : ok=57 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Wednesday 06 July 2022 22:39:05 +0000 (0:00:00.050) 0:00:19.715 ********
===============================================================================
fedora.linux_system_roles.certificate : Ensure certificate requests ----- 1.85s
/tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99
set up internal repositories -------------------------------------------- 1.44s
/cache/rhel-7_setup.yml:5 -----------------------------------------------------
fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 1.20s
/tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5
Install the package, force upgrade -------------------------------------- 1.06s
/tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:11 -
Install the package, force upgrade -------------------------------------- 0.98s
/tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:11 -
Gathering Facts --------------------------------------------------------- 0.93s
/tmp/tmp5zfmitu6/tests/certificate/tests_fs_attrs.yml:2 -----------------------
Install certreader ------------------------------------------------------ 0.80s
/tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:18 -
Install certreader ------------------------------------------------------ 0.79s
/tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:18 -
Gathering Facts --------------------------------------------------------- 0.70s
/tmp/tmp5zfmitu6/tests/certificate/tests_fs_attrs.yml:31 ----------------------
Parse certificate ------------------------------------------------------- 0.70s
/tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:74 -
Gathering Facts --------------------------------------------------------- 0.69s
/tmp/tmp5zfmitu6/tests/certificate/tests_fs_attrs.yml:13 ----------------------
fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.67s
/tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88
fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 0.59s
/tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22
Parse certificate ------------------------------------------------------- 0.58s
/tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:74 -
Ensure python3 is installed --------------------------------------------- 0.55s
/tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:6 --
Ensure python3 is installed --------------------------------------------- 0.54s
/tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:6 --
Ensure user exists ------------------------------------------------------ 0.53s
/tmp/tmp5zfmitu6/tests/certificate/tests_fs_attrs.yml:5 -----------------------
Ensure group "somegroup" exists ----------------------------------------- 0.46s
/tmp/tmp5zfmitu6/tests/certificate/tests_fs_attrs.yml:9 -----------------------
fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.46s
/tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33
Retrieve certificate file stats ----------------------------------------- 0.44s
/tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:26 -