ansible-playbook 2.9.27 config file = None configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.9/site-packages/ansible executable location = /usr/local/bin/ansible-playbook python version = 3.9.19 (main, May 16 2024, 11:40:09) [GCC 8.5.0 20210514 (Red Hat 8.5.0-22)] No config file found; using defaults [WARNING]: running playbook inside collection fedora.linux_system_roles Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'jsonl', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: tests_fs_attrs.yml *************************************************** 5 plays in /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml PLAY [Ensure UID and GID exists] *********************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:2 Saturday 24 May 2025 08:29:27 -0400 (0:00:00.030) 0:00:00.030 ********** ok: [managed-node2] META: ran handlers TASK [Ensure user exists] ****************************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:5 Saturday 24 May 2025 08:29:28 -0400 (0:00:00.886) 0:00:00.917 ********** changed: [managed-node2] => { "changed": true, "comment": "", "create_home": true, "group": 1040, "home": "/home/user1", "name": "user1", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1040 } TASK [Ensure group "somegroup" exists] ***************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:9 Saturday 24 May 2025 08:29:29 -0400 (0:00:00.603) 0:00:01.520 ********** changed: [managed-node2] => { "changed": true, "gid": 1041, "name": "somegroup", "state": "present", "system": false } META: ran handlers META: ran handlers PLAY [Issue certificate setting user/group] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:14 Saturday 24 May 2025 08:29:30 -0400 (0:00:00.531) 0:00:02.051 ********** ok: [managed-node2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Saturday 24 May 2025 08:29:30 -0400 (0:00:00.603) 0:00:02.655 ********** included: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for managed-node2 TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Saturday 24 May 2025 08:29:30 -0400 (0:00:00.022) 0:00:02.677 ********** skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Check if system is ostree] ******* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:10 Saturday 24 May 2025 08:29:30 -0400 (0:00:00.039) 0:00:02.717 ********** ok: [managed-node2] => { "changed": false, "stat": { "exists": false } } TASK [fedora.linux_system_roles.certificate : Set flag to indicate system is ostree] *** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:15 Saturday 24 May 2025 08:29:31 -0400 (0:00:00.438) 0:00:03.156 ********** ok: [managed-node2] => { "ansible_facts": { "__certificate_is_ostree": false }, "changed": false } TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:19 Saturday 24 May 2025 08:29:31 -0400 (0:00:00.043) 0:00:03.199 ********** skipping: [managed-node2] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=CentOS.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=CentOS_8.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_8.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=CentOS_8.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_8.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Saturday 24 May 2025 08:29:31 -0400 (0:00:00.062) 0:00:03.262 ********** ok: [managed-node2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do lsrpackages: python3-cryptography python3-dbus python3-pyasn1 TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:23 Saturday 24 May 2025 08:29:34 -0400 (0:00:02.967) 0:00:06.230 ********** ok: [managed-node2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [] } MSG: Nothing to do lsrpackages: certmonger TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:35 Saturday 24 May 2025 08:29:37 -0400 (0:00:02.884) 0:00:09.114 ********** ok: [managed-node2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:61 Saturday 24 May 2025 08:29:37 -0400 (0:00:00.631) 0:00:09.745 ********** ok: [managed-node2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:90 Saturday 24 May 2025 08:29:38 -0400 (0:00:00.476) 0:00:10.222 ********** ok: [managed-node2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Sat 2025-05-24 08:29:19 EDT", "ActiveEnterTimestampMonotonic": "241038351", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "dbus.service network.target system.slice sysinit.target basic.target dbus.socket syslog.target systemd-journald.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "yes", "AssertTimestamp": "Sat 2025-05-24 08:29:19 EDT", "AssertTimestampMonotonic": "241029371", "Before": "shutdown.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2025-05-24 08:29:19 EDT", "ConditionTimestampMonotonic": "241029370", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "8783", "ExecMainStartTimestamp": "Sat 2025-05-24 08:29:19 EDT", "ExecMainStartTimestampMonotonic": "241030068", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[Sat 2025-05-24 08:29:19 EDT] ; stop_time=[n/a] ; pid=8783 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2025-05-24 08:29:19 EDT", "InactiveExitTimestampMonotonic": "241030097", "InvocationID": "b0c512b9acf94047b696482a09bc48ef", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "28608", "LimitNPROCSoft": "28608", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "28608", "LimitSIGPENDINGSoft": "28608", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "8783", "MemoryAccounting": "yes", "MemoryCurrent": "3072000", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus.service", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Sat 2025-05-24 08:29:19 EDT", "StateChangeTimestampMonotonic": "241038351", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "45773", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogTimestamp": "Sat 2025-05-24 08:29:19 EDT", "WatchdogTimestampMonotonic": "241038348", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:101 Saturday 24 May 2025 08:29:39 -0400 (0:00:00.938) 0:00:11.161 ********** changed: [managed-node2] => (item={'name': 'mycert_fs_attrs', 'dns': 'www.example.com', 'owner': 'ftp', 'group': 'ftp', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "name": "mycert_fs_attrs", "owner": "ftp" } } MSG: Certificate requested (new). File attributes updated. changed: [managed-node2] => (item={'name': 'certid', 'dns': 'www.example.com', 'owner': 1040, 'group': 1041, 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": 1041, "name": "certid", "owner": 1040 } } MSG: Certificate requested (new). File attributes updated. TASK [fedora.linux_system_roles.certificate : Slurp the contents of the files] *** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:152 Saturday 24 May 2025 08:29:40 -0400 (0:00:01.808) 0:00:12.970 ********** skipping: [managed-node2] => (item=['cert', {'name': 'mycert_fs_attrs', 'dns': 'www.example.com', 'owner': 'ftp', 'group': 'ftp', 'ca': 'self-sign'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "cert", { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "name": "mycert_fs_attrs", "owner": "ftp" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=['cert', {'name': 'certid', 'dns': 'www.example.com', 'owner': 1040, 'group': 1041, 'ca': 'self-sign'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "cert", { "ca": "self-sign", "dns": "www.example.com", "group": 1041, "name": "certid", "owner": 1040 } ], "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=['key', {'name': 'mycert_fs_attrs', 'dns': 'www.example.com', 'owner': 'ftp', 'group': 'ftp', 'ca': 'self-sign'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "key", { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "name": "mycert_fs_attrs", "owner": "ftp" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=['key', {'name': 'certid', 'dns': 'www.example.com', 'owner': 1040, 'group': 1041, 'ca': 'self-sign'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "key", { "ca": "self-sign", "dns": "www.example.com", "group": 1041, "name": "certid", "owner": 1040 } ], "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=['ca', {'name': 'mycert_fs_attrs', 'dns': 'www.example.com', 'owner': 'ftp', 'group': 'ftp', 'ca': 'self-sign'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "ca", { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "name": "mycert_fs_attrs", "owner": "ftp" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=['ca', {'name': 'certid', 'dns': 'www.example.com', 'owner': 1040, 'group': 1041, 'ca': 'self-sign'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "ca", { "ca": "self-sign", "dns": "www.example.com", "group": 1041, "name": "certid", "owner": 1040 } ], "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Create return data] ************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:160 Saturday 24 May 2025 08:29:40 -0400 (0:00:00.068) 0:00:13.038 ********** skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Stop tracking certificates] ****** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:176 Saturday 24 May 2025 08:29:41 -0400 (0:00:00.040) 0:00:13.079 ********** skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Remove files] ******************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:181 Saturday 24 May 2025 08:29:41 -0400 (0:00:00.041) 0:00:13.120 ********** skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:32 Saturday 24 May 2025 08:29:41 -0400 (0:00:00.045) 0:00:13.165 ********** ok: [managed-node2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:61 Saturday 24 May 2025 08:29:41 -0400 (0:00:00.594) 0:00:13.760 ********** included: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml for managed-node2 included: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml for managed-node2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:2 Saturday 24 May 2025 08:29:41 -0400 (0:00:00.077) 0:00:13.837 ********** ok: [managed-node2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Check if system is ostree] *********************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:9 Saturday 24 May 2025 08:29:41 -0400 (0:00:00.015) 0:00:13.853 ********** skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Set flag to indicate system is ostree] *********************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:14 Saturday 24 May 2025 08:29:41 -0400 (0:00:00.039) 0:00:13.892 ********** skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:18 Saturday 24 May 2025 08:29:41 -0400 (0:00:00.038) 0:00:13.931 ********** skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:28 Saturday 24 May 2025 08:29:41 -0400 (0:00:00.038) 0:00:13.969 ********** ok: [managed-node2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do lsrpackages: python3-cryptography python3-pyasn1 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:38 Saturday 24 May 2025 08:29:44 -0400 (0:00:02.829) 0:00:16.799 ********** ok: [managed-node2] => { "changed": false, "stat": { "atime": 1748089779.905988, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "79418df6c25f5f4eecfee55a7ce1375479168002", "ctime": 1748089779.9549882, "dev": 51713, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 7718642, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1748089779.903988, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_fs_attrs.crt", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 14, "version": "2945676593", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:43 Saturday 24 May 2025 08:29:45 -0400 (0:00:00.418) 0:00:17.218 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:49 Saturday 24 May 2025 08:29:45 -0400 (0:00:00.067) 0:00:17.286 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:59 Saturday 24 May 2025 08:29:45 -0400 (0:00:00.080) 0:00:17.366 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:65 Saturday 24 May 2025 08:29:45 -0400 (0:00:00.086) 0:00:17.453 ********** ok: [managed-node2] => { "changed": false, "stat": { "atime": 1748089779.8639877, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "60b16ee3ac33ddc398fa4bec8d8358ff52773483", "ctime": 1748089779.9549882, "dev": 51713, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 7718641, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1748089779.903988, "nlink": 1, "path": "/etc/pki/tls/private/mycert_fs_attrs.key", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1708, "uid": 14, "version": "629670283", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:70 Saturday 24 May 2025 08:29:45 -0400 (0:00:00.462) 0:00:17.916 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:76 Saturday 24 May 2025 08:29:45 -0400 (0:00:00.054) 0:00:17.970 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:86 Saturday 24 May 2025 08:29:45 -0400 (0:00:00.052) 0:00:18.023 ********** ok: [managed-node2] => { "certificate": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "9E:D5:13:98:77:23:B6:BA:CC:B3:35:90:1A:B7:55:DA:5C:19:96:EB" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "64:7C:BD:3C:2F:78:FF:B4:4B:A6:9D:24:A5:C7:32:78:7E:34:A8:DF" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "45:ED:C1:84:A7:74:A4:A2:9A:02:3F:35:89:B5:59:5F:E9:A0:8F:88:F6:2C:E1:C7:8E:AC:C4:9F:FB:D1:41:D1:96:F5:F4:D4:88:47:43:76:EC:DA:1E:07:11:F4:D9:E3:8E:71:51:5C:EC:69:77:3E:A2:C9:79:FB:60:58:9F:B0:4F:D8:CD:D2:C5:EB:87:88:6C:0D:6B:82:F4:01:B6:80:47:BD:2F:6B:E2:27:55:6E:A8:0D:05:5D:7A:63:7A:F4:DB:B8:87:2B:30:00:CE:22:65:72:60:2C:B8:E4:DC:2A:CE:7C:96:0E:43:22:DC:00:F3:17:4E:7B:89:2C:6A:A3:DA:ED:86:BA:85:DC:64:64:95:97:EC:6E:4F:A9:38:08:25:EF:0B:F9:49:ED:18:7A:E7:FA:E6:CF:98:DF:51:24:79:E6:A2:F7:E7:FA:E1:EB:C4:26:05:54:34:73:33:2B:34:D7:D2:C8:09:AE:63:5B:43:82:12:7D:6F:98:8D:CA:D4:7E:8A:D9:1F:1B:0C:B7:B5:58:5E:B5:23:C6:CE:29:54:A1:8F:FC:96:47:7E:EC:E4:DC:68:89:72:BB:26:30:F8:1A:00:31:A9:AF:7A:E9:61:73:41:44:B6:C9:FC:18:5D:FD:05:61:C1:52:F7:80:13:08:DC:B1:B3:C9:E1:C0" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "20260524122919Z", "not_valid_before": "20250524122939Z" } }, "changed": false } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:92 Saturday 24 May 2025 08:29:46 -0400 (0:00:00.567) 0:00:18.590 ********** ok: [managed-node2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "9E:D5:13:98:77:23:B6:BA:CC:B3:35:90:1A:B7:55:DA:5C:19:96:EB" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "64:7C:BD:3C:2F:78:FF:B4:4B:A6:9D:24:A5:C7:32:78:7E:34:A8:DF" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "45:ED:C1:84:A7:74:A4:A2:9A:02:3F:35:89:B5:59:5F:E9:A0:8F:88:F6:2C:E1:C7:8E:AC:C4:9F:FB:D1:41:D1:96:F5:F4:D4:88:47:43:76:EC:DA:1E:07:11:F4:D9:E3:8E:71:51:5C:EC:69:77:3E:A2:C9:79:FB:60:58:9F:B0:4F:D8:CD:D2:C5:EB:87:88:6C:0D:6B:82:F4:01:B6:80:47:BD:2F:6B:E2:27:55:6E:A8:0D:05:5D:7A:63:7A:F4:DB:B8:87:2B:30:00:CE:22:65:72:60:2C:B8:E4:DC:2A:CE:7C:96:0E:43:22:DC:00:F3:17:4E:7B:89:2C:6A:A3:DA:ED:86:BA:85:DC:64:64:95:97:EC:6E:4F:A9:38:08:25:EF:0B:F9:49:ED:18:7A:E7:FA:E6:CF:98:DF:51:24:79:E6:A2:F7:E7:FA:E1:EB:C4:26:05:54:34:73:33:2B:34:D7:D2:C8:09:AE:63:5B:43:82:12:7D:6F:98:8D:CA:D4:7E:8A:D9:1F:1B:0C:B7:B5:58:5E:B5:23:C6:CE:29:54:A1:8F:FC:96:47:7E:EC:E4:DC:68:89:72:BB:26:30:F8:1A:00:31:A9:AF:7A:E9:61:73:41:44:B6:C9:FC:18:5D:FD:05:61:C1:52:F7:80:13:08:DC:B1:B3:C9:E1:C0" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "20260524122919Z", "not_valid_before": "20250524122939Z" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:96 Saturday 24 May 2025 08:29:46 -0400 (0:00:00.077) 0:00:18.668 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:104 Saturday 24 May 2025 08:29:46 -0400 (0:00:00.053) 0:00:18.721 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:112 Saturday 24 May 2025 08:29:46 -0400 (0:00:00.047) 0:00:18.769 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:119 Saturday 24 May 2025 08:29:46 -0400 (0:00:00.055) 0:00:18.824 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:130 Saturday 24 May 2025 08:29:46 -0400 (0:00:00.049) 0:00:18.874 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:143 Saturday 24 May 2025 08:29:46 -0400 (0:00:00.053) 0:00:18.927 ********** ok: [managed-node2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_fs_attrs.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.042420", "end": "2025-05-24 08:29:47.406952", "rc": 0, "start": "2025-05-24 08:29:47.364532" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:152 Saturday 24 May 2025 08:29:47 -0400 (0:00:00.578) 0:00:19.506 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:2 Saturday 24 May 2025 08:29:47 -0400 (0:00:00.061) 0:00:19.568 ********** ok: [managed-node2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Check if system is ostree] *********************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:9 Saturday 24 May 2025 08:29:47 -0400 (0:00:00.023) 0:00:19.591 ********** skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Set flag to indicate system is ostree] *********************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:14 Saturday 24 May 2025 08:29:47 -0400 (0:00:00.061) 0:00:19.653 ********** skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:18 Saturday 24 May 2025 08:29:47 -0400 (0:00:00.062) 0:00:19.716 ********** skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:28 Saturday 24 May 2025 08:29:47 -0400 (0:00:00.057) 0:00:19.773 ********** ok: [managed-node2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do lsrpackages: python3-cryptography python3-pyasn1 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:38 Saturday 24 May 2025 08:29:50 -0400 (0:00:02.841) 0:00:22.614 ********** ok: [managed-node2] => { "changed": false, "stat": { "atime": 1748089780.7049925, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "37020af51408de4c733102d19551ce1390679669", "ctime": 1748089780.8569934, "dev": 51713, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 7718644, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1748089780.7019925, "nlink": 1, "path": "/etc/pki/tls/certs/certid.crt", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 1040, "version": "2692711474", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:43 Saturday 24 May 2025 08:29:50 -0400 (0:00:00.389) 0:00:23.003 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:49 Saturday 24 May 2025 08:29:51 -0400 (0:00:00.049) 0:00:23.052 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:59 Saturday 24 May 2025 08:29:51 -0400 (0:00:00.054) 0:00:23.107 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:65 Saturday 24 May 2025 08:29:51 -0400 (0:00:00.044) 0:00:23.152 ********** ok: [managed-node2] => { "changed": false, "stat": { "atime": 1748089780.6609924, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "5e7f6834bed21cc903f5e5e7b5d23a368977a643", "ctime": 1748089780.8579936, "dev": 51713, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 7718643, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1748089780.7019925, "nlink": 1, "path": "/etc/pki/tls/private/certid.key", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1708, "uid": 1040, "version": "2550531789", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:70 Saturday 24 May 2025 08:29:51 -0400 (0:00:00.362) 0:00:23.515 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:76 Saturday 24 May 2025 08:29:51 -0400 (0:00:00.043) 0:00:23.558 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:86 Saturday 24 May 2025 08:29:51 -0400 (0:00:00.047) 0:00:23.606 ********** ok: [managed-node2] => { "certificate": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "9E:D5:13:98:77:23:B6:BA:CC:B3:35:90:1A:B7:55:DA:5C:19:96:EB" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "63:F2:32:93:DE:90:77:A2:B9:30:F2:C2:EB:14:EB:72:34:6A:B5:10" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "2E:4D:EC:17:6B:00:A6:97:8E:AD:0E:C3:F2:34:EA:1C:7F:31:C0:47:71:06:EF:0C:E4:2C:6B:47:08:35:B4:E8:B6:7A:1A:77:1A:17:CE:F8:D7:77:78:7B:D9:E3:E5:43:DE:95:B1:54:8F:B4:B5:AD:3D:E5:71:26:00:42:59:2A:E6:6C:0B:B7:27:39:54:F1:65:CB:28:21:22:9D:6B:33:16:8F:40:13:1E:FA:96:D2:E6:1A:54:29:07:A6:E4:EE:5F:0B:94:A0:AD:4A:C2:BE:65:1A:FC:7B:4B:CD:10:CF:80:3A:51:A5:37:C8:F1:2B:04:04:4C:F7:D5:C1:F7:59:AF:77:D6:D9:97:A1:73:77:18:EB:63:54:98:1D:BE:01:95:15:CA:A7:AF:F9:3E:41:C5:5F:88:77:C8:64:A3:39:13:F3:54:92:E1:1C:62:47:50:21:08:81:7B:02:F8:E4:2C:E0:19:FA:1D:C3:E5:97:A5:66:95:20:9A:A3:16:C1:4C:7F:65:B9:56:A0:16:7C:B7:12:CA:CA:6D:BA:6A:D7:40:33:F2:A9:FA:67:01:2D:D3:98:AD:DB:09:84:B4:B8:A2:6D:61:3A:79:84:A1:55:95:55:79:18:8C:69:4B:1B:CC:6C:99:99:6D:53:B2:A2:DA:E3:E7:1A:5B:3B:E0:C5" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "20260524122919Z", "not_valid_before": "20250524122940Z" } }, "changed": false } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:92 Saturday 24 May 2025 08:29:51 -0400 (0:00:00.418) 0:00:24.024 ********** ok: [managed-node2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "9E:D5:13:98:77:23:B6:BA:CC:B3:35:90:1A:B7:55:DA:5C:19:96:EB" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "63:F2:32:93:DE:90:77:A2:B9:30:F2:C2:EB:14:EB:72:34:6A:B5:10" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "2E:4D:EC:17:6B:00:A6:97:8E:AD:0E:C3:F2:34:EA:1C:7F:31:C0:47:71:06:EF:0C:E4:2C:6B:47:08:35:B4:E8:B6:7A:1A:77:1A:17:CE:F8:D7:77:78:7B:D9:E3:E5:43:DE:95:B1:54:8F:B4:B5:AD:3D:E5:71:26:00:42:59:2A:E6:6C:0B:B7:27:39:54:F1:65:CB:28:21:22:9D:6B:33:16:8F:40:13:1E:FA:96:D2:E6:1A:54:29:07:A6:E4:EE:5F:0B:94:A0:AD:4A:C2:BE:65:1A:FC:7B:4B:CD:10:CF:80:3A:51:A5:37:C8:F1:2B:04:04:4C:F7:D5:C1:F7:59:AF:77:D6:D9:97:A1:73:77:18:EB:63:54:98:1D:BE:01:95:15:CA:A7:AF:F9:3E:41:C5:5F:88:77:C8:64:A3:39:13:F3:54:92:E1:1C:62:47:50:21:08:81:7B:02:F8:E4:2C:E0:19:FA:1D:C3:E5:97:A5:66:95:20:9A:A3:16:C1:4C:7F:65:B9:56:A0:16:7C:B7:12:CA:CA:6D:BA:6A:D7:40:33:F2:A9:FA:67:01:2D:D3:98:AD:DB:09:84:B4:B8:A2:6D:61:3A:79:84:A1:55:95:55:79:18:8C:69:4B:1B:CC:6C:99:99:6D:53:B2:A2:DA:E3:E7:1A:5B:3B:E0:C5" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "20260524122919Z", "not_valid_before": "20250524122940Z" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:96 Saturday 24 May 2025 08:29:52 -0400 (0:00:00.043) 0:00:24.068 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:104 Saturday 24 May 2025 08:29:52 -0400 (0:00:00.069) 0:00:24.138 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:112 Saturday 24 May 2025 08:29:52 -0400 (0:00:00.044) 0:00:24.182 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:119 Saturday 24 May 2025 08:29:52 -0400 (0:00:00.045) 0:00:24.227 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:130 Saturday 24 May 2025 08:29:52 -0400 (0:00:00.049) 0:00:24.276 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:143 Saturday 24 May 2025 08:29:52 -0400 (0:00:00.048) 0:00:24.325 ********** ok: [managed-node2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/certid.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.044269", "end": "2025-05-24 08:29:52.623091", "rc": 0, "start": "2025-05-24 08:29:52.578822" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:152 Saturday 24 May 2025 08:29:52 -0400 (0:00:00.395) 0:00:24.720 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY [Issue certificate setting user/group/mode] ******************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:67 Saturday 24 May 2025 08:29:52 -0400 (0:00:00.050) 0:00:24.770 ********** ok: [managed-node2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Saturday 24 May 2025 08:29:53 -0400 (0:00:00.601) 0:00:25.372 ********** included: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for managed-node2 TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Saturday 24 May 2025 08:29:53 -0400 (0:00:00.021) 0:00:25.393 ********** skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Check if system is ostree] ******* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:10 Saturday 24 May 2025 08:29:53 -0400 (0:00:00.041) 0:00:25.434 ********** skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Set flag to indicate system is ostree] *** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:15 Saturday 24 May 2025 08:29:53 -0400 (0:00:00.038) 0:00:25.472 ********** skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:19 Saturday 24 May 2025 08:29:53 -0400 (0:00:00.040) 0:00:25.512 ********** skipping: [managed-node2] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=CentOS.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=CentOS_8.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_8.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=CentOS_8.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_8.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Saturday 24 May 2025 08:29:53 -0400 (0:00:00.063) 0:00:25.576 ********** ok: [managed-node2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do lsrpackages: python3-cryptography python3-dbus python3-pyasn1 TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:23 Saturday 24 May 2025 08:29:56 -0400 (0:00:02.829) 0:00:28.406 ********** ok: [managed-node2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [] } MSG: Nothing to do lsrpackages: certmonger TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:35 Saturday 24 May 2025 08:29:59 -0400 (0:00:02.860) 0:00:31.266 ********** ok: [managed-node2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:61 Saturday 24 May 2025 08:29:59 -0400 (0:00:00.380) 0:00:31.647 ********** ok: [managed-node2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:90 Saturday 24 May 2025 08:29:59 -0400 (0:00:00.385) 0:00:32.032 ********** ok: [managed-node2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Sat 2025-05-24 08:29:19 EDT", "ActiveEnterTimestampMonotonic": "241038351", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "dbus.service network.target system.slice sysinit.target basic.target dbus.socket syslog.target systemd-journald.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "yes", "AssertTimestamp": "Sat 2025-05-24 08:29:19 EDT", "AssertTimestampMonotonic": "241029371", "Before": "shutdown.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2025-05-24 08:29:19 EDT", "ConditionTimestampMonotonic": "241029370", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "8783", "ExecMainStartTimestamp": "Sat 2025-05-24 08:29:19 EDT", "ExecMainStartTimestampMonotonic": "241030068", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[Sat 2025-05-24 08:29:19 EDT] ; stop_time=[n/a] ; pid=8783 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2025-05-24 08:29:19 EDT", "InactiveExitTimestampMonotonic": "241030097", "InvocationID": "b0c512b9acf94047b696482a09bc48ef", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "28608", "LimitNPROCSoft": "28608", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "28608", "LimitSIGPENDINGSoft": "28608", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "8783", "MemoryAccounting": "yes", "MemoryCurrent": "3809280", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus.service", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Sat 2025-05-24 08:29:19 EDT", "StateChangeTimestampMonotonic": "241038351", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "45773", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogTimestamp": "Sat 2025-05-24 08:29:19 EDT", "WatchdogTimestampMonotonic": "241038348", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:101 Saturday 24 May 2025 08:30:00 -0400 (0:00:00.555) 0:00:32.588 ********** changed: [managed-node2] => (item={'name': 'mycert_fs_attrs_mode', 'dns': 'www.example.com', 'owner': 'ftp', 'group': 'ftp', 'mode': '0620', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "mode": "0620", "name": "mycert_fs_attrs_mode", "owner": "ftp" } } MSG: Certificate requested (new). File attributes updated. changed: [managed-node2] => (item={'name': 'certid_mode', 'dns': 'www.example.com', 'mode': '0600', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "mode": "0600", "name": "certid_mode" } } MSG: Certificate requested (new). TASK [fedora.linux_system_roles.certificate : Slurp the contents of the files] *** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:152 Saturday 24 May 2025 08:30:02 -0400 (0:00:01.870) 0:00:34.459 ********** skipping: [managed-node2] => (item=['cert', {'name': 'mycert_fs_attrs_mode', 'dns': 'www.example.com', 'owner': 'ftp', 'group': 'ftp', 'mode': '0620', 'ca': 'self-sign'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "cert", { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "mode": "0620", "name": "mycert_fs_attrs_mode", "owner": "ftp" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=['cert', {'name': 'certid_mode', 'dns': 'www.example.com', 'mode': '0600', 'ca': 'self-sign'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "cert", { "ca": "self-sign", "dns": "www.example.com", "mode": "0600", "name": "certid_mode" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=['key', {'name': 'mycert_fs_attrs_mode', 'dns': 'www.example.com', 'owner': 'ftp', 'group': 'ftp', 'mode': '0620', 'ca': 'self-sign'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "key", { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "mode": "0620", "name": "mycert_fs_attrs_mode", "owner": "ftp" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=['key', {'name': 'certid_mode', 'dns': 'www.example.com', 'mode': '0600', 'ca': 'self-sign'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "key", { "ca": "self-sign", "dns": "www.example.com", "mode": "0600", "name": "certid_mode" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=['ca', {'name': 'mycert_fs_attrs_mode', 'dns': 'www.example.com', 'owner': 'ftp', 'group': 'ftp', 'mode': '0620', 'ca': 'self-sign'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "ca", { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "mode": "0620", "name": "mycert_fs_attrs_mode", "owner": "ftp" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node2] => (item=['ca', {'name': 'certid_mode', 'dns': 'www.example.com', 'mode': '0600', 'ca': 'self-sign'}]) => { "ansible_loop_var": "item", "changed": false, "item": [ "ca", { "ca": "self-sign", "dns": "www.example.com", "mode": "0600", "name": "certid_mode" } ], "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Create return data] ************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:160 Saturday 24 May 2025 08:30:02 -0400 (0:00:00.110) 0:00:34.569 ********** skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Stop tracking certificates] ****** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:176 Saturday 24 May 2025 08:30:02 -0400 (0:00:00.068) 0:00:34.637 ********** skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Remove files] ******************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:181 Saturday 24 May 2025 08:30:02 -0400 (0:00:00.062) 0:00:34.700 ********** skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:85 Saturday 24 May 2025 08:30:02 -0400 (0:00:00.070) 0:00:34.770 ********** ok: [managed-node2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:112 Saturday 24 May 2025 08:30:03 -0400 (0:00:00.643) 0:00:35.413 ********** included: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml for managed-node2 included: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml for managed-node2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:2 Saturday 24 May 2025 08:30:03 -0400 (0:00:00.084) 0:00:35.497 ********** ok: [managed-node2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Check if system is ostree] *********************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:9 Saturday 24 May 2025 08:30:03 -0400 (0:00:00.016) 0:00:35.514 ********** skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Set flag to indicate system is ostree] *********************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:14 Saturday 24 May 2025 08:30:03 -0400 (0:00:00.041) 0:00:35.555 ********** skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:18 Saturday 24 May 2025 08:30:03 -0400 (0:00:00.041) 0:00:35.596 ********** skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:28 Saturday 24 May 2025 08:30:03 -0400 (0:00:00.041) 0:00:35.637 ********** ok: [managed-node2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do lsrpackages: python3-cryptography python3-pyasn1 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:38 Saturday 24 May 2025 08:30:06 -0400 (0:00:02.871) 0:00:38.509 ********** ok: [managed-node2] => { "changed": false, "stat": { "atime": 1748089801.1910775, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "30ed4fe5be6a161441d65d3d906953024e3e8763", "ctime": 1748089801.2870777, "dev": 51713, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 7718646, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0620", "mtime": 1748089801.1890774, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_fs_attrs_mode.crt", "pw_name": "ftp", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 14, "version": "3105074566", "wgrp": true, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:43 Saturday 24 May 2025 08:30:06 -0400 (0:00:00.399) 0:00:38.909 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:49 Saturday 24 May 2025 08:30:06 -0400 (0:00:00.043) 0:00:38.953 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:59 Saturday 24 May 2025 08:30:06 -0400 (0:00:00.049) 0:00:39.002 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:65 Saturday 24 May 2025 08:30:06 -0400 (0:00:00.045) 0:00:39.048 ********** ok: [managed-node2] => { "changed": false, "stat": { "atime": 1748089801.1480772, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "e2019884f37992bd25ac8f31b57a45dc57c0ccd1", "ctime": 1748089801.2870777, "dev": 51713, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 7718645, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0620", "mtime": 1748089801.1890774, "nlink": 1, "path": "/etc/pki/tls/private/mycert_fs_attrs_mode.key", "pw_name": "ftp", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 14, "version": "3284288050", "wgrp": true, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:70 Saturday 24 May 2025 08:30:07 -0400 (0:00:00.383) 0:00:39.432 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:76 Saturday 24 May 2025 08:30:07 -0400 (0:00:00.046) 0:00:39.478 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:86 Saturday 24 May 2025 08:30:07 -0400 (0:00:00.049) 0:00:39.528 ********** ok: [managed-node2] => { "certificate": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "9E:D5:13:98:77:23:B6:BA:CC:B3:35:90:1A:B7:55:DA:5C:19:96:EB" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "A2:0E:C8:C0:17:9E:F0:99:95:BD:D8:F1:14:9E:F1:9F:C6:F8:CB:96" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "2A:D0:BC:6C:43:75:6C:F7:24:B0:21:29:A6:92:60:9C:C1:19:2C:CB:3E:C2:DE:C3:E2:9F:77:4D:FF:83:04:29:FD:F7:C4:73:02:79:E1:C6:4F:BB:FC:2B:97:14:7D:DE:35:3B:D5:C8:E4:5E:50:47:0C:E9:EC:7C:3E:18:1A:AD:7A:08:57:CB:46:E1:47:7B:E8:1B:D1:D9:61:4F:7C:AB:A1:85:D9:4F:A3:25:66:47:46:E8:4D:8A:F3:54:BC:83:4E:F1:0A:DA:07:F5:6D:4A:38:0C:13:FC:A8:7F:BD:62:C9:7C:B3:F1:DC:5C:23:93:A7:A2:48:44:31:4C:1F:B5:FB:F2:2B:8B:28:A3:B5:0B:85:D0:8B:48:8F:7B:C1:60:92:0A:8E:A9:78:E7:B1:CD:C4:A5:5E:9E:EB:1B:3C:93:98:E8:5F:E4:1D:ED:DC:AF:1D:EC:3A:61:83:22:DC:0D:CD:DA:70:A2:33:84:B3:6D:CD:54:85:7C:90:20:95:9C:A1:AE:36:E9:51:1C:2F:85:A6:CC:07:39:CE:33:80:4D:84:4B:6A:CC:BD:9B:46:4C:55:1F:42:BE:66:28:31:ED:EC:01:F2:28:A9:29:57:AB:4E:21:77:19:86:1E:0D:B7:3E:9B:8C:CC:AB:E6:1C:05:DE:66:E5:4E:8A:AD:79:04" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "20260524122919Z", "not_valid_before": "20250524123001Z" } }, "changed": false } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:92 Saturday 24 May 2025 08:30:07 -0400 (0:00:00.438) 0:00:39.966 ********** ok: [managed-node2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "9E:D5:13:98:77:23:B6:BA:CC:B3:35:90:1A:B7:55:DA:5C:19:96:EB" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "A2:0E:C8:C0:17:9E:F0:99:95:BD:D8:F1:14:9E:F1:9F:C6:F8:CB:96" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "2A:D0:BC:6C:43:75:6C:F7:24:B0:21:29:A6:92:60:9C:C1:19:2C:CB:3E:C2:DE:C3:E2:9F:77:4D:FF:83:04:29:FD:F7:C4:73:02:79:E1:C6:4F:BB:FC:2B:97:14:7D:DE:35:3B:D5:C8:E4:5E:50:47:0C:E9:EC:7C:3E:18:1A:AD:7A:08:57:CB:46:E1:47:7B:E8:1B:D1:D9:61:4F:7C:AB:A1:85:D9:4F:A3:25:66:47:46:E8:4D:8A:F3:54:BC:83:4E:F1:0A:DA:07:F5:6D:4A:38:0C:13:FC:A8:7F:BD:62:C9:7C:B3:F1:DC:5C:23:93:A7:A2:48:44:31:4C:1F:B5:FB:F2:2B:8B:28:A3:B5:0B:85:D0:8B:48:8F:7B:C1:60:92:0A:8E:A9:78:E7:B1:CD:C4:A5:5E:9E:EB:1B:3C:93:98:E8:5F:E4:1D:ED:DC:AF:1D:EC:3A:61:83:22:DC:0D:CD:DA:70:A2:33:84:B3:6D:CD:54:85:7C:90:20:95:9C:A1:AE:36:E9:51:1C:2F:85:A6:CC:07:39:CE:33:80:4D:84:4B:6A:CC:BD:9B:46:4C:55:1F:42:BE:66:28:31:ED:EC:01:F2:28:A9:29:57:AB:4E:21:77:19:86:1E:0D:B7:3E:9B:8C:CC:AB:E6:1C:05:DE:66:E5:4E:8A:AD:79:04" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "20260524122919Z", "not_valid_before": "20250524123001Z" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:96 Saturday 24 May 2025 08:30:07 -0400 (0:00:00.043) 0:00:40.010 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:104 Saturday 24 May 2025 08:30:08 -0400 (0:00:00.045) 0:00:40.056 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:112 Saturday 24 May 2025 08:30:08 -0400 (0:00:00.046) 0:00:40.102 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:119 Saturday 24 May 2025 08:30:08 -0400 (0:00:00.045) 0:00:40.148 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:130 Saturday 24 May 2025 08:30:08 -0400 (0:00:00.052) 0:00:40.200 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:143 Saturday 24 May 2025 08:30:08 -0400 (0:00:00.053) 0:00:40.254 ********** ok: [managed-node2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_fs_attrs_mode.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.046230", "end": "2025-05-24 08:30:08.582204", "rc": 0, "start": "2025-05-24 08:30:08.535974" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:152 Saturday 24 May 2025 08:30:08 -0400 (0:00:00.443) 0:00:40.698 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:2 Saturday 24 May 2025 08:30:08 -0400 (0:00:00.073) 0:00:40.771 ********** ok: [managed-node2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Check if system is ostree] *********************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:9 Saturday 24 May 2025 08:30:08 -0400 (0:00:00.024) 0:00:40.795 ********** skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Set flag to indicate system is ostree] *********************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:14 Saturday 24 May 2025 08:30:08 -0400 (0:00:00.063) 0:00:40.859 ********** skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:18 Saturday 24 May 2025 08:30:08 -0400 (0:00:00.046) 0:00:40.906 ********** skipping: [managed-node2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:28 Saturday 24 May 2025 08:30:08 -0400 (0:00:00.045) 0:00:40.951 ********** ok: [managed-node2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do lsrpackages: python3-cryptography python3-pyasn1 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:38 Saturday 24 May 2025 08:30:11 -0400 (0:00:02.851) 0:00:43.802 ********** ok: [managed-node2] => { "changed": false, "stat": { "atime": 1748089802.239079, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "0ad3664674fb09b9fedf20874d552aa6129f836b", "ctime": 1748089802.237079, "dev": 51713, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 7718648, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1748089802.237079, "nlink": 1, "path": "/etc/pki/tls/certs/certid_mode.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "1765534305", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:43 Saturday 24 May 2025 08:30:12 -0400 (0:00:00.402) 0:00:44.205 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:49 Saturday 24 May 2025 08:30:12 -0400 (0:00:00.070) 0:00:44.276 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:59 Saturday 24 May 2025 08:30:12 -0400 (0:00:00.094) 0:00:44.370 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:65 Saturday 24 May 2025 08:30:12 -0400 (0:00:00.066) 0:00:44.437 ********** ok: [managed-node2] => { "changed": false, "stat": { "atime": 1748089802.1960788, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "44b0499bb1702af2e776864d1ad7624f72eccd93", "ctime": 1748089802.237079, "dev": 51713, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 7718647, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1748089802.237079, "nlink": 1, "path": "/etc/pki/tls/private/certid_mode.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1106781213", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:70 Saturday 24 May 2025 08:30:12 -0400 (0:00:00.575) 0:00:45.013 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:76 Saturday 24 May 2025 08:30:13 -0400 (0:00:00.044) 0:00:45.057 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:86 Saturday 24 May 2025 08:30:13 -0400 (0:00:00.048) 0:00:45.105 ********** ok: [managed-node2] => { "certificate": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "9E:D5:13:98:77:23:B6:BA:CC:B3:35:90:1A:B7:55:DA:5C:19:96:EB" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "C2:43:E1:B5:0B:2C:DE:10:59:D5:9B:87:11:E2:D1:A1:EF:4B:CF:CE" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "1C:B3:AB:E0:3E:2A:AB:91:4D:23:17:14:BC:CF:E7:31:3F:56:EA:1B:E8:01:E6:B2:E0:39:98:9C:92:ED:47:02:9C:AA:8B:37:E2:44:10:8A:C9:83:BE:CC:EB:19:09:91:4C:1C:30:C7:09:4A:99:1B:E6:0F:80:79:74:92:8D:92:ED:FE:59:86:12:FC:9C:63:78:D7:9A:D7:D2:34:0F:B5:FD:FB:ED:13:DF:2D:52:03:1C:CE:C1:1B:4C:34:51:47:CB:65:6B:B4:FB:D4:66:52:05:27:93:5A:6E:68:E3:D7:1B:0A:E2:A5:B4:92:63:44:89:F4:EE:48:29:90:84:77:78:61:B7:63:4D:9C:06:FB:FB:EB:41:8B:4A:E3:62:07:86:6C:30:53:EB:81:86:58:1C:48:CE:23:9A:74:F2:91:0A:DD:BE:9C:4D:F5:D1:5A:EF:75:6B:FB:35:19:C7:0E:1E:4F:B1:0A:25:CD:8D:3D:96:5A:F8:B1:B3:F2:46:D6:49:0B:F0:06:DA:F0:D6:95:9A:E5:57:F2:DF:38:77:8C:FD:C0:61:E6:7F:93:91:30:DA:7F:1E:B1:F3:5A:65:5A:7B:58:78:72:67:42:C3:D7:89:9E:19:00:9D:F1:D0:40:9A:57:D5:DF:76:82:80:28:A8:7E:88:BC:D3:30:92:F0" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "20260524122919Z", "not_valid_before": "20250524123002Z" } }, "changed": false } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:92 Saturday 24 May 2025 08:30:13 -0400 (0:00:00.455) 0:00:45.561 ********** ok: [managed-node2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "9E:D5:13:98:77:23:B6:BA:CC:B3:35:90:1A:B7:55:DA:5C:19:96:EB" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "C2:43:E1:B5:0B:2C:DE:10:59:D5:9B:87:11:E2:D1:A1:EF:4B:CF:CE" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "1C:B3:AB:E0:3E:2A:AB:91:4D:23:17:14:BC:CF:E7:31:3F:56:EA:1B:E8:01:E6:B2:E0:39:98:9C:92:ED:47:02:9C:AA:8B:37:E2:44:10:8A:C9:83:BE:CC:EB:19:09:91:4C:1C:30:C7:09:4A:99:1B:E6:0F:80:79:74:92:8D:92:ED:FE:59:86:12:FC:9C:63:78:D7:9A:D7:D2:34:0F:B5:FD:FB:ED:13:DF:2D:52:03:1C:CE:C1:1B:4C:34:51:47:CB:65:6B:B4:FB:D4:66:52:05:27:93:5A:6E:68:E3:D7:1B:0A:E2:A5:B4:92:63:44:89:F4:EE:48:29:90:84:77:78:61:B7:63:4D:9C:06:FB:FB:EB:41:8B:4A:E3:62:07:86:6C:30:53:EB:81:86:58:1C:48:CE:23:9A:74:F2:91:0A:DD:BE:9C:4D:F5:D1:5A:EF:75:6B:FB:35:19:C7:0E:1E:4F:B1:0A:25:CD:8D:3D:96:5A:F8:B1:B3:F2:46:D6:49:0B:F0:06:DA:F0:D6:95:9A:E5:57:F2:DF:38:77:8C:FD:C0:61:E6:7F:93:91:30:DA:7F:1E:B1:F3:5A:65:5A:7B:58:78:72:67:42:C3:D7:89:9E:19:00:9D:F1:D0:40:9A:57:D5:DF:76:82:80:28:A8:7E:88:BC:D3:30:92:F0" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "20260524122919Z", "not_valid_before": "20250524123002Z" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:96 Saturday 24 May 2025 08:30:13 -0400 (0:00:00.044) 0:00:45.606 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:104 Saturday 24 May 2025 08:30:13 -0400 (0:00:00.046) 0:00:45.653 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:112 Saturday 24 May 2025 08:30:13 -0400 (0:00:00.045) 0:00:45.698 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:119 Saturday 24 May 2025 08:30:13 -0400 (0:00:00.045) 0:00:45.744 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:130 Saturday 24 May 2025 08:30:13 -0400 (0:00:00.054) 0:00:45.799 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:143 Saturday 24 May 2025 08:30:13 -0400 (0:00:00.050) 0:00:45.849 ********** ok: [managed-node2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/certid_mode.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.047057", "end": "2025-05-24 08:30:14.167572", "rc": 0, "start": "2025-05-24 08:30:14.120515" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:152 Saturday 24 May 2025 08:30:14 -0400 (0:00:00.419) 0:00:46.269 ********** ok: [managed-node2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* managed-node2 : ok=99 changed=4 unreachable=0 failed=0 skipped=26 rescued=0 ignored=0 SYSTEM ROLES ERRORS BEGIN v1 [] SYSTEM ROLES ERRORS END v1 TASKS RECAP ******************************************************************** Saturday 24 May 2025 08:30:14 -0400 (0:00:00.042) 0:00:46.312 ********** =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 2.97s /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 2.88s /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:23 Ensure python3 is installed --------------------------------------------- 2.87s /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:28 fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 2.86s /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:23 Ensure python3 is installed --------------------------------------------- 2.85s /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:28 Ensure python3 is installed --------------------------------------------- 2.84s /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:28 Ensure python3 is installed --------------------------------------------- 2.83s /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:28 fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 2.83s /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 1.87s /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:101 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 1.81s /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:101 fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.94s /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:90 Gathering Facts --------------------------------------------------------- 0.89s /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:2 Gathering Facts --------------------------------------------------------- 0.64s /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:85 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.63s /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:35 Gathering Facts --------------------------------------------------------- 0.60s /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:14 Ensure user exists ------------------------------------------------------ 0.60s /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:5 Gathering Facts --------------------------------------------------------- 0.60s /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:67 Gathering Facts --------------------------------------------------------- 0.59s /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_fs_attrs.yml:32 Retrieve auto-renew flag ------------------------------------------------ 0.58s /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:143 Retrieve key file stats ------------------------------------------------- 0.58s /tmp/collections-YBA/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/assert_certificate_parameters.yml:65