adding more func tests to travis

11 files changed, 233 insertions, 31 deletions

diff --git a/kitchen-tests/.kitchen.travis.yml b/kitchen-tests/.kitchen.travis.yml
index 100891bdf5..07a70fa47b 100644
--- a/kitchen-tests/.kitchen.travis.yml
+++ b/kitchen-tests/.kitchen.travis.yml
@@ -8,13 +8,13 @@ driver:
   instance_type: "m3.medium"
 
 provisioner:
-  name: chef_github
-  chef_omnibus_url: "https://omnitruck.chef.io/current/install.sh"
-  chef_omnibus_install_options: "-n"
-  github_owner: "chef"
-  github_repo: "chef"
-  refname: <%= ENV['TRAVIS_COMMIT'] %>
-  github_access_token: <%= ENV['KITCHEN_GITHUB_TOKEN'] %>
+  name: chef_zero
+#  chef_omnibus_url: "https://omnitruck.chef.io/current/install.sh"
+#  chef_omnibus_install_options: "-n"
+#  github_owner: "chef"
+#  github_repo: "chef"
+#  refname: <%= ENV['TRAVIS_COMMIT'] %>
+#  github_access_token: <%= ENV['KITCHEN_GITHUB_TOKEN'] %>
   data_path: test/fixtures
 # disable file provider diffs so we don't overflow travis' line limit
   client_rb:
@@ -24,19 +24,18 @@ transport:
   ssh_key: <%= ENV['EC2_SSH_KEY_PATH'] %>
 
 platforms:
-  - name: ubuntu-12.04
+  - name: ubuntu-14.04
     driver:
       # http://cloud-images.ubuntu.com/locator/ec2/
-      # 12.04 amd64 us-west-2 hvm:ssd
-      image_id: ami-f3635fc3
-  - name: rhel-6
+      # 14.04 amd64 us-west-2 hvm:ebs-ssd
+      image_id: ami-63ac5803
+  - name: centos-6
     driver:
-      # https://github.com/chef/releng-chef-repo/blob/master/script/ci#L93-L96
-      image_id: ami-7df0bd4d
+      image_id: ami-05cf2265  
 
 suites:
   - name: webapp
     run_list:
-      - recipe[apt::default]
+      - recipe[base::default]
       - recipe[webapp::default]
     attributes:
diff --git a/kitchen-tests/.kitchen.yml b/kitchen-tests/.kitchen.yml
index c853f51b8d..2609036ab5 100644
--- a/kitchen-tests/.kitchen.yml
+++ b/kitchen-tests/.kitchen.yml
@@ -6,33 +6,29 @@ driver:
     memory: 2048
 
 provisioner:
-  name: chef_github
-  github_owner: "chef"
-  github_repo: "chef"
-  refname: <%= %x(git rev-parse HEAD) %>
+  name: chef_zero
+#  name: chef_github
+#  github_owner: "chef"
+#  github_repo: "chef"
+#  refname: "master"
   data_path: test/fixtures
   client_rb:
     diff_disabled: true
 
 platforms:
-  # upstream community mysql cookbook broken on 10.04
-  #- name: ubuntu-10.04
-  #  run_list: apt::default
   - name: ubuntu-12.04
-    run_list: apt::default
   - name: ubuntu-14.04
-    run_list: apt::default
-  # upstream community mysql cookbook also broken on 14.10
-  #- name: ubuntu-14.10
-  #  run_list: apt::default
-  - name: centos-6.4
-    run_list: yum-epel::default
-  - name: centos-5.10
-    run_list: yum-epel::default
+  # needs updates for 16.04
+  #- name: ubuntu-16.04
+  # needs updates for 7.2
+  #- name: centos-7.2
+  - name: centos-6.7
+  # needs fixing for 5.11
+  #- name: centos-5.11
 
 suites:
   - name: webapp
     run_list:
-      - recipe[apt::default]
+      - recipe[base::default]
       - recipe[webapp::default]
     attributes:
diff --git a/kitchen-tests/Berksfile b/kitchen-tests/Berksfile
index decb85a8a1..23c72d5394 100644
--- a/kitchen-tests/Berksfile
+++ b/kitchen-tests/Berksfile
@@ -1,5 +1,6 @@
 source "https://supermarket.getchef.com"
 
 cookbook "webapp", :path => "cookbooks/webapp"
+cookbook "base", :path => "cookbooks/base"
 
 cookbook "php", "~> 1.5.0"
diff --git a/kitchen-tests/Berksfile.lock b/kitchen-tests/Berksfile.lock
index 2c3b22b985..1ef99f8750 100644
--- a/kitchen-tests/Berksfile.lock
+++ b/kitchen-tests/Berksfile.lock
@@ -1,4 +1,6 @@
 DEPENDENCIES
+  base
+    path: cookbooks/base
   php (~> 1.5.0)
   webapp
     path: cookbooks/webapp
@@ -8,24 +10,56 @@ GRAPH
   apt (3.0.0)
   aws (3.3.2)
     ohai (>= 2.1.0)
+  base (0.1.0)
+    apt (>= 0.0.0)
+    build-essential (>= 0.0.0)
+    chef-client (>= 0.0.0)
+    fail2ban (>= 0.0.0)
+    logrotate (>= 0.0.0)
+    multipackage (>= 0.0.0)
+    nscd (>= 0.0.0)
+    ntp (>= 0.0.0)
+    openssh (>= 0.0.0)
+    resolver (>= 0.0.0)
+    sudo (>= 0.0.0)
+    ubuntu (>= 0.0.0)
+    users (>= 0.0.0)
   build-essential (3.2.0)
     seven_zip (>= 0.0.0)
+  chef-client (4.5.0)
+    cron (>= 1.7.0)
+    logrotate (>= 1.9.0)
+    windows (>= 1.39.0)
   chef-sugar (3.3.0)
   chef_handler (1.3.0)
+  compat_resource (12.9.1)
+  cron (1.7.6)
   database (2.3.1)
     aws (>= 0.0.0)
     mysql (~> 5.0)
     mysql-chef_gem (~> 0.0)
     postgresql (>= 1.0.0)
     xfs (>= 0.0.0)
+  fail2ban (2.3.0)
+    yum-epel (>= 0.0.0)
   iis (4.1.7)
     windows (>= 1.34.6)
+  iptables (2.2.0)
+  logrotate (1.9.2)
+  multipackage (3.0.28)
+    compat_resource (>= 0.0.0)
   mysql (5.6.3)
     yum-mysql-community (>= 0.0.0)
   mysql-chef_gem (0.0.5)
     build-essential (>= 0.0.0)
     mysql (>= 0.0.0)
+  nscd (2.0.0)
+    compat_resource (>= 0.0.0)
+  ntp (1.11.0)
+    windows (>= 1.38.0)
   ohai (3.0.1)
+  openssh (2.0.0)
+    iptables (>= 1.0)
   openssl (4.4.0)
     chef-sugar (>= 3.1.1)
   php (1.5.0)
@@ -39,8 +73,13 @@ GRAPH
     apt (>= 1.9.0)
     build-essential (>= 0.0.0)
     openssl (~> 4.0)
+  resolver (1.3.0)
   seven_zip (2.0.0)
     windows (>= 1.2.2)
+  sudo (2.9.0)
+  ubuntu (1.2.0)
+    apt (>= 0.0.0)
+  users (2.0.3)
   webapp (0.1.0)
     apache2 (>= 0.0.0)
     database (~> 2.3.1)
diff --git a/kitchen-tests/cookbooks/base/Berksfile b/kitchen-tests/cookbooks/base/Berksfile
new file mode 100644
index 0000000000..4b6079016e
--- /dev/null
+++ b/kitchen-tests/cookbooks/base/Berksfile
@@ -0,0 +1,5 @@
+source "https://api.berkshelf.com"
+
+metadata
+
+cookbook "apt"
diff --git a/kitchen-tests/cookbooks/base/README.md b/kitchen-tests/cookbooks/base/README.md
new file mode 100644
index 0000000000..f19ab46735
--- /dev/null
+++ b/kitchen-tests/cookbooks/base/README.md
@@ -0,0 +1,3 @@
+# webapp
+
+TODO: Enter the cookbook description here.
diff --git a/kitchen-tests/cookbooks/base/attributes/default.rb b/kitchen-tests/cookbooks/base/attributes/default.rb
new file mode 100644
index 0000000000..04f146b9d3
--- /dev/null
+++ b/kitchen-tests/cookbooks/base/attributes/default.rb
@@ -0,0 +1,80 @@
+#
+# ubuntu cookbook overrides
+#
+
+default['ubuntu']['archive_url'] = 'mirror://mirrors.ubuntu.com/mirrors.txt'
+default['ubuntu']['security_url'] = 'mirror://mirrors.ubuntu.com/mirrors.txt'
+default['ubuntu']['include_source_packages'] = true
+default['ubuntu']['components'] = 'main restricted universe multiverse'
+
+#
+# openssh cookbook overrides
+#
+
+# turn off old protocols client-side
+default['openssh']['client']['rsa_authentication'] = "no"
+default['openssh']['client']['host_based_authentication'] = "no"
+# allow typical ssh v2 rsa/dsa/ecdsa key auth client-side
+default['openssh']['client']['pubkey_authentication'] = "yes"
+# allow password auth client-side (we can ssh 'to' hosts that require passwords)
+default['openssh']['client']['password_authentication'] = "yes"
+# turn off kerberos client-side
+default['openssh']['client']['gssapi_authentication'] = "no"
+default['openssh']['client']['check_host_ip'] = "no"
+# everone turns strict host key checking off anyway
+default['openssh']['client']['strict_host_key_checking'] = "no"
+# force protocol 2
+default['openssh']['client']['protocol'] = "2"
+
+# it is mostly important that the aes*-ctr ciphers appear first in this list, the cbc ciphers are for compatibility
+default['openssh']['server']['ciphers'] = "aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc,cast128-cbc"
+# DNS causes long timeouts when connecting clients have busted DNS
+default['openssh']['server']['use_dns'] = "no"
+default['openssh']['server']['syslog_facility'] = "AUTH"
+# only allow access via ssh pubkeys, all other mechanisms including passwords are turned off for all users
+default['openssh']['server']['pubkey_authentication'] = "yes"
+default['openssh']['server']['rhosts_rsa_authentication'] = "no"
+default['openssh']['server']['rsa_authentication'] = "no"
+default['openssh']['server']['password_authentication'] = "no"
+default['openssh']['server']['host_based_authentication'] = "no"
+default['openssh']['server']['gssapi_authentication'] = "no"
+default['openssh']['server']['permit_root_login'] = "without-password"
+default['openssh']['server']['ignore_rhosts'] = "yes"
+default['openssh']['server']['permit_empty_passwords'] = "no"
+default['openssh']['server']['challenge_response_authentication'] = "no"
+default['openssh']['server']['kerberos_authentication'] = "no"
+# tcp keepalives are useful to keep connections up through VPNs and firewalls
+default['openssh']['server']['tcp_keepalive'] = "yes"
+default['openssh']['server']['use_privilege_separation'] = "yes"
+default['openssh']['server']['max_start_ups'] = "10"
+# PAM (i think) already prints the motd on login
+default['openssh']['server']['print_motd'] = "no"
+# force only protocol 2 connections
+default['openssh']['server']['protocol'] = "2"
+# allow tunnelling x-applications back to the client
+default['openssh']['server']['x11_forwarding'] = "yes"
+
+#
+# chef-client cookbook overrides
+#
+
+# always wait at least 30 mins (1800 secs) between daemonized chef-client runs
+default['chef_client']['interval'] = 1800
+# wait an additional random interval of up to 30 mins (1800 secs) between daemonized runs
+default['chef_client']['splay'] = 1800
+# only log what we change
+default['chef_client']['config']['verbose_logging'] = false
+
+#
+# resolver cookbook overrides
+#
+
+default['resolver']['nameservers'] = [ "8.8.8.8", "8.8.4.4" ]
+default['resolver']['search'] = "chef.io"
+
+#
+# sudo cookbook overrides
+#
+
+default['authorization']['sudo']['passwordless'] = true
+default['authorization']['sudo']['users'] = %w(vagrant)
diff --git a/kitchen-tests/cookbooks/base/metadata.rb b/kitchen-tests/cookbooks/base/metadata.rb
new file mode 100644
index 0000000000..001ba5ac43
--- /dev/null
+++ b/kitchen-tests/cookbooks/base/metadata.rb
@@ -0,0 +1,22 @@
+name             "base"
+maintainer       ""
+maintainer_email ""
+license          ""
+description      "Installs/Configures base"
+long_description "Installs/Configures base"
+version          "0.1.0"
+
+depends          'apt'
+depends          'build-essential'
+depends          'chef-client'
+depends          'epel'
+depends          'fail2ban'
+depends          'logrotate'
+depends          'multipackage'
+depends          'nscd'
+depends          'ntp'
+depends          'openssh'
+depends          'resolver'
+depends          'sudo'
+depends          'ubuntu'
+depends          'users'
diff --git a/kitchen-tests/cookbooks/base/recipes/default.rb b/kitchen-tests/cookbooks/base/recipes/default.rb
new file mode 100644
index 0000000000..17eb594aee
--- /dev/null
+++ b/kitchen-tests/cookbooks/base/recipes/default.rb
@@ -0,0 +1,39 @@
+#
+# Cookbook Name:: webapp
+# Recipe:: default
+#
+# Copyright (C) 2014
+#
+
+if node[:platform_family] == "debian"
+  include_recipe "apt"
+  include_recipe "ubuntu"
+end
+
+if %w{rhel fedora}.include?(node[:platform_family])
+  include_recipe "epel"
+end
+
+include_recipe "build-essential"
+
+include_recipe "#{cookbook_name}::packages"
+
+include_recipe "ntp"
+
+include_recipe "resolver"
+
+include_recipe "users::sysadmins"
+
+include_recipe "sudo"
+
+include_recipe "chef-client::delete_validation"
+include_recipe "chef-client::config"
+include_recipe "chef-client"
+
+include_recipe "openssh"
+
+include_recipe "fail2ban"
+
+include_recipe "nscd"
+
+include_recipe "logrotate"
diff --git a/kitchen-tests/cookbooks/base/recipes/packages.rb b/kitchen-tests/cookbooks/base/recipes/packages.rb
new file mode 100644
index 0000000000..f242951a4c
--- /dev/null
+++ b/kitchen-tests/cookbooks/base/recipes/packages.rb
@@ -0,0 +1,9 @@
+
+
+pkgs = %w{lsof tcpdump strace zsh dmidecode ltrace bc curl wget telnet subversion git traceroute htop iptraf tmux s3cmd sysbench }
+
+# this deliberately calls the multipackage API N times in order to do one package installation in order to exercise the
+# multipackage cookbook.
+pkgs.each do |pkg|
+  multipackage pkgs
+end
diff --git a/kitchen-tests/data_bags/users/adam.json b/kitchen-tests/data_bags/users/adam.json
new file mode 100644
index 0000000000..f96d7c213f
--- /dev/null
+++ b/kitchen-tests/data_bags/users/adam.json
@@ -0,0 +1,9 @@
+{
+    "id": "adam",
+    "uid": 666,  // yes?  i figure adam likes metal, shout out to iron maiden...
+    "gid": 666,
+    "shell": "/bin/zsh",
+    "groups": [ "sysadmin" ],
+    "comment":  "Adam Jacob",
+    "password": "*"
+}