diff options
author | Lamont Granquist <lamont@scriptkiddie.org> | 2016-05-09 09:07:57 -0700 |
---|---|---|
committer | Lamont Granquist <lamont@scriptkiddie.org> | 2016-05-10 08:06:44 -0700 |
commit | afe0aa20bb521d175c7e2a9ec2fabe1050db3995 (patch) | |
tree | 5dbbf569e3eb1f4425879151b0210d7f9736b9bc | |
parent | dcf9b3064ff753fe4cbe12f7bcec78dc09905f11 (diff) | |
download | chef-afe0aa20bb521d175c7e2a9ec2fabe1050db3995.tar.gz |
adding more func tests to travis
-rw-r--r-- | kitchen-tests/.kitchen.travis.yml | 27 | ||||
-rw-r--r-- | kitchen-tests/.kitchen.yml | 30 | ||||
-rw-r--r-- | kitchen-tests/Berksfile | 1 | ||||
-rw-r--r-- | kitchen-tests/Berksfile.lock | 39 | ||||
-rw-r--r-- | kitchen-tests/cookbooks/base/Berksfile | 5 | ||||
-rw-r--r-- | kitchen-tests/cookbooks/base/README.md | 3 | ||||
-rw-r--r-- | kitchen-tests/cookbooks/base/attributes/default.rb | 80 | ||||
-rw-r--r-- | kitchen-tests/cookbooks/base/metadata.rb | 22 | ||||
-rw-r--r-- | kitchen-tests/cookbooks/base/recipes/default.rb | 39 | ||||
-rw-r--r-- | kitchen-tests/cookbooks/base/recipes/packages.rb | 9 | ||||
-rw-r--r-- | kitchen-tests/data_bags/users/adam.json | 9 |
11 files changed, 233 insertions, 31 deletions
diff --git a/kitchen-tests/.kitchen.travis.yml b/kitchen-tests/.kitchen.travis.yml index 100891bdf5..07a70fa47b 100644 --- a/kitchen-tests/.kitchen.travis.yml +++ b/kitchen-tests/.kitchen.travis.yml @@ -8,13 +8,13 @@ driver: instance_type: "m3.medium" provisioner: - name: chef_github - chef_omnibus_url: "https://omnitruck.chef.io/current/install.sh" - chef_omnibus_install_options: "-n" - github_owner: "chef" - github_repo: "chef" - refname: <%= ENV['TRAVIS_COMMIT'] %> - github_access_token: <%= ENV['KITCHEN_GITHUB_TOKEN'] %> + name: chef_zero +# chef_omnibus_url: "https://omnitruck.chef.io/current/install.sh" +# chef_omnibus_install_options: "-n" +# github_owner: "chef" +# github_repo: "chef" +# refname: <%= ENV['TRAVIS_COMMIT'] %> +# github_access_token: <%= ENV['KITCHEN_GITHUB_TOKEN'] %> data_path: test/fixtures # disable file provider diffs so we don't overflow travis' line limit client_rb: @@ -24,19 +24,18 @@ transport: ssh_key: <%= ENV['EC2_SSH_KEY_PATH'] %> platforms: - - name: ubuntu-12.04 + - name: ubuntu-14.04 driver: # http://cloud-images.ubuntu.com/locator/ec2/ - # 12.04 amd64 us-west-2 hvm:ssd - image_id: ami-f3635fc3 - - name: rhel-6 + # 14.04 amd64 us-west-2 hvm:ebs-ssd + image_id: ami-63ac5803 + - name: centos-6 driver: - # https://github.com/chef/releng-chef-repo/blob/master/script/ci#L93-L96 - image_id: ami-7df0bd4d + image_id: ami-05cf2265 suites: - name: webapp run_list: - - recipe[apt::default] + - recipe[base::default] - recipe[webapp::default] attributes: diff --git a/kitchen-tests/.kitchen.yml b/kitchen-tests/.kitchen.yml index c853f51b8d..2609036ab5 100644 --- a/kitchen-tests/.kitchen.yml +++ b/kitchen-tests/.kitchen.yml @@ -6,33 +6,29 @@ driver: memory: 2048 provisioner: - name: chef_github - github_owner: "chef" - github_repo: "chef" - refname: <%= %x(git rev-parse HEAD) %> + name: chef_zero +# name: chef_github +# github_owner: "chef" +# github_repo: "chef" +# refname: "master" data_path: test/fixtures client_rb: diff_disabled: true platforms: - # upstream community mysql cookbook broken on 10.04 - #- name: ubuntu-10.04 - # run_list: apt::default - name: ubuntu-12.04 - run_list: apt::default - name: ubuntu-14.04 - run_list: apt::default - # upstream community mysql cookbook also broken on 14.10 - #- name: ubuntu-14.10 - # run_list: apt::default - - name: centos-6.4 - run_list: yum-epel::default - - name: centos-5.10 - run_list: yum-epel::default + # needs updates for 16.04 + #- name: ubuntu-16.04 + # needs updates for 7.2 + #- name: centos-7.2 + - name: centos-6.7 + # needs fixing for 5.11 + #- name: centos-5.11 suites: - name: webapp run_list: - - recipe[apt::default] + - recipe[base::default] - recipe[webapp::default] attributes: diff --git a/kitchen-tests/Berksfile b/kitchen-tests/Berksfile index decb85a8a1..23c72d5394 100644 --- a/kitchen-tests/Berksfile +++ b/kitchen-tests/Berksfile @@ -1,5 +1,6 @@ source "https://supermarket.getchef.com" cookbook "webapp", :path => "cookbooks/webapp" +cookbook "base", :path => "cookbooks/base" cookbook "php", "~> 1.5.0" diff --git a/kitchen-tests/Berksfile.lock b/kitchen-tests/Berksfile.lock index 2c3b22b985..1ef99f8750 100644 --- a/kitchen-tests/Berksfile.lock +++ b/kitchen-tests/Berksfile.lock @@ -1,4 +1,6 @@ DEPENDENCIES + base + path: cookbooks/base php (~> 1.5.0) webapp path: cookbooks/webapp @@ -8,24 +10,56 @@ GRAPH apt (3.0.0) aws (3.3.2) ohai (>= 2.1.0) + base (0.1.0) + apt (>= 0.0.0) + build-essential (>= 0.0.0) + chef-client (>= 0.0.0) + fail2ban (>= 0.0.0) + logrotate (>= 0.0.0) + multipackage (>= 0.0.0) + nscd (>= 0.0.0) + ntp (>= 0.0.0) + openssh (>= 0.0.0) + resolver (>= 0.0.0) + sudo (>= 0.0.0) + ubuntu (>= 0.0.0) + users (>= 0.0.0) build-essential (3.2.0) seven_zip (>= 0.0.0) + chef-client (4.5.0) + cron (>= 1.7.0) + logrotate (>= 1.9.0) + windows (>= 1.39.0) chef-sugar (3.3.0) chef_handler (1.3.0) + compat_resource (12.9.1) + cron (1.7.6) database (2.3.1) aws (>= 0.0.0) mysql (~> 5.0) mysql-chef_gem (~> 0.0) postgresql (>= 1.0.0) xfs (>= 0.0.0) + fail2ban (2.3.0) + yum-epel (>= 0.0.0) iis (4.1.7) windows (>= 1.34.6) + iptables (2.2.0) + logrotate (1.9.2) + multipackage (3.0.28) + compat_resource (>= 0.0.0) mysql (5.6.3) yum-mysql-community (>= 0.0.0) mysql-chef_gem (0.0.5) build-essential (>= 0.0.0) mysql (>= 0.0.0) + nscd (2.0.0) + compat_resource (>= 0.0.0) + ntp (1.11.0) + windows (>= 1.38.0) ohai (3.0.1) + openssh (2.0.0) + iptables (>= 1.0) openssl (4.4.0) chef-sugar (>= 3.1.1) php (1.5.0) @@ -39,8 +73,13 @@ GRAPH apt (>= 1.9.0) build-essential (>= 0.0.0) openssl (~> 4.0) + resolver (1.3.0) seven_zip (2.0.0) windows (>= 1.2.2) + sudo (2.9.0) + ubuntu (1.2.0) + apt (>= 0.0.0) + users (2.0.3) webapp (0.1.0) apache2 (>= 0.0.0) database (~> 2.3.1) diff --git a/kitchen-tests/cookbooks/base/Berksfile b/kitchen-tests/cookbooks/base/Berksfile new file mode 100644 index 0000000000..4b6079016e --- /dev/null +++ b/kitchen-tests/cookbooks/base/Berksfile @@ -0,0 +1,5 @@ +source "https://api.berkshelf.com" + +metadata + +cookbook "apt" diff --git a/kitchen-tests/cookbooks/base/README.md b/kitchen-tests/cookbooks/base/README.md new file mode 100644 index 0000000000..f19ab46735 --- /dev/null +++ b/kitchen-tests/cookbooks/base/README.md @@ -0,0 +1,3 @@ +# webapp + +TODO: Enter the cookbook description here. diff --git a/kitchen-tests/cookbooks/base/attributes/default.rb b/kitchen-tests/cookbooks/base/attributes/default.rb new file mode 100644 index 0000000000..04f146b9d3 --- /dev/null +++ b/kitchen-tests/cookbooks/base/attributes/default.rb @@ -0,0 +1,80 @@ +# +# ubuntu cookbook overrides +# + +default['ubuntu']['archive_url'] = 'mirror://mirrors.ubuntu.com/mirrors.txt' +default['ubuntu']['security_url'] = 'mirror://mirrors.ubuntu.com/mirrors.txt' +default['ubuntu']['include_source_packages'] = true +default['ubuntu']['components'] = 'main restricted universe multiverse' + +# +# openssh cookbook overrides +# + +# turn off old protocols client-side +default['openssh']['client']['rsa_authentication'] = "no" +default['openssh']['client']['host_based_authentication'] = "no" +# allow typical ssh v2 rsa/dsa/ecdsa key auth client-side +default['openssh']['client']['pubkey_authentication'] = "yes" +# allow password auth client-side (we can ssh 'to' hosts that require passwords) +default['openssh']['client']['password_authentication'] = "yes" +# turn off kerberos client-side +default['openssh']['client']['gssapi_authentication'] = "no" +default['openssh']['client']['check_host_ip'] = "no" +# everone turns strict host key checking off anyway +default['openssh']['client']['strict_host_key_checking'] = "no" +# force protocol 2 +default['openssh']['client']['protocol'] = "2" + +# it is mostly important that the aes*-ctr ciphers appear first in this list, the cbc ciphers are for compatibility +default['openssh']['server']['ciphers'] = "aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc,cast128-cbc" +# DNS causes long timeouts when connecting clients have busted DNS +default['openssh']['server']['use_dns'] = "no" +default['openssh']['server']['syslog_facility'] = "AUTH" +# only allow access via ssh pubkeys, all other mechanisms including passwords are turned off for all users +default['openssh']['server']['pubkey_authentication'] = "yes" +default['openssh']['server']['rhosts_rsa_authentication'] = "no" +default['openssh']['server']['rsa_authentication'] = "no" +default['openssh']['server']['password_authentication'] = "no" +default['openssh']['server']['host_based_authentication'] = "no" +default['openssh']['server']['gssapi_authentication'] = "no" +default['openssh']['server']['permit_root_login'] = "without-password" +default['openssh']['server']['ignore_rhosts'] = "yes" +default['openssh']['server']['permit_empty_passwords'] = "no" +default['openssh']['server']['challenge_response_authentication'] = "no" +default['openssh']['server']['kerberos_authentication'] = "no" +# tcp keepalives are useful to keep connections up through VPNs and firewalls +default['openssh']['server']['tcp_keepalive'] = "yes" +default['openssh']['server']['use_privilege_separation'] = "yes" +default['openssh']['server']['max_start_ups'] = "10" +# PAM (i think) already prints the motd on login +default['openssh']['server']['print_motd'] = "no" +# force only protocol 2 connections +default['openssh']['server']['protocol'] = "2" +# allow tunnelling x-applications back to the client +default['openssh']['server']['x11_forwarding'] = "yes" + +# +# chef-client cookbook overrides +# + +# always wait at least 30 mins (1800 secs) between daemonized chef-client runs +default['chef_client']['interval'] = 1800 +# wait an additional random interval of up to 30 mins (1800 secs) between daemonized runs +default['chef_client']['splay'] = 1800 +# only log what we change +default['chef_client']['config']['verbose_logging'] = false + +# +# resolver cookbook overrides +# + +default['resolver']['nameservers'] = [ "8.8.8.8", "8.8.4.4" ] +default['resolver']['search'] = "chef.io" + +# +# sudo cookbook overrides +# + +default['authorization']['sudo']['passwordless'] = true +default['authorization']['sudo']['users'] = %w(vagrant) diff --git a/kitchen-tests/cookbooks/base/metadata.rb b/kitchen-tests/cookbooks/base/metadata.rb new file mode 100644 index 0000000000..001ba5ac43 --- /dev/null +++ b/kitchen-tests/cookbooks/base/metadata.rb @@ -0,0 +1,22 @@ +name "base" +maintainer "" +maintainer_email "" +license "" +description "Installs/Configures base" +long_description "Installs/Configures base" +version "0.1.0" + +depends 'apt' +depends 'build-essential' +depends 'chef-client' +depends 'epel' +depends 'fail2ban' +depends 'logrotate' +depends 'multipackage' +depends 'nscd' +depends 'ntp' +depends 'openssh' +depends 'resolver' +depends 'sudo' +depends 'ubuntu' +depends 'users' diff --git a/kitchen-tests/cookbooks/base/recipes/default.rb b/kitchen-tests/cookbooks/base/recipes/default.rb new file mode 100644 index 0000000000..17eb594aee --- /dev/null +++ b/kitchen-tests/cookbooks/base/recipes/default.rb @@ -0,0 +1,39 @@ +# +# Cookbook Name:: webapp +# Recipe:: default +# +# Copyright (C) 2014 +# + +if node[:platform_family] == "debian" + include_recipe "apt" + include_recipe "ubuntu" +end + +if %w{rhel fedora}.include?(node[:platform_family]) + include_recipe "epel" +end + +include_recipe "build-essential" + +include_recipe "#{cookbook_name}::packages" + +include_recipe "ntp" + +include_recipe "resolver" + +include_recipe "users::sysadmins" + +include_recipe "sudo" + +include_recipe "chef-client::delete_validation" +include_recipe "chef-client::config" +include_recipe "chef-client" + +include_recipe "openssh" + +include_recipe "fail2ban" + +include_recipe "nscd" + +include_recipe "logrotate" diff --git a/kitchen-tests/cookbooks/base/recipes/packages.rb b/kitchen-tests/cookbooks/base/recipes/packages.rb new file mode 100644 index 0000000000..f242951a4c --- /dev/null +++ b/kitchen-tests/cookbooks/base/recipes/packages.rb @@ -0,0 +1,9 @@ + + +pkgs = %w{lsof tcpdump strace zsh dmidecode ltrace bc curl wget telnet subversion git traceroute htop iptraf tmux s3cmd sysbench } + +# this deliberately calls the multipackage API N times in order to do one package installation in order to exercise the +# multipackage cookbook. +pkgs.each do |pkg| + multipackage pkgs +end diff --git a/kitchen-tests/data_bags/users/adam.json b/kitchen-tests/data_bags/users/adam.json new file mode 100644 index 0000000000..f96d7c213f --- /dev/null +++ b/kitchen-tests/data_bags/users/adam.json @@ -0,0 +1,9 @@ +{ + "id": "adam", + "uid": 666, // yes? i figure adam likes metal, shout out to iron maiden... + "gid": 666, + "shell": "/bin/zsh", + "groups": [ "sysadmin" ], + "comment": "Adam Jacob", + "password": "*" +} |