ansible-playbook 2.9.27 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 2.7.5 (default, Nov 14 2023, 16:14:06) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] Using /etc/ansible/ansible.cfg as config file [WARNING]: running playbook inside collection fedora.linux_system_roles Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: tests_fs_attrs.yml *************************************************** 5 plays in /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml PLAY [Ensure UID and GID exists] *********************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:2 Friday 07 February 2025 09:11:43 -0500 (0:00:00.023) 0:00:00.023 ******* ok: [managed-node2] META: ran handlers TASK [Ensure user exists] ****************************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:5 Friday 07 February 2025 09:11:44 -0500 (0:00:01.165) 0:00:01.188 ******* changed: [managed-node2] => { "changed": true, "comment": "", "create_home": true, "group": 1040, "home": "/home/user1", "name": "user1", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1040 } TASK [Ensure group "somegroup" exists] ***************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:9 Friday 07 February 2025 09:11:45 -0500 (0:00:00.626) 0:00:01.814 ******* changed: [managed-node2] => { "changed": true, "gid": 1041, "name": "somegroup", "state": "present", "system": false } META: ran handlers META: ran handlers PLAY [Issue certificate setting user/group] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:14 Friday 07 February 2025 09:11:45 -0500 (0:00:00.464) 0:00:02.278 ******* ok: [managed-node2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Friday 07 February 2025 09:11:46 -0500 (0:00:00.544) 0:00:02.823 ******* included: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for managed-node2 TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Friday 07 February 2025 09:11:46 -0500 (0:00:00.029) 0:00:02.853 ******* skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Check if system is ostree] ******* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:10 Friday 07 February 2025 09:11:46 -0500 (0:00:00.043) 0:00:02.896 ******* ok: [managed-node2] => { "changed": false, "stat": { "exists": false } } TASK [fedora.linux_system_roles.certificate : Set flag to indicate system is ostree] *** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:15 Friday 07 February 2025 09:11:46 -0500 (0:00:00.413) 0:00:03.310 ******* ok: [managed-node2] => { "ansible_facts": { "__certificate_is_ostree": false }, "changed": false } TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:19 Friday 07 February 2025 09:11:46 -0500 (0:00:00.055) 0:00:03.365 ******* skipping: [managed-node2] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=CentOS.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS.yml", "skip_reason": "Conditional result was False" } ok: [managed-node2] => (item=CentOS_7.yml) => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python-pyasn1", "python-cryptography", "python-dbus" ] }, "ansible_included_var_files": [ "/tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/CentOS_7.yml" ], "ansible_loop_var": "item", "changed": false, "item": "CentOS_7.yml" } skipping: [managed-node2] => (item=CentOS_7.9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_7.9.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Friday 07 February 2025 09:11:46 -0500 (0:00:00.111) 0:00:03.476 ******* changed: [managed-node2] => { "changed": true, "changes": { "installed": [ "python-pyasn1", "python-cryptography" ] }, "rc": 0, "results": [ "dbus-python-1.1.1-9.el7.x86_64 providing python-dbus is already installed", "Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * epel: d2lzkl7pfhq30w.cloudfront.net\n * epel-debuginfo: d2lzkl7pfhq30w.cloudfront.net\n * epel-source: d2lzkl7pfhq30w.cloudfront.net\nResolving Dependencies\n--> Running transaction check\n---> Package python2-cryptography.x86_64 0:1.7.2-2.el7 will be installed\n--> Processing Dependency: python-idna >= 2.0 for package: python2-cryptography-1.7.2-2.el7.x86_64\n--> Processing Dependency: python-cffi >= 1.4.1 for package: python2-cryptography-1.7.2-2.el7.x86_64\n--> Processing Dependency: python-enum34 for package: python2-cryptography-1.7.2-2.el7.x86_64\n---> Package python2-pyasn1.noarch 0:0.1.9-7.el7 will be installed\n--> Running transaction check\n---> Package python-cffi.x86_64 0:1.6.0-5.el7 will be installed\n--> Processing Dependency: python-pycparser for package: python-cffi-1.6.0-5.el7.x86_64\n---> Package python-enum34.noarch 0:1.0.4-1.el7 will be installed\n---> Package python-idna.noarch 0:2.4-1.el7 will be installed\n--> Running transaction check\n---> Package python-pycparser.noarch 0:2.14-1.el7 will be installed\n--> Processing Dependency: python-ply for package: python-pycparser-2.14-1.el7.noarch\n--> Running transaction check\n---> Package python-ply.noarch 0:3.4-11.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n python2-cryptography x86_64 1.7.2-2.el7 base 502 k\n python2-pyasn1 noarch 0.1.9-7.el7 base 100 k\nInstalling for dependencies:\n python-cffi x86_64 1.6.0-5.el7 base 218 k\n python-enum34 noarch 1.0.4-1.el7 base 52 k\n python-idna noarch 2.4-1.el7 base 94 k\n python-ply noarch 3.4-11.el7 base 123 k\n python-pycparser noarch 2.14-1.el7 base 104 k\n\nTransaction Summary\n================================================================================\nInstall 2 Packages (+5 Dependent packages)\n\nTotal download size: 1.2 M\nInstalled size: 6.1 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal 4.0 MB/s | 1.2 MB 00:00 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : python2-pyasn1-0.1.9-7.el7.noarch 1/7 \n Installing : python-enum34-1.0.4-1.el7.noarch 2/7 \n Installing : python-ply-3.4-11.el7.noarch 3/7 \n Installing : python-pycparser-2.14-1.el7.noarch 4/7 \n Installing : python-cffi-1.6.0-5.el7.x86_64 5/7 \n Installing : python-idna-2.4-1.el7.noarch 6/7 \n Installing : python2-cryptography-1.7.2-2.el7.x86_64 7/7 \n Verifying : python-idna-2.4-1.el7.noarch 1/7 \n Verifying : python-pycparser-2.14-1.el7.noarch 2/7 \n Verifying : python-ply-3.4-11.el7.noarch 3/7 \n Verifying : python-cffi-1.6.0-5.el7.x86_64 4/7 \n Verifying : python-enum34-1.0.4-1.el7.noarch 5/7 \n Verifying : python2-pyasn1-0.1.9-7.el7.noarch 6/7 \n Verifying : python2-cryptography-1.7.2-2.el7.x86_64 7/7 \n\nInstalled:\n python2-cryptography.x86_64 0:1.7.2-2.el7 python2-pyasn1.noarch 0:0.1.9-7.el7\n\nDependency Installed:\n python-cffi.x86_64 0:1.6.0-5.el7 python-enum34.noarch 0:1.0.4-1.el7 \n python-idna.noarch 0:2.4-1.el7 python-ply.noarch 0:3.4-11.el7 \n python-pycparser.noarch 0:2.14-1.el7 \n\nComplete!\n" ] } TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:23 Friday 07 February 2025 09:11:54 -0500 (0:00:07.308) 0:00:10.785 ******* changed: [managed-node2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "changes": { "installed": [ "certmonger" ] }, "rc": 0, "results": [ "Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * epel: d2lzkl7pfhq30w.cloudfront.net\n * epel-debuginfo: d2lzkl7pfhq30w.cloudfront.net\n * epel-source: d2lzkl7pfhq30w.cloudfront.net\nResolving Dependencies\n--> Running transaction check\n---> Package certmonger.x86_64 0:0.78.4-17.el7_9 will be installed\n--> Processing Dependency: psmisc for package: certmonger-0.78.4-17.el7_9.x86_64\n--> Processing Dependency: libtevent.so.0(TEVENT_0.9.9)(64bit) for package: certmonger-0.78.4-17.el7_9.x86_64\n--> Processing Dependency: libtalloc.so.2(TALLOC_2.0.2)(64bit) for package: certmonger-0.78.4-17.el7_9.x86_64\n--> Processing Dependency: libxmlrpc_util.so.3()(64bit) for package: certmonger-0.78.4-17.el7_9.x86_64\n--> Processing Dependency: libxmlrpc_client.so.3()(64bit) for package: certmonger-0.78.4-17.el7_9.x86_64\n--> Processing Dependency: libxmlrpc.so.3()(64bit) for package: certmonger-0.78.4-17.el7_9.x86_64\n--> Processing Dependency: libtevent.so.0()(64bit) for package: certmonger-0.78.4-17.el7_9.x86_64\n--> Processing Dependency: libtalloc.so.2()(64bit) for package: certmonger-0.78.4-17.el7_9.x86_64\n--> Running transaction check\n---> Package libtalloc.x86_64 0:2.1.16-1.el7 will be installed\n---> Package libtevent.x86_64 0:0.9.39-1.el7 will be installed\n---> Package psmisc.x86_64 0:22.20-17.el7 will be installed\n---> Package xmlrpc-c.x86_64 0:1.32.5-1905.svn2451.el7 will be installed\n---> Package xmlrpc-c-client.x86_64 0:1.32.5-1905.svn2451.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n certmonger x86_64 0.78.4-17.el7_9 updates 608 k\nInstalling for dependencies:\n libtalloc x86_64 2.1.16-1.el7 base 33 k\n libtevent x86_64 0.9.39-1.el7 base 41 k\n psmisc x86_64 22.20-17.el7 base 141 k\n xmlrpc-c x86_64 1.32.5-1905.svn2451.el7 base 130 k\n xmlrpc-c-client x86_64 1.32.5-1905.svn2451.el7 base 32 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package (+5 Dependent packages)\n\nTotal download size: 984 k\nInstalled size: 3.7 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal 2.7 MB/s | 984 kB 00:00 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : xmlrpc-c-1.32.5-1905.svn2451.el7.x86_64 1/6 \n Installing : libtalloc-2.1.16-1.el7.x86_64 2/6 \n Installing : libtevent-0.9.39-1.el7.x86_64 3/6 \n Installing : xmlrpc-c-client-1.32.5-1905.svn2451.el7.x86_64 4/6 \n Installing : psmisc-22.20-17.el7.x86_64 5/6 \n Installing : certmonger-0.78.4-17.el7_9.x86_64 6/6 \n Verifying : xmlrpc-c-client-1.32.5-1905.svn2451.el7.x86_64 1/6 \n Verifying : libtevent-0.9.39-1.el7.x86_64 2/6 \n Verifying : libtalloc-2.1.16-1.el7.x86_64 3/6 \n Verifying : xmlrpc-c-1.32.5-1905.svn2451.el7.x86_64 4/6 \n Verifying : certmonger-0.78.4-17.el7_9.x86_64 5/6 \n Verifying : psmisc-22.20-17.el7.x86_64 6/6 \n\nInstalled:\n certmonger.x86_64 0:0.78.4-17.el7_9 \n\nDependency Installed:\n libtalloc.x86_64 0:2.1.16-1.el7 \n libtevent.x86_64 0:0.9.39-1.el7 \n psmisc.x86_64 0:22.20-17.el7 \n xmlrpc-c.x86_64 0:1.32.5-1905.svn2451.el7 \n xmlrpc-c-client.x86_64 0:1.32.5-1905.svn2451.el7 \n\nComplete!\n" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:35 Friday 07 February 2025 09:11:58 -0500 (0:00:04.155) 0:00:14.941 ******* changed: [managed-node2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:61 Friday 07 February 2025 09:11:58 -0500 (0:00:00.541) 0:00:15.482 ******* changed: [managed-node2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:90 Friday 07 February 2025 09:11:59 -0500 (0:00:00.347) 0:00:15.830 ******* changed: [managed-node2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-journald.socket dbus.service system.slice network.target basic.target syslog.target", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "EnvironmentFile": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /var/run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "0", "MemoryAccounting": "no", "MemoryCurrent": "18446744073709551615", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/var/run/certmonger.pid", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "basic.target system.slice", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "18446744073709551615", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:101 Friday 07 February 2025 09:12:00 -0500 (0:00:00.921) 0:00:16.751 ******* changed: [managed-node2] => (item={u'owner': u'ftp', u'ca': u'self-sign', u'group': u'ftp', u'name': u'mycert_fs_attrs', u'dns': u'www.example.com'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "name": "mycert_fs_attrs", "owner": "ftp" } } MSG: Certificate requested (new). File attributes updated. changed: [managed-node2] => (item={u'owner': 1040, u'ca': u'self-sign', u'group': 1041, u'name': u'certid', u'dns': u'www.example.com'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": 1041, "name": "certid", "owner": 1040 } } MSG: Certificate requested (new). File attributes updated. TASK [fedora.linux_system_roles.certificate : Slurp the contents of the files] *** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:152 Friday 07 February 2025 09:12:02 -0500 (0:00:01.916) 0:00:18.668 ******* skipping: [managed-node2] => (item=[u'cert', {u'owner': u'ftp', u'ca': u'self-sign', u'group': u'ftp', u'name': u'mycert_fs_attrs', u'dns': u'www.example.com'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "cert", { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "name": "mycert_fs_attrs", "owner": "ftp" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=[u'cert', {u'owner': 1040, u'ca': u'self-sign', u'group': 1041, u'name': u'certid', u'dns': u'www.example.com'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "cert", { "ca": "self-sign", "dns": "www.example.com", "group": 1041, "name": "certid", "owner": 1040 } ], "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=[u'key', {u'owner': u'ftp', u'ca': u'self-sign', u'group': u'ftp', u'name': u'mycert_fs_attrs', u'dns': u'www.example.com'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "key", { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "name": "mycert_fs_attrs", "owner": "ftp" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=[u'key', {u'owner': 1040, u'ca': u'self-sign', u'group': 1041, u'name': u'certid', u'dns': u'www.example.com'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "key", { "ca": "self-sign", "dns": "www.example.com", "group": 1041, "name": "certid", "owner": 1040 } ], "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=[u'ca', {u'owner': u'ftp', u'ca': u'self-sign', u'group': u'ftp', u'name': u'mycert_fs_attrs', u'dns': u'www.example.com'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "ca", { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "name": "mycert_fs_attrs", "owner": "ftp" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=[u'ca', {u'owner': 1040, u'ca': u'self-sign', u'group': 1041, u'name': u'certid', u'dns': u'www.example.com'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "ca", { "ca": "self-sign", "dns": "www.example.com", "group": 1041, "name": "certid", "owner": 1040 } ], "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Create return data] ************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:160 Friday 07 February 2025 09:12:02 -0500 (0:00:00.101) 0:00:18.769 ******* skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Stop tracking certificates] ****** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:176 Friday 07 February 2025 09:12:02 -0500 (0:00:00.089) 0:00:18.859 ******* skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Remove files] ******************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:181 Friday 07 February 2025 09:12:02 -0500 (0:00:00.061) 0:00:18.921 ******* skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:32 Friday 07 February 2025 09:12:02 -0500 (0:00:00.067) 0:00:18.989 ******* ok: [managed-node2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:61 Friday 07 February 2025 09:12:03 -0500 (0:00:00.702) 0:00:19.691 ******* included: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml for managed-node2 included: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml for managed-node2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:2 Friday 07 February 2025 09:12:03 -0500 (0:00:00.114) 0:00:19.806 ******* ok: [managed-node2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Check if system is ostree] *********************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:9 Friday 07 February 2025 09:12:03 -0500 (0:00:00.029) 0:00:19.835 ******* skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Set flag to indicate system is ostree] *********************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:14 Friday 07 February 2025 09:12:03 -0500 (0:00:00.059) 0:00:19.894 ******* skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:18 Friday 07 February 2025 09:12:03 -0500 (0:00:00.057) 0:00:19.952 ******* ok: [managed-node2] => { "changed": false, "rc": 0, "results": [ "python2-cryptography-1.7.2-2.el7.x86_64 providing python2-cryptography is already installed", "python2-cryptography-1.7.2-2.el7.x86_64 providing python2-cryptography is already installed" ] } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:28 Friday 07 February 2025 09:12:04 -0500 (0:00:00.683) 0:00:20.636 ******* skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:38 Friday 07 February 2025 09:12:04 -0500 (0:00:00.065) 0:00:20.701 ******* ok: [managed-node2] => { "changed": false, "stat": { "atime": 1738937521.0626895, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "f4f7c3e98ce9f3e5dc4d1ac3ea9ab10fd38dee61", "ctime": 1738937521.1616893, "dev": 51713, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 172745, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1738937521.0596895, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_fs_attrs.crt", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 14, "version": "729843498", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:43 Friday 07 February 2025 09:12:04 -0500 (0:00:00.418) 0:00:21.120 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:49 Friday 07 February 2025 09:12:04 -0500 (0:00:00.072) 0:00:21.192 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:59 Friday 07 February 2025 09:12:04 -0500 (0:00:00.087) 0:00:21.279 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:65 Friday 07 February 2025 09:12:04 -0500 (0:00:00.086) 0:00:21.366 ******* ok: [managed-node2] => { "changed": false, "stat": { "atime": 1738937521.0196898, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "5a1317541e7aad7aae76946e6986aceb69c2e052", "ctime": 1738937521.1616893, "dev": 51713, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 172744, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1738937521.0596895, "nlink": 1, "path": "/etc/pki/tls/private/mycert_fs_attrs.key", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1708, "uid": 14, "version": "729843485", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:70 Friday 07 February 2025 09:12:05 -0500 (0:00:00.395) 0:00:21.761 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:76 Friday 07 February 2025 09:12:05 -0500 (0:00:00.074) 0:00:21.836 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:86 Friday 07 February 2025 09:12:05 -0500 (0:00:00.078) 0:00:21.914 ******* ok: [managed-node2] => { "certificate": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "E1:1D:0C:28:CF:B4:77:D4:92:6B:40:ED:DF:1D:35:56:C5:1E:B8:5D" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "key_encipherment", "digital_signature" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "7D:2E:95:6B:9B:06:50:2A:63:7B:E1:3A:96:6F:E2:B2:AA:51:B2:5C" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "5F:6B:D1:21:65:19:29:2B:54:30:41:E2:5B:F1:05:0C:73:91:32:B9:56:42:4F:61:43:59:59:13:24:D2:4D:DA:AD:D5:D7:1E:34:16:7D:42:E4:73:2E:2A:68:DC:79:1E:5E:20:D6:C2:BD:55:BB:EB:C6:28:22:C0:4F:68:4E:4A:9D:6E:B7:BE:96:17:FE:7F:EE:4B:2E:90:49:D1:F0:0F:27:9A:E0:AE:BD:FF:74:A7:2D:C6:B6:4C:8F:8B:6F:7C:19:16:9C:68:0B:28:11:6D:E6:33:99:98:DE:5C:0F:9D:99:9A:6C:E6:88:6F:2C:0F:24:B4:B4:34:52:1A:C7:65:A4:62:4A:E8:C3:82:14:19:B1:09:12:6A:2D:9B:A0:BE:20:E0:04:5F:90:AD:57:2C:F9:9F:F2:F9:F4:78:E7:E9:0C:A5:75:5E:88:45:51:57:DB:63:E2:C2:95:4C:7E:D1:4E:D8:AA:56:C9:A1:EF:6C:FB:FB:65:A7:05:90:69:D5:DE:C1:3E:59:EA:EE:F8:C0:06:70:03:7A:BE:BC:0B:8F:06:AF:98:8C:22:E3:F3:23:42:F0:BD:22:38:90:65:98:9B:3B:24:D3:B4:BB:00:78:9F:FF:84:EA:D1:32:18:DB:A3:54:A0:5E:73:03:9F:E8:46:37:A6:E5:1A:B8:BC:CD" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "20260207141200Z", "not_valid_before": "20250207141201Z" } }, "changed": false } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:92 Friday 07 February 2025 09:12:06 -0500 (0:00:00.701) 0:00:22.616 ******* ok: [managed-node2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "E1:1D:0C:28:CF:B4:77:D4:92:6B:40:ED:DF:1D:35:56:C5:1E:B8:5D" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "key_encipherment", "digital_signature" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "7D:2E:95:6B:9B:06:50:2A:63:7B:E1:3A:96:6F:E2:B2:AA:51:B2:5C" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "5F:6B:D1:21:65:19:29:2B:54:30:41:E2:5B:F1:05:0C:73:91:32:B9:56:42:4F:61:43:59:59:13:24:D2:4D:DA:AD:D5:D7:1E:34:16:7D:42:E4:73:2E:2A:68:DC:79:1E:5E:20:D6:C2:BD:55:BB:EB:C6:28:22:C0:4F:68:4E:4A:9D:6E:B7:BE:96:17:FE:7F:EE:4B:2E:90:49:D1:F0:0F:27:9A:E0:AE:BD:FF:74:A7:2D:C6:B6:4C:8F:8B:6F:7C:19:16:9C:68:0B:28:11:6D:E6:33:99:98:DE:5C:0F:9D:99:9A:6C:E6:88:6F:2C:0F:24:B4:B4:34:52:1A:C7:65:A4:62:4A:E8:C3:82:14:19:B1:09:12:6A:2D:9B:A0:BE:20:E0:04:5F:90:AD:57:2C:F9:9F:F2:F9:F4:78:E7:E9:0C:A5:75:5E:88:45:51:57:DB:63:E2:C2:95:4C:7E:D1:4E:D8:AA:56:C9:A1:EF:6C:FB:FB:65:A7:05:90:69:D5:DE:C1:3E:59:EA:EE:F8:C0:06:70:03:7A:BE:BC:0B:8F:06:AF:98:8C:22:E3:F3:23:42:F0:BD:22:38:90:65:98:9B:3B:24:D3:B4:BB:00:78:9F:FF:84:EA:D1:32:18:DB:A3:54:A0:5E:73:03:9F:E8:46:37:A6:E5:1A:B8:BC:CD" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "20260207141200Z", "not_valid_before": "20250207141201Z" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:96 Friday 07 February 2025 09:12:06 -0500 (0:00:00.078) 0:00:22.695 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:104 Friday 07 February 2025 09:12:06 -0500 (0:00:00.126) 0:00:22.821 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:112 Friday 07 February 2025 09:12:06 -0500 (0:00:00.084) 0:00:22.906 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:119 Friday 07 February 2025 09:12:06 -0500 (0:00:00.065) 0:00:22.972 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:130 Friday 07 February 2025 09:12:06 -0500 (0:00:00.095) 0:00:23.067 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:143 Friday 07 February 2025 09:12:06 -0500 (0:00:00.075) 0:00:23.143 ******* ok: [managed-node2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_fs_attrs.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.043221", "end": "2025-02-07 09:12:07.057257", "rc": 0, "start": "2025-02-07 09:12:07.014036" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:152 Friday 07 February 2025 09:12:07 -0500 (0:00:00.560) 0:00:23.704 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:2 Friday 07 February 2025 09:12:07 -0500 (0:00:00.087) 0:00:23.792 ******* ok: [managed-node2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Check if system is ostree] *********************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:9 Friday 07 February 2025 09:12:07 -0500 (0:00:00.029) 0:00:23.822 ******* skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Set flag to indicate system is ostree] *********************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:14 Friday 07 February 2025 09:12:07 -0500 (0:00:00.076) 0:00:23.898 ******* skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:18 Friday 07 February 2025 09:12:07 -0500 (0:00:00.048) 0:00:23.947 ******* ok: [managed-node2] => { "changed": false, "rc": 0, "results": [ "python2-cryptography-1.7.2-2.el7.x86_64 providing python2-cryptography is already installed", "python2-cryptography-1.7.2-2.el7.x86_64 providing python2-cryptography is already installed" ] } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:28 Friday 07 February 2025 09:12:08 -0500 (0:00:00.748) 0:00:24.695 ******* skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:38 Friday 07 February 2025 09:12:08 -0500 (0:00:00.068) 0:00:24.764 ******* ok: [managed-node2] => { "changed": false, "stat": { "atime": 1738937521.852687, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "d44a5142fd60fd2057ec761f276d852f27f64a25", "ctime": 1738937521.9816864, "dev": 51713, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 172747, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1738937521.8496869, "nlink": 1, "path": "/etc/pki/tls/certs/certid.crt", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 1040, "version": "729843536", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:43 Friday 07 February 2025 09:12:08 -0500 (0:00:00.390) 0:00:25.154 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:49 Friday 07 February 2025 09:12:08 -0500 (0:00:00.082) 0:00:25.237 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:59 Friday 07 February 2025 09:12:08 -0500 (0:00:00.068) 0:00:25.305 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:65 Friday 07 February 2025 09:12:08 -0500 (0:00:00.047) 0:00:25.352 ******* ok: [managed-node2] => { "changed": false, "stat": { "atime": 1738937521.810687, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "aaeae2aeebbb8d8705b2b5ac0cd6b1315d7c5e00", "ctime": 1738937521.9816864, "dev": 51713, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 172746, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1738937521.8496869, "nlink": 1, "path": "/etc/pki/tls/private/certid.key", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1708, "uid": 1040, "version": "729843523", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:70 Friday 07 February 2025 09:12:09 -0500 (0:00:00.344) 0:00:25.697 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:76 Friday 07 February 2025 09:12:09 -0500 (0:00:00.067) 0:00:25.764 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:86 Friday 07 February 2025 09:12:09 -0500 (0:00:00.074) 0:00:25.839 ******* ok: [managed-node2] => { "certificate": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "E1:1D:0C:28:CF:B4:77:D4:92:6B:40:ED:DF:1D:35:56:C5:1E:B8:5D" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "key_encipherment", "digital_signature" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "69:27:AF:BD:F0:42:5E:0B:B8:32:E9:99:12:9C:B7:CC:16:21:9A:C1" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "1E:AB:99:11:42:6D:B6:89:13:E3:49:F2:0F:F1:84:F7:2B:79:DA:2B:EB:0B:F1:2C:DD:DE:57:9D:A1:0C:61:E6:24:5A:51:75:21:A7:CA:82:D4:60:90:67:6D:9C:56:B6:BA:8F:70:2E:85:ED:DB:E9:DE:75:0B:CC:98:9A:6F:F9:F2:A6:2E:31:42:1A:8C:56:54:99:7C:11:54:1E:7D:A9:FD:FA:87:B0:E7:36:20:87:19:65:32:44:C3:B1:1F:B9:9B:20:92:36:23:98:81:1E:4C:6A:85:E8:33:DA:F5:93:D8:89:4D:F0:33:AB:51:21:89:76:8B:6A:54:F3:29:D4:B5:01:1B:87:94:E4:02:DC:DD:CB:1E:E3:21:F0:08:77:87:7D:78:D2:6E:24:F2:49:15:E0:7F:40:51:C5:7C:ED:E4:70:8F:16:F7:1A:6E:57:65:BF:AF:66:8A:9C:27:EA:0D:45:37:FE:47:6C:88:D9:6E:9A:8C:26:FC:57:D1:6B:2D:51:B6:1E:47:76:6B:7C:00:5F:0E:6D:B5:E8:D8:6B:43:B6:35:92:16:F2:7C:9B:93:EC:E1:8A:10:45:E0:EF:94:A9:AF:E4:CA:F9:E8:8E:82:B0:09:85:91:DA:E4:41:46:6D:03:46:B3:E1:BB:77:14:2E:A9:66:09:4C:99:F4" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "20260207141200Z", "not_valid_before": "20250207141201Z" } }, "changed": false } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:92 Friday 07 February 2025 09:12:09 -0500 (0:00:00.552) 0:00:26.392 ******* ok: [managed-node2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "E1:1D:0C:28:CF:B4:77:D4:92:6B:40:ED:DF:1D:35:56:C5:1E:B8:5D" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "key_encipherment", "digital_signature" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "69:27:AF:BD:F0:42:5E:0B:B8:32:E9:99:12:9C:B7:CC:16:21:9A:C1" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "1E:AB:99:11:42:6D:B6:89:13:E3:49:F2:0F:F1:84:F7:2B:79:DA:2B:EB:0B:F1:2C:DD:DE:57:9D:A1:0C:61:E6:24:5A:51:75:21:A7:CA:82:D4:60:90:67:6D:9C:56:B6:BA:8F:70:2E:85:ED:DB:E9:DE:75:0B:CC:98:9A:6F:F9:F2:A6:2E:31:42:1A:8C:56:54:99:7C:11:54:1E:7D:A9:FD:FA:87:B0:E7:36:20:87:19:65:32:44:C3:B1:1F:B9:9B:20:92:36:23:98:81:1E:4C:6A:85:E8:33:DA:F5:93:D8:89:4D:F0:33:AB:51:21:89:76:8B:6A:54:F3:29:D4:B5:01:1B:87:94:E4:02:DC:DD:CB:1E:E3:21:F0:08:77:87:7D:78:D2:6E:24:F2:49:15:E0:7F:40:51:C5:7C:ED:E4:70:8F:16:F7:1A:6E:57:65:BF:AF:66:8A:9C:27:EA:0D:45:37:FE:47:6C:88:D9:6E:9A:8C:26:FC:57:D1:6B:2D:51:B6:1E:47:76:6B:7C:00:5F:0E:6D:B5:E8:D8:6B:43:B6:35:92:16:F2:7C:9B:93:EC:E1:8A:10:45:E0:EF:94:A9:AF:E4:CA:F9:E8:8E:82:B0:09:85:91:DA:E4:41:46:6D:03:46:B3:E1:BB:77:14:2E:A9:66:09:4C:99:F4" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "20260207141200Z", "not_valid_before": "20250207141201Z" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:96 Friday 07 February 2025 09:12:09 -0500 (0:00:00.111) 0:00:26.503 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:104 Friday 07 February 2025 09:12:09 -0500 (0:00:00.072) 0:00:26.576 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:112 Friday 07 February 2025 09:12:10 -0500 (0:00:00.089) 0:00:26.666 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:119 Friday 07 February 2025 09:12:10 -0500 (0:00:00.067) 0:00:26.733 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:130 Friday 07 February 2025 09:12:10 -0500 (0:00:00.076) 0:00:26.809 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:143 Friday 07 February 2025 09:12:10 -0500 (0:00:00.077) 0:00:26.887 ******* ok: [managed-node2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/certid.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.041382", "end": "2025-02-07 09:12:10.646318", "rc": 0, "start": "2025-02-07 09:12:10.604936" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:152 Friday 07 February 2025 09:12:10 -0500 (0:00:00.407) 0:00:27.294 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY [Issue certificate setting user/group/mode] ******************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:67 Friday 07 February 2025 09:12:10 -0500 (0:00:00.078) 0:00:27.373 ******* ok: [managed-node2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Friday 07 February 2025 09:12:11 -0500 (0:00:00.548) 0:00:27.921 ******* included: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for managed-node2 TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Friday 07 February 2025 09:12:11 -0500 (0:00:00.053) 0:00:27.974 ******* skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Check if system is ostree] ******* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:10 Friday 07 February 2025 09:12:11 -0500 (0:00:00.076) 0:00:28.051 ******* skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Set flag to indicate system is ostree] *** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:15 Friday 07 February 2025 09:12:11 -0500 (0:00:00.105) 0:00:28.156 ******* skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:19 Friday 07 February 2025 09:12:11 -0500 (0:00:00.105) 0:00:28.261 ******* skipping: [managed-node2] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=CentOS.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS.yml", "skip_reason": "Conditional result was False" } ok: [managed-node2] => (item=CentOS_7.yml) => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python-pyasn1", "python-cryptography", "python-dbus" ] }, "ansible_included_var_files": [ "/tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/CentOS_7.yml" ], "ansible_loop_var": "item", "changed": false, "item": "CentOS_7.yml" } skipping: [managed-node2] => (item=CentOS_7.9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_7.9.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Friday 07 February 2025 09:12:11 -0500 (0:00:00.163) 0:00:28.425 ******* ok: [managed-node2] => { "changed": false, "rc": 0, "results": [ "python2-pyasn1-0.1.9-7.el7.noarch providing python-pyasn1 is already installed", "python2-cryptography-1.7.2-2.el7.x86_64 providing python-cryptography is already installed", "dbus-python-1.1.1-9.el7.x86_64 providing python-dbus is already installed" ] } TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:23 Friday 07 February 2025 09:12:13 -0500 (0:00:01.657) 0:00:30.082 ******* ok: [managed-node2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [ "certmonger-0.78.4-17.el7_9.x86_64 providing certmonger is already installed" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:35 Friday 07 February 2025 09:12:14 -0500 (0:00:00.655) 0:00:30.738 ******* ok: [managed-node2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:61 Friday 07 February 2025 09:12:14 -0500 (0:00:00.523) 0:00:31.262 ******* ok: [managed-node2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:90 Friday 07 February 2025 09:12:15 -0500 (0:00:00.375) 0:00:31.637 ******* ok: [managed-node2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Fri 2025-02-07 09:12:00 EST", "ActiveEnterTimestampMonotonic": "227415451", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target dbus.service network.target system.slice syslog.target systemd-journald.socket", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Fri 2025-02-07 09:12:00 EST", "AssertTimestampMonotonic": "227396359", "Before": "shutdown.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Fri 2025-02-07 09:12:00 EST", "ConditionTimestampMonotonic": "227396357", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "EnvironmentFile": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "9920", "ExecMainStartTimestamp": "Fri 2025-02-07 09:12:00 EST", "ExecMainStartTimestampMonotonic": "227397794", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /var/run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[Fri 2025-02-07 09:12:00 EST] ; stop_time=[n/a] ; pid=9920 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Fri 2025-02-07 09:12:00 EST", "InactiveExitTimestampMonotonic": "227397825", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "9920", "MemoryAccounting": "no", "MemoryCurrent": "18446744073709551615", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/var/run/certmonger.pid", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "basic.target system.slice", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "18446744073709551615", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "WatchdogTimestamp": "Fri 2025-02-07 09:12:00 EST", "WatchdogTimestampMonotonic": "227415417", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:101 Friday 07 February 2025 09:12:15 -0500 (0:00:00.432) 0:00:32.069 ******* changed: [managed-node2] => (item={u'group': u'ftp', u'name': u'mycert_fs_attrs_mode', u'dns': u'www.example.com', u'owner': u'ftp', u'ca': u'self-sign', u'mode': u'0620'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "mode": "0620", "name": "mycert_fs_attrs_mode", "owner": "ftp" } } MSG: Certificate requested (new). File attributes updated. changed: [managed-node2] => (item={u'ca': u'self-sign', u'name': u'certid_mode', u'dns': u'www.example.com', u'mode': u'0600'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "mode": "0600", "name": "certid_mode" } } MSG: Certificate requested (new). TASK [fedora.linux_system_roles.certificate : Slurp the contents of the files] *** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:152 Friday 07 February 2025 09:12:17 -0500 (0:00:01.671) 0:00:33.741 ******* skipping: [managed-node2] => (item=[u'cert', {u'group': u'ftp', u'name': u'mycert_fs_attrs_mode', u'dns': u'www.example.com', u'owner': u'ftp', u'ca': u'self-sign', u'mode': u'0620'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "cert", { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "mode": "0620", "name": "mycert_fs_attrs_mode", "owner": "ftp" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=[u'cert', {u'ca': u'self-sign', u'name': u'certid_mode', u'dns': u'www.example.com', u'mode': u'0600'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "cert", { "ca": "self-sign", "dns": "www.example.com", "mode": "0600", "name": "certid_mode" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=[u'key', {u'group': u'ftp', u'name': u'mycert_fs_attrs_mode', u'dns': u'www.example.com', u'owner': u'ftp', u'ca': u'self-sign', u'mode': u'0620'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "key", { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "mode": "0620", "name": "mycert_fs_attrs_mode", "owner": "ftp" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=[u'key', {u'ca': u'self-sign', u'name': u'certid_mode', u'dns': u'www.example.com', u'mode': u'0600'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "key", { "ca": "self-sign", "dns": "www.example.com", "mode": "0600", "name": "certid_mode" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=[u'ca', {u'group': u'ftp', u'name': u'mycert_fs_attrs_mode', u'dns': u'www.example.com', u'owner': u'ftp', u'ca': u'self-sign', u'mode': u'0620'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "ca", { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "mode": "0620", "name": "mycert_fs_attrs_mode", "owner": "ftp" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=[u'ca', {u'ca': u'self-sign', u'name': u'certid_mode', u'dns': u'www.example.com', u'mode': u'0600'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "ca", { "ca": "self-sign", "dns": "www.example.com", "mode": "0600", "name": "certid_mode" } ], "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Create return data] ************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:160 Friday 07 February 2025 09:12:17 -0500 (0:00:00.096) 0:00:33.838 ******* skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Stop tracking certificates] ****** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:176 Friday 07 February 2025 09:12:17 -0500 (0:00:00.066) 0:00:33.905 ******* skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Remove files] ******************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:181 Friday 07 February 2025 09:12:17 -0500 (0:00:00.071) 0:00:33.976 ******* skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:85 Friday 07 February 2025 09:12:17 -0500 (0:00:00.071) 0:00:34.048 ******* ok: [managed-node2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:112 Friday 07 February 2025 09:12:18 -0500 (0:00:00.716) 0:00:34.764 ******* included: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml for managed-node2 included: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml for managed-node2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:2 Friday 07 February 2025 09:12:18 -0500 (0:00:00.145) 0:00:34.910 ******* ok: [managed-node2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Check if system is ostree] *********************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:9 Friday 07 February 2025 09:12:18 -0500 (0:00:00.030) 0:00:34.941 ******* skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Set flag to indicate system is ostree] *********************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:14 Friday 07 February 2025 09:12:18 -0500 (0:00:00.069) 0:00:35.010 ******* skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:18 Friday 07 February 2025 09:12:18 -0500 (0:00:00.060) 0:00:35.071 ******* ok: [managed-node2] => { "changed": false, "rc": 0, "results": [ "python2-cryptography-1.7.2-2.el7.x86_64 providing python2-cryptography is already installed", "python2-cryptography-1.7.2-2.el7.x86_64 providing python2-cryptography is already installed" ] } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:28 Friday 07 February 2025 09:12:19 -0500 (0:00:00.757) 0:00:35.828 ******* skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:38 Friday 07 February 2025 09:12:19 -0500 (0:00:00.054) 0:00:35.883 ******* ok: [managed-node2] => { "changed": false, "stat": { "atime": 1738937536.1906374, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "b7af38b3a1ef13a12c9674a866762cd3bb108d3c", "ctime": 1738937536.3226368, "dev": 51713, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 172749, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0620", "mtime": 1738937536.1876373, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_fs_attrs_mode.crt", "pw_name": "ftp", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 14, "version": "729843661", "wgrp": true, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:43 Friday 07 February 2025 09:12:19 -0500 (0:00:00.321) 0:00:36.204 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:49 Friday 07 February 2025 09:12:19 -0500 (0:00:00.046) 0:00:36.251 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:59 Friday 07 February 2025 09:12:19 -0500 (0:00:00.053) 0:00:36.305 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:65 Friday 07 February 2025 09:12:19 -0500 (0:00:00.057) 0:00:36.363 ******* ok: [managed-node2] => { "changed": false, "stat": { "atime": 1738937536.1486375, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "904e752f86473f6797fb8f40ee3974855ee41573", "ctime": 1738937536.3226368, "dev": 51713, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 172748, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0620", "mtime": 1738937536.1876373, "nlink": 1, "path": "/etc/pki/tls/private/mycert_fs_attrs_mode.key", "pw_name": "ftp", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 14, "version": "729843648", "wgrp": true, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:70 Friday 07 February 2025 09:12:20 -0500 (0:00:00.409) 0:00:36.772 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:76 Friday 07 February 2025 09:12:20 -0500 (0:00:00.091) 0:00:36.864 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:86 Friday 07 February 2025 09:12:20 -0500 (0:00:00.074) 0:00:36.939 ******* ok: [managed-node2] => { "certificate": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "E1:1D:0C:28:CF:B4:77:D4:92:6B:40:ED:DF:1D:35:56:C5:1E:B8:5D" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "key_encipherment", "digital_signature" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "28:4C:63:51:AB:57:47:CD:9E:BA:FD:64:9A:B9:01:AB:D3:02:CB:CA" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "29:6B:7C:22:DE:53:27:4F:74:B7:A0:6C:C7:58:46:F5:03:29:85:31:03:81:27:56:BF:8F:4F:33:A7:52:2E:7E:DF:47:04:0D:B3:33:AF:5C:F6:D1:29:F6:10:55:E7:FA:89:29:88:D1:25:B0:D8:50:43:B4:44:B3:66:7A:4F:BB:01:77:53:25:78:79:ED:58:9A:C6:8E:DA:AD:2E:C3:42:8A:14:06:73:5B:3F:0F:AA:BB:03:C1:69:FF:51:A5:8A:6D:50:84:55:14:28:CA:B5:40:F2:3F:2E:4B:46:74:30:AB:D9:0D:C9:24:44:C3:DC:64:98:65:F2:2F:8A:7E:7B:BB:19:CF:C8:10:7C:AA:0B:A9:06:E7:34:82:74:6A:22:61:4E:3D:56:C5:C3:7F:18:5A:72:3A:A1:33:72:02:1A:FC:D2:90:1F:E6:44:DD:1A:21:46:F2:08:EF:6B:5B:B3:63:24:F8:C1:DE:6F:1E:95:D2:8D:F6:67:96:4A:9B:FD:0E:D9:21:DB:9C:CA:A4:1B:90:DD:7E:11:2E:2A:27:83:DB:00:68:A5:9B:16:DE:75:B7:BD:D6:5A:FC:BA:D2:BB:70:E7:0C:9C:44:29:4A:E5:1C:B8:7C:FA:36:C5:54:AD:0F:78:61:33:31:ED:E0:42:86:03:43:FB:BD:6C:FD:BF" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "20260207141200Z", "not_valid_before": "20250207141216Z" } }, "changed": false } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:92 Friday 07 February 2025 09:12:20 -0500 (0:00:00.464) 0:00:37.404 ******* ok: [managed-node2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "E1:1D:0C:28:CF:B4:77:D4:92:6B:40:ED:DF:1D:35:56:C5:1E:B8:5D" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "key_encipherment", "digital_signature" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "28:4C:63:51:AB:57:47:CD:9E:BA:FD:64:9A:B9:01:AB:D3:02:CB:CA" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "29:6B:7C:22:DE:53:27:4F:74:B7:A0:6C:C7:58:46:F5:03:29:85:31:03:81:27:56:BF:8F:4F:33:A7:52:2E:7E:DF:47:04:0D:B3:33:AF:5C:F6:D1:29:F6:10:55:E7:FA:89:29:88:D1:25:B0:D8:50:43:B4:44:B3:66:7A:4F:BB:01:77:53:25:78:79:ED:58:9A:C6:8E:DA:AD:2E:C3:42:8A:14:06:73:5B:3F:0F:AA:BB:03:C1:69:FF:51:A5:8A:6D:50:84:55:14:28:CA:B5:40:F2:3F:2E:4B:46:74:30:AB:D9:0D:C9:24:44:C3:DC:64:98:65:F2:2F:8A:7E:7B:BB:19:CF:C8:10:7C:AA:0B:A9:06:E7:34:82:74:6A:22:61:4E:3D:56:C5:C3:7F:18:5A:72:3A:A1:33:72:02:1A:FC:D2:90:1F:E6:44:DD:1A:21:46:F2:08:EF:6B:5B:B3:63:24:F8:C1:DE:6F:1E:95:D2:8D:F6:67:96:4A:9B:FD:0E:D9:21:DB:9C:CA:A4:1B:90:DD:7E:11:2E:2A:27:83:DB:00:68:A5:9B:16:DE:75:B7:BD:D6:5A:FC:BA:D2:BB:70:E7:0C:9C:44:29:4A:E5:1C:B8:7C:FA:36:C5:54:AD:0F:78:61:33:31:ED:E0:42:86:03:43:FB:BD:6C:FD:BF" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "20260207141200Z", "not_valid_before": "20250207141216Z" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:96 Friday 07 February 2025 09:12:20 -0500 (0:00:00.061) 0:00:37.466 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:104 Friday 07 February 2025 09:12:20 -0500 (0:00:00.079) 0:00:37.545 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:112 Friday 07 February 2025 09:12:21 -0500 (0:00:00.106) 0:00:37.652 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:119 Friday 07 February 2025 09:12:21 -0500 (0:00:00.137) 0:00:37.789 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:130 Friday 07 February 2025 09:12:21 -0500 (0:00:00.075) 0:00:37.865 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:143 Friday 07 February 2025 09:12:21 -0500 (0:00:00.094) 0:00:37.960 ******* ok: [managed-node2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_fs_attrs_mode.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.046198", "end": "2025-02-07 09:12:21.689645", "rc": 0, "start": "2025-02-07 09:12:21.643447" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:152 Friday 07 February 2025 09:12:21 -0500 (0:00:00.393) 0:00:38.353 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:2 Friday 07 February 2025 09:12:21 -0500 (0:00:00.103) 0:00:38.456 ******* ok: [managed-node2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Check if system is ostree] *********************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:9 Friday 07 February 2025 09:12:21 -0500 (0:00:00.038) 0:00:38.495 ******* skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Set flag to indicate system is ostree] *********************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:14 Friday 07 February 2025 09:12:21 -0500 (0:00:00.072) 0:00:38.568 ******* skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:18 Friday 07 February 2025 09:12:22 -0500 (0:00:00.060) 0:00:38.628 ******* ok: [managed-node2] => { "changed": false, "rc": 0, "results": [ "python2-cryptography-1.7.2-2.el7.x86_64 providing python2-cryptography is already installed", "python2-cryptography-1.7.2-2.el7.x86_64 providing python2-cryptography is already installed" ] } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:28 Friday 07 February 2025 09:12:22 -0500 (0:00:00.735) 0:00:39.364 ******* skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:38 Friday 07 February 2025 09:12:22 -0500 (0:00:00.065) 0:00:39.430 ******* ok: [managed-node2] => { "changed": false, "stat": { "atime": 1738937536.9306347, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "55a84e9e2d6b247bb12a5b6e04999c7fbca0e30d", "ctime": 1738937536.9276347, "dev": 51713, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 172751, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1738937536.9276347, "nlink": 1, "path": "/etc/pki/tls/certs/certid_mode.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "729843699", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:43 Friday 07 February 2025 09:12:23 -0500 (0:00:00.492) 0:00:39.923 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:49 Friday 07 February 2025 09:12:23 -0500 (0:00:00.063) 0:00:39.986 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:59 Friday 07 February 2025 09:12:23 -0500 (0:00:00.059) 0:00:40.045 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:65 Friday 07 February 2025 09:12:23 -0500 (0:00:00.046) 0:00:40.092 ******* ok: [managed-node2] => { "changed": false, "stat": { "atime": 1738937536.888635, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "c3f42f28124937df4291ed09f41780c5a2d0732d", "ctime": 1738937536.9266348, "dev": 51713, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 172750, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1738937536.9266348, "nlink": 1, "path": "/etc/pki/tls/private/certid_mode.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "729843686", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:70 Friday 07 February 2025 09:12:23 -0500 (0:00:00.320) 0:00:40.413 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:76 Friday 07 February 2025 09:12:23 -0500 (0:00:00.050) 0:00:40.463 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:86 Friday 07 February 2025 09:12:23 -0500 (0:00:00.060) 0:00:40.524 ******* ok: [managed-node2] => { "certificate": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "E1:1D:0C:28:CF:B4:77:D4:92:6B:40:ED:DF:1D:35:56:C5:1E:B8:5D" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "key_encipherment", "digital_signature" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "43:8E:F4:AD:AD:5E:02:F4:78:99:8B:9E:71:BA:E8:3F:BF:99:23:1A" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "4E:D4:D1:80:95:5E:4C:04:04:17:18:35:03:EE:19:4F:B2:20:92:E5:99:68:7D:D4:6D:DA:1B:82:E7:D6:CD:E0:E9:EF:36:37:90:A0:8B:26:03:4F:75:90:92:65:CB:D7:30:19:79:3A:59:B6:D5:1C:70:36:7F:13:24:D7:7F:22:10:44:D3:49:B9:C2:74:EB:5E:84:81:BB:96:D0:5A:50:B7:80:8A:06:F0:39:7F:58:47:3A:0C:BA:F8:BD:CE:91:17:CA:5C:F1:46:60:D1:A7:3D:2F:BF:6E:99:C4:39:26:9B:3C:42:FB:26:38:18:CC:68:D4:12:F0:82:CD:4F:DA:03:6C:E5:47:EF:BB:2A:5D:CC:F6:4B:0B:83:41:F5:6F:5E:F5:C9:51:96:74:9F:F6:DA:9F:CE:75:A9:6B:2D:4C:AB:8E:6F:6D:0C:CE:BF:95:2A:72:2C:1B:44:CB:2D:D4:A7:A0:C2:4D:DC:29:32:01:BD:65:34:87:95:58:31:1B:8E:9C:66:11:03:F0:DA:A8:4E:A7:04:94:CB:7F:D7:91:8F:EE:B4:39:F5:25:7F:D1:CC:6E:17:DD:8B:00:7C:0F:13:C7:AC:9B:F5:3B:61:E8:0D:34:6B:BB:66:6B:DF:00:8A:6C:C4:42:77:99:AA:20:C0:37:59:95:79:DD:F9:C8" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "20260207141200Z", "not_valid_before": "20250207141216Z" } }, "changed": false } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:92 Friday 07 February 2025 09:12:24 -0500 (0:00:00.384) 0:00:40.908 ******* ok: [managed-node2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "E1:1D:0C:28:CF:B4:77:D4:92:6B:40:ED:DF:1D:35:56:C5:1E:B8:5D" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "key_encipherment", "digital_signature" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "43:8E:F4:AD:AD:5E:02:F4:78:99:8B:9E:71:BA:E8:3F:BF:99:23:1A" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "4E:D4:D1:80:95:5E:4C:04:04:17:18:35:03:EE:19:4F:B2:20:92:E5:99:68:7D:D4:6D:DA:1B:82:E7:D6:CD:E0:E9:EF:36:37:90:A0:8B:26:03:4F:75:90:92:65:CB:D7:30:19:79:3A:59:B6:D5:1C:70:36:7F:13:24:D7:7F:22:10:44:D3:49:B9:C2:74:EB:5E:84:81:BB:96:D0:5A:50:B7:80:8A:06:F0:39:7F:58:47:3A:0C:BA:F8:BD:CE:91:17:CA:5C:F1:46:60:D1:A7:3D:2F:BF:6E:99:C4:39:26:9B:3C:42:FB:26:38:18:CC:68:D4:12:F0:82:CD:4F:DA:03:6C:E5:47:EF:BB:2A:5D:CC:F6:4B:0B:83:41:F5:6F:5E:F5:C9:51:96:74:9F:F6:DA:9F:CE:75:A9:6B:2D:4C:AB:8E:6F:6D:0C:CE:BF:95:2A:72:2C:1B:44:CB:2D:D4:A7:A0:C2:4D:DC:29:32:01:BD:65:34:87:95:58:31:1B:8E:9C:66:11:03:F0:DA:A8:4E:A7:04:94:CB:7F:D7:91:8F:EE:B4:39:F5:25:7F:D1:CC:6E:17:DD:8B:00:7C:0F:13:C7:AC:9B:F5:3B:61:E8:0D:34:6B:BB:66:6B:DF:00:8A:6C:C4:42:77:99:AA:20:C0:37:59:95:79:DD:F9:C8" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "20260207141200Z", "not_valid_before": "20250207141216Z" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:96 Friday 07 February 2025 09:12:24 -0500 (0:00:00.053) 0:00:40.962 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:104 Friday 07 February 2025 09:12:24 -0500 (0:00:00.066) 0:00:41.028 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:112 Friday 07 February 2025 09:12:24 -0500 (0:00:00.058) 0:00:41.087 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:119 Friday 07 February 2025 09:12:24 -0500 (0:00:00.057) 0:00:41.144 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:130 Friday 07 February 2025 09:12:24 -0500 (0:00:00.064) 0:00:41.208 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:143 Friday 07 February 2025 09:12:24 -0500 (0:00:00.056) 0:00:41.265 ******* ok: [managed-node2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/certid_mode.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.044994", "end": "2025-02-07 09:12:25.085784", "rc": 0, "start": "2025-02-07 09:12:25.040790" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:152 Friday 07 February 2025 09:12:25 -0500 (0:00:00.460) 0:00:41.725 ******* ok: [managed-node2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* managed-node2 : ok=101 changed=9 unreachable=0 failed=0 skipped=24 rescued=0 ignored=0 Friday 07 February 2025 09:12:25 -0500 (0:00:00.053) 0:00:41.779 ******* =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 7.31s /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 4.16s /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:23 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 1.92s /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:101 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 1.67s /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:101 fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 1.66s /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Gathering Facts --------------------------------------------------------- 1.17s /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:2 fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.92s /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:90 Ensure python3 is installed --------------------------------------------- 0.76s /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:18 Ensure python3 is installed --------------------------------------------- 0.75s /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:18 Ensure python3 is installed --------------------------------------------- 0.74s /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:18 Gathering Facts --------------------------------------------------------- 0.72s /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:85 Gathering Facts --------------------------------------------------------- 0.70s /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:32 Parse certificate ------------------------------------------------------- 0.70s /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:86 Ensure python3 is installed --------------------------------------------- 0.68s /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:18 fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 0.66s /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:23 Ensure user exists ------------------------------------------------------ 0.63s /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:5 Retrieve auto-renew flag ------------------------------------------------ 0.56s /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:143 Parse certificate ------------------------------------------------------- 0.55s /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:86 Gathering Facts --------------------------------------------------------- 0.55s /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:67 Gathering Facts --------------------------------------------------------- 0.54s /tmp/collections-42g/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:14