add centos and more func testing to travis

15 files changed, 293 insertions, 33 deletions

diff --git a/.travis.yml b/.travis.yml
index 45989a6bb2..ac81f30aa4 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -124,12 +124,64 @@ matrix:
       - cd kitchen-tests
     script:
       # FIXME: we should fix centos-6 against AWS and then enable it here
-      - if [ "$TRAVIS_SECURE_ENV_VARS" = "true" ]; then bundle exec kitchen test ubuntu; fi
+      - if [ "$TRAVIS_SECURE_ENV_VARS" = "true" ]; then bundle exec kitchen test ubuntu-1404 -l debug; fi
     after_failure:
       - cat .kitchen/logs/kitchen.log
     after_script:
-      - if [ "$TRAVIS_SECURE_ENV_VARS" = "true" ]; then bundle exec kitchen destroy ubuntu; fi
+      - if [ "$TRAVIS_SECURE_ENV_VARS" = "true" ]; then bundle exec kitchen destroy ubuntu-1404 -l debug; fi
     env:
+      - UBUNTU=1
+      - KITCHEN_YAML=.kitchen.travis.yml
+      - EC2_SSH_KEY_PATH=~/.ssh/id_aws.pem
+      - secure: VAauyVnAMWhqvnhJOJ/tCDn3XAdWqzbWiDVQPNBkqtm2SBIvhmZl2hlrusvw6YLU31Prdf8fSFhOSysVQQs/rJYrmD/1BfV79p6M7cGXYZ0nGWwldF81N296lyFoZLyrqtmG4G0cx3Pw2ojADFgFe+B5eTGlqJFD+z371g4RF/Y=
+      - secure: A+qtUF2LPJGkUAdvt04AwZMt69rzaeTyR0/1XEOAuntBKKXSCzddUzr5ePDc9QQ/57AWywKxhVLpnxk3QzKN7r7zerDxyIJBgklNDpNAKkeQjP3T6FpaKEIN9ROcpPtsM6FJ5Agb+bEQoRJF7s+ampO3wLV3XpTiWNuWkcAhv9A=
+      - secure: J8JIg15trrPgc8X/1DsaUWDQCdDWTvN/AorXzZ/ReudHS6G/KpoynZ5lTmKjlgFiFNE/TGMDv486pStGtIcarTKTuIEmNADdEWlAVH7bxclpayMjtppVuapRCkZWccs5gz5CJyhX7yhQCFTYoqVox9Y4qHGCluF3oqCcPRtCOOw=
+      - secure: NJYn0blTMwIoFxZlsoMWK8hPO/fi45rgWOqEImnjvSRk++5WL+GgjLBgLvEi7wCMkBijhIMWtnva60ojd4MrxeS7evrmGRjJKXnPuSKEsrGbArZPskBjCAcg+3PlnQQUkFf6hvbGD3HZlJtcbs4hrx8tbDT2Ie7bmQfqpsawKY4=
+      - secure: FipoX1VzZkzPUP6Gxd05DEva7cX6xKK2Wdq+Y18nNkyW2afPLXCNl5kCsNrgvbqAzbjKaP2M8+b0zwKjrFzNebqmmx1RRfZUJWUkNRF1EgE+tHytmMZW6tNcQlTlvA0KqXi4Dt6SIQ0l/DhwwNKZ80jmpiyYi/ErxIXzbVgVtYA=
+      - secure: T2MbE9twIkdaor796/lDioCgb2+FP3G8lXq+lIqnjaL22WMP8yKtkjNo8ggSlvQZE7MAQHqi5LISw5MU2MI6ImTU50/pgdWreM5Cx37WWYqntcbJ0Sz7v396KGJzeqbDql1fGolHDlykfi+OJzzbIGC8cjz7iAD2RUZU95wEC5s=
+      - secure: hWEQInvuanQavFCE3m6/q9BjNEFZQmLc94EWnBKTMiwUAdYgQQMLohN7K1Gc8irxYKp86F+P+XWE4lfDZNK3sqmxyk51TtT2EfmKWs+jSLq4+NBYQwXCpRELC5Irpm0GRCYthhsQSuarpVWss/0s0o7iJQaHxrSPcQiwDouIpwU=
+      - secure: OllJUaR/WUu+H0FIjU7vQxU10JT4d+/FZuTqnX6ZTcXN3dXCirnabYp/j+r5OBY3QeOojOyzGfHUWYEUGH/PTxcxYjrohtFTWht9N9x+SxfX2fLqieH/kRKyDmIidsY8qKChf/LD9f+SwpXRXND/PctKhNR4C5BH57fGUEqE9FU=
+      - secure: KgKnGtM4e+cVYfLn78eTWJ1q4ORv128abB72QBc/xiSh0rvxSIojVKZCXmRetQPXIl7NoIzU2IyjR1ABEZ+vA83PayTEsOr2KDRDgolSIgZSSiDFt4U2phQsxl4fX7wFv/jWlbxM2fysKBSIRAF57CwBjGhLjmpUO+5PdoR7N2s=
+      - secure: IgOx4STauKnJWENQGcn2iBp32XcNd2anNR0Fua0ugjudu1+CV+IxcIhI8ohOfZEXyVK4MGTF8uXWrYtoiwyExG4mTXqpRWJCgIkncqiWlfT+8BoAGWxCQhUYub3MaNZANPgebKPJhTPQ8OwNz09gPMNkewRfAqNF05eb8FU2kGA=
+      - secure: CPXP6g3c1FH4Zm4U19XaPvq9nnyNsQCXRkxiPcGqsJZsGG2QMgzPQyjiAuPqnWxxZHit/6NgzUszJC+skSgcTzDTeD6rOA0Wcxtbr/Un4RRxRnTcRc6mSEZqSu9RbAZMYur/mSQ9HDHnjFe1ok85He4s9jM1iFdgjtg1ToelEmA=
+      - secure: fp9pzNe09PIyZ/8NjbMPGW1zdG3Q/KhJ+stUKqA+FRopAMX/Hh24gFIVJhFOmfr4Vhn0J8sF7RsFaR1mdzcPewliOzKxknWhGEGMcG9LFCZcv+vVK0Fxs4nUzCRtaXUt08FpsRofG0iBvfapZ7YBhK7lslqGVI+fxCd3ZXmayG8=
+      - secure: NT/6qcecxmuKYOnw1Atc6hsyJlfB6XI2Z1lg7dE0PhlEVW2EpkckHjAc+5hgg8Zt7TifYm2qDQWJwblwPP0mMj3ra4ZIMaZAiG2kzQoZ5kthqwjAV9fatZvrDXi+jd9wBF2hPyiCokAQiTLmKTYjzY2FBqPO3VDLWdf9qZqRmxw=
+      - secure: MjIWyfquKANh/YeoyHGksdvAUQ4wc2tBCQmq1QcRhKwb7Sy6wcDk1nujDmnGE7HFpZUS6CyoZF7AMzJGFkCzrChpsLQYUP4hc7VjkXOLzi90vJUl+ANq7KPOmxC0MjKpgeHqCysRbTYbUsnJZfbbZbIZjCAjY0YCY2pGniXpvQc=
+      - secure: AsZLOiFrHkGsY6jp2ShI5kYz78V6PEUyizgtPCWTgevTRGWpdCq9csIEoqUBY+vMUxmQPC6IY4fwHkrRCbv/rJyhwRl/Rnwa3aw8bdD+YD17IxnpXKGXXUyXdTZmF7HzAkVgStehL+qWZ3x9TBdExIV37KVgrVw/b+S0QqBUlQo=
+      - secure: jwEnSquLreMM1M6N3gGpgTGHd8VtjBUTLDdkrokhiH1jHLpz7Hmr6xeajhZws+2sLtLiB7hYi6WsZBE5VcymBoObh9MeodO9Ve5/1z06lFmx1DyYV6euyo9WUkU2WpoVfu8k7O+eAvyrXXZVqm8Oz1p7Isb6Bh5+fJH2H8rhed4=
+      - secure: HOAK620U6mlS11XK+JtXTBk26Tt2vWO4shA/6Zit/y0/kAz7JnbXtup7FSysXliBoSv4YsxA6IbgZ8V0tuIXj+q7EcqtHMmQhqzMJG5jRKVhtGiFIhDmwmxJvdfIvwtZOO3mMk0OspLz24sWp8wCciYZMPj0hZJR04R9aWEO3cE=
+      - secure: DfTRP74UWWxA460XfLoJFgRLwoKbHWNIueL6qr982AnuAxeZFofsxCqxSxcSJmu67TxuPc+b201+BmanHKYmSauGS31t0F4QXk7lCTaT/x38mAPsWvMFkY8HEl56JhmzEp2hAKDB/t0/HItwmvxT1vd5WvNRSSojEVzChftV/zE=
+      - secure: JoCWsJzTgj+epgzmgbvV7/bdAPHwUGXZA7Jdvv9vIJ5lCo6h9WwCw6/KCvH+bHtrT/RfZmUmxouCxJCLKwts1ZrMmedTIXpMrQJo/YgWRp7ziFnLyZ8jG8bD7rep3ngq1x/cRGc3cZvYN6IK3GS6C27OviYLFsTw74AUnWTaFSo=
+      - secure: iXfl0WnAnfKurZUrMeV1yOoFiiZ+MKx/Zj6ZVP2++A9EOxxIxb/fS/gIOzSjBQwzrR+fJVHIlX0g42CiBKDQWUvIl5I8kZCVIP6AHa1jyzlmZE9lqSlojz3k5RPS7pW6nIX+z1NHMvtb3e5xeLv8y4J5kwZErqZ+YDJmBRtPxPU=
+      - secure: RhAW5kABDPB3GWKD+NCg05Kcd92F/+kg+0icXXN166DWQYUut3MLrSY80xNzkz5nXTI9EFU4fUqlKLDiF/kelr0Zp/zpCQAB54o4cu5FkZz0Bgs9k7yUdCRyz6Vt2ChV5cYI4JTn9bMaeXEaGlOjP1iE51rYT6KO6kKlwsEnjUc=
+      - secure: jy/3fC+UtrDcE/X6/IxkyT2SrYMKkiEMP1ht4d5mxvNA0Xxn43E16c6FNP0JWPpWRGRIP38vnQRB4yOPU9BXvRmmswVL9Ge4e/6flJvKwD5Rlqb2dfaGaHRYV9v8Nkdzl2FvZ9eBH5KHxgG19gCG6L3RXP/+zYwrr4AQdm0fpfw=
+      - secure: RYEwBWYVXRTEdUWhQxdWXo6tldlVx8pha9zB0rgafcUQxaatAefnRc4X4HXTQnqr2n9TZ2TQGpM8vte/wr6Pjc85VZbimWGzgrvn0kg4MwPR8ZYiEM5qQ/pUpj4+93rpA91PhCGvZoZTqOrXHm4kMPuKro5I6qA4BFUXuANeC/s=
+      - secure: gHSicpqkqcZT04QurSgszrAiI6HOCw1DBlfIIi9KAJj7mG5GijD/4AQ6HCmcRMbCDJ0nUuvm/kckASnRtF5+3xvIJnuoyyEfCZWxt1lhK2UbS87VU+pVdws/VzwpisXuKsh3H0uT8DDVkWPH/ZWDgfVa74eYDEHiQFjo+2xx5ZA=
+      - secure: Q42bco3JXEpyVbL2akiOsaCHnAagAFIb3TF6H5qJfaLLqmGs/XrrgxliNaVMfWVSwPT2wpQvg9UGF9x37No9bZBv33DgYcWExmXb/lvGPpkctX37+FTMzECQHxOuUbYPQA7ZEuJ4AA7bwgpMISUeSyz5XXz44KcXIrZK2GWH+X4=
+      - secure: hugd8NVukJc3redDvlOt6zhaqa63XLNMp/eIIlNllW8VfQ6CJ1P7KJPwgxH24sDyrw7rLzOkBl6R4kaVWsCLCFp+NE6yFFHl9wDkSdLC1OX1DMrJnDsogwUqqe+jX8dxePSy26MSTfG8eo9/NxN9uXr+tKaHoi6G7BRXDHtQ8dQ=
+      - secure: TRkW9pIuIYHXJmPlDYoddxIp2M2W2f7qBGNJKEMB5xrOezES7w9XTg2eQXrD8jBO+fUUmMnAaDAXZuU58nMysPXx3vhtZKncg8w5CyuXJk2P8nkdPh0u5nmRhEpWrLKtLwJrX48xmJhNQvQqDAyL5c9WUzlWJ4WJFgoP5IDWmLc=
+      - secure: QHuMdtFCvttiIOx6iS+lH4bKXZMwsgVQ6FPsUW5zJ7uw6mAEWKEil9xNk4aYV9FywinwUs4fnFlnIW/Gj1gLkUjm4DtxdmRZIlRXIbgsNch6H916TCPg4Q2oPsW2nVdXPjW/2jhkfLUiSnuhL+ylami1NF8Up7vokXknh/jFNZU=
+      - secure: GTfrUVmMQSxho3Ia4Y1ONqKvVMD34GHF2/TJb8UdQV7iH+nVxVXpy3nWaCXa9ri7lRzMefkoVLy0gKK13YoVd7w3d2S3/IfNakC85XfN6VuOzK/FDkA0WoPrgKjcQ64I+3dQ6cgrMWWTieKwRZy+Ve24iRbnN055Hk+VRMu6OGw=
+      - secure: SOMYGVfHLkHsH6koxpw68YQ4ydEo6YXPhHbrYGQbehUbFa6+OZzBcAJRJbKjyhD2AZRvNr2jB8XnjYKvVyDGQRpkWhGYZ7CpHqINpDsqKBsbiMe3/+KmKQqS+UKxNGefquoOvyQ1N8Xy77dkWYokRtGMEuR12RkZLonxiDW8Qyg=
+      - secure: bSsDg+dJnPFdFiC/tbb61HdLh/Q0z2RVVAReT1wvV1BN4fN4NydvkUGbQmyFNyyunLulEs+X0oFma9L0497nUlTnan8UOg9sIleTSybPX6E9xSKKCItH1GgDw8bM9Igez5OOrrePBD3altVrH+FmGx0dlTQgM/KZMN50BJ79cXw=
+  - rvm: 2.2
+    gemfile: kitchen-tests/Gemfile
+    before_install:
+      - gem update --system $(grep rubygems omnibus_overrides.rb | cut -d'"' -f2)
+      - gem install bundler -v $(grep bundler omnibus_overrides.rb | cut -d'"' -f2)
+      - echo -n $DO_KEY_CHUNK_{0..30} >> ~/.ssh/id_aws.base64
+      - cat ~/.ssh/id_aws.base64 | tr -d ' ' | base64 --decode > ~/.ssh/id_aws.pem
+    before_script:
+      - cd kitchen-tests
+    script:
+      # FIXME: we should fix centos-6 against AWS and then enable it here
+      - if [ "$TRAVIS_SECURE_ENV_VARS" = "true" ]; then bundle exec kitchen test centos-6; fi
+    after_failure:
+      - cat .kitchen/logs/kitchen.log
+    after_script:
+      - if [ "$TRAVIS_SECURE_ENV_VARS" = "true" ]; then bundle exec kitchen destroy centos-6; fi
+    env:
+      - CENTOS=1
       - KITCHEN_YAML=.kitchen.travis.yml
       - EC2_SSH_KEY_PATH=~/.ssh/id_aws.pem
       - secure: VAauyVnAMWhqvnhJOJ/tCDn3XAdWqzbWiDVQPNBkqtm2SBIvhmZl2hlrusvw6YLU31Prdf8fSFhOSysVQQs/rJYrmD/1BfV79p6M7cGXYZ0nGWwldF81N296lyFoZLyrqtmG4G0cx3Pw2ojADFgFe+B5eTGlqJFD+z371g4RF/Y=
diff --git a/kitchen-tests/.kitchen.travis.yml b/kitchen-tests/.kitchen.travis.yml
index 100891bdf5..2f935812dc 100644
--- a/kitchen-tests/.kitchen.travis.yml
+++ b/kitchen-tests/.kitchen.travis.yml
@@ -8,7 +8,7 @@ driver:
   instance_type: "m3.medium"
 
 provisioner:
-  name: chef_github
+  name: chef_zero
   chef_omnibus_url: "https://omnitruck.chef.io/current/install.sh"
   chef_omnibus_install_options: "-n"
   github_owner: "chef"
@@ -24,19 +24,18 @@ transport:
   ssh_key: <%= ENV['EC2_SSH_KEY_PATH'] %>
 
 platforms:
-  - name: ubuntu-12.04
+  - name: ubuntu-14.04
     driver:
       # http://cloud-images.ubuntu.com/locator/ec2/
-      # 12.04 amd64 us-west-2 hvm:ssd
-      image_id: ami-f3635fc3
-  - name: rhel-6
+      # 14.04 amd64 us-west-2 hvm:ebs-ssd
+      image_id: ami-63ac5803
+  - name: centos-6
     driver:
-      # https://github.com/chef/releng-chef-repo/blob/master/script/ci#L93-L96
-      image_id: ami-7df0bd4d
+      image_id: ami-05cf2265  
 
 suites:
   - name: webapp
     run_list:
-      - recipe[apt::default]
+      - recipe[base::default]
       - recipe[webapp::default]
     attributes:
diff --git a/kitchen-tests/.kitchen.yml b/kitchen-tests/.kitchen.yml
index c853f51b8d..095badd35a 100644
--- a/kitchen-tests/.kitchen.yml
+++ b/kitchen-tests/.kitchen.yml
@@ -7,6 +7,8 @@ driver:
 
 provisioner:
   name: chef_github
+  chef_omnibus_url: "https://omnitruck.chef.io/current/install.sh"
+  chef_omnibus_install_options: "-n"
   github_owner: "chef"
   github_repo: "chef"
   refname: <%= %x(git rev-parse HEAD) %>
@@ -15,24 +17,19 @@ provisioner:
     diff_disabled: true
 
 platforms:
-  # upstream community mysql cookbook broken on 10.04
-  #- name: ubuntu-10.04
-  #  run_list: apt::default
   - name: ubuntu-12.04
-    run_list: apt::default
   - name: ubuntu-14.04
-    run_list: apt::default
-  # upstream community mysql cookbook also broken on 14.10
-  #- name: ubuntu-14.10
-  #  run_list: apt::default
-  - name: centos-6.4
-    run_list: yum-epel::default
-  - name: centos-5.10
-    run_list: yum-epel::default
+  # needs updates for 16.04
+  #- name: ubuntu-16.04
+  # needs updates for 7.2
+  #- name: centos-7.2
+  - name: centos-6.7
+  # needs fixing for 5.11
+  #- name: centos-5.11
 
 suites:
   - name: webapp
     run_list:
-      - recipe[apt::default]
+      - recipe[base::default]
       - recipe[webapp::default]
     attributes:
diff --git a/kitchen-tests/Berksfile b/kitchen-tests/Berksfile
index decb85a8a1..23c72d5394 100644
--- a/kitchen-tests/Berksfile
+++ b/kitchen-tests/Berksfile
@@ -1,5 +1,6 @@
 source "https://supermarket.getchef.com"
 
 cookbook "webapp", :path => "cookbooks/webapp"
+cookbook "base", :path => "cookbooks/base"
 
 cookbook "php", "~> 1.5.0"
diff --git a/kitchen-tests/Berksfile.lock b/kitchen-tests/Berksfile.lock
index 2c3b22b985..b5fa7aba13 100644
--- a/kitchen-tests/Berksfile.lock
+++ b/kitchen-tests/Berksfile.lock
@@ -1,4 +1,6 @@
 DEPENDENCIES
+  base
+    path: cookbooks/base
   php (~> 1.5.0)
   webapp
     path: cookbooks/webapp
@@ -6,26 +8,60 @@ DEPENDENCIES
 GRAPH
   apache2 (3.2.2)
   apt (3.0.0)
-  aws (3.3.2)
+  aws (3.3.3)
     ohai (>= 2.1.0)
+  base (0.1.0)
+    apt (>= 0.0.0)
+    build-essential (>= 0.0.0)
+    chef-client (>= 0.0.0)
+    fail2ban (>= 0.0.0)
+    logrotate (>= 0.0.0)
+    multipackage (>= 0.0.0)
+    nscd (>= 0.0.0)
+    ntp (>= 0.0.0)
+    openssh (>= 0.0.0)
+    resolver (>= 0.0.0)
+    selinux (>= 0.0.0)
+    sudo (>= 0.0.0)
+    ubuntu (>= 0.0.0)
+    users (>= 0.0.0)
+    yum-epel (>= 0.0.0)
   build-essential (3.2.0)
     seven_zip (>= 0.0.0)
+  chef-client (4.5.0)
+    cron (>= 1.7.0)
+    logrotate (>= 1.9.0)
+    windows (>= 1.39.0)
   chef-sugar (3.3.0)
   chef_handler (1.3.0)
+  compat_resource (12.9.1)
+  cron (1.7.6)
   database (2.3.1)
     aws (>= 0.0.0)
     mysql (~> 5.0)
     mysql-chef_gem (~> 0.0)
     postgresql (>= 1.0.0)
     xfs (>= 0.0.0)
+  fail2ban (2.3.0)
+    yum-epel (>= 0.0.0)
   iis (4.1.7)
     windows (>= 1.34.6)
+  iptables (2.2.0)
+  logrotate (1.9.2)
+  multipackage (3.0.28)
+    compat_resource (>= 0.0.0)
   mysql (5.6.3)
     yum-mysql-community (>= 0.0.0)
   mysql-chef_gem (0.0.5)
     build-essential (>= 0.0.0)
     mysql (>= 0.0.0)
+  nscd (2.0.0)
+    compat_resource (>= 0.0.0)
+  ntp (1.11.0)
+    windows (>= 1.38.0)
   ohai (3.0.1)
+  openssh (2.0.0)
+    iptables (>= 1.0)
   openssl (4.4.0)
     chef-sugar (>= 3.1.1)
   php (1.5.0)
@@ -39,13 +75,19 @@ GRAPH
     apt (>= 1.9.0)
     build-essential (>= 0.0.0)
     openssl (~> 4.0)
+  resolver (1.3.0)
+  selinux (0.9.0)
   seven_zip (2.0.0)
     windows (>= 1.2.2)
+  sudo (2.9.0)
+  ubuntu (1.2.0)
+    apt (>= 0.0.0)
+  users (2.0.3)
   webapp (0.1.0)
-    apache2 (>= 0.0.0)
+    apache2 (~> 3.2.2)
     database (~> 2.3.1)
-    mysql (>= 0.0.0)
-    php (>= 0.0.0)
+    mysql (~> 5.6.3)
+    php (~> 1.5.0)
   windows (1.40.0)
     chef_handler (>= 0.0.0)
   xfs (2.0.1)
diff --git a/kitchen-tests/Gemfile b/kitchen-tests/Gemfile
index acc62156ae..6c11948730 100644
--- a/kitchen-tests/Gemfile
+++ b/kitchen-tests/Gemfile
@@ -2,7 +2,7 @@ source "https://rubygems.org"
 
 group :end_to_end do
   gem "berkshelf"
-  gem "test-kitchen", "~> 1.4"
+  gem "test-kitchen"
   gem "kitchen-appbundle-updater"
   gem "kitchen-vagrant", "~> 0.17"
   gem "kitchen-ec2", github: "test-kitchen/kitchen-ec2"
diff --git a/kitchen-tests/Gemfile.lock b/kitchen-tests/Gemfile.lock
index 3067871ab3..ca09e00496 100644
--- a/kitchen-tests/Gemfile.lock
+++ b/kitchen-tests/Gemfile.lock
@@ -166,8 +166,8 @@ DEPENDENCIES
   kitchen-appbundle-updater
   kitchen-ec2!
   kitchen-vagrant (~> 0.17)
-  test-kitchen (~> 1.4)
+  test-kitchen
   vagrant-wrapper
 
 BUNDLED WITH
-   1.11.2
+   1.12.1
diff --git a/kitchen-tests/cookbooks/base/Berksfile b/kitchen-tests/cookbooks/base/Berksfile
new file mode 100644
index 0000000000..4b6079016e
--- /dev/null
+++ b/kitchen-tests/cookbooks/base/Berksfile
@@ -0,0 +1,5 @@
+source "https://api.berkshelf.com"
+
+metadata
+
+cookbook "apt"
diff --git a/kitchen-tests/cookbooks/base/README.md b/kitchen-tests/cookbooks/base/README.md
new file mode 100644
index 0000000000..f19ab46735
--- /dev/null
+++ b/kitchen-tests/cookbooks/base/README.md
@@ -0,0 +1,3 @@
+# webapp
+
+TODO: Enter the cookbook description here.
diff --git a/kitchen-tests/cookbooks/base/attributes/default.rb b/kitchen-tests/cookbooks/base/attributes/default.rb
new file mode 100644
index 0000000000..d4e5d1ee5a
--- /dev/null
+++ b/kitchen-tests/cookbooks/base/attributes/default.rb
@@ -0,0 +1,80 @@
+#
+# ubuntu cookbook overrides
+#
+
+default["ubuntu"]["archive_url"] = "mirror://mirrors.ubuntu.com/mirrors.txt"
+default["ubuntu"]["security_url"] = "mirror://mirrors.ubuntu.com/mirrors.txt"
+default["ubuntu"]["include_source_packages"] = true
+default["ubuntu"]["components"] = "main restricted universe multiverse"
+
+#
+# openssh cookbook overrides
+#
+
+# turn off old protocols client-side
+default["openssh"]["client"]["rsa_authentication"] = "no"
+default["openssh"]["client"]["host_based_authentication"] = "no"
+# allow typical ssh v2 rsa/dsa/ecdsa key auth client-side
+default["openssh"]["client"]["pubkey_authentication"] = "yes"
+# allow password auth client-side (we can ssh 'to' hosts that require passwords)
+default["openssh"]["client"]["password_authentication"] = "yes"
+# turn off kerberos client-side
+default["openssh"]["client"]["gssapi_authentication"] = "no"
+default["openssh"]["client"]["check_host_ip"] = "no"
+# everone turns strict host key checking off anyway
+default["openssh"]["client"]["strict_host_key_checking"] = "no"
+# force protocol 2
+default["openssh"]["client"]["protocol"] = "2"
+
+# it is mostly important that the aes*-ctr ciphers appear first in this list, the cbc ciphers are for compatibility
+default["openssh"]["server"]["ciphers"] = "aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc,cast128-cbc"
+# DNS causes long timeouts when connecting clients have busted DNS
+default["openssh"]["server"]["use_dns"] = "no"
+default["openssh"]["server"]["syslog_facility"] = "AUTH"
+# only allow access via ssh pubkeys, all other mechanisms including passwords are turned off for all users
+default["openssh"]["server"]["pubkey_authentication"] = "yes"
+default["openssh"]["server"]["rhosts_rsa_authentication"] = "no"
+default["openssh"]["server"]["rsa_authentication"] = "no"
+default["openssh"]["server"]["password_authentication"] = "no"
+default["openssh"]["server"]["host_based_authentication"] = "no"
+default["openssh"]["server"]["gssapi_authentication"] = "no"
+default["openssh"]["server"]["permit_root_login"] = "without-password"
+default["openssh"]["server"]["ignore_rhosts"] = "yes"
+default["openssh"]["server"]["permit_empty_passwords"] = "no"
+default["openssh"]["server"]["challenge_response_authentication"] = "no"
+default["openssh"]["server"]["kerberos_authentication"] = "no"
+# tcp keepalives are useful to keep connections up through VPNs and firewalls
+default["openssh"]["server"]["tcp_keepalive"] = "yes"
+default["openssh"]["server"]["use_privilege_separation"] = "yes"
+default["openssh"]["server"]["max_start_ups"] = "10"
+# PAM (i think) already prints the motd on login
+default["openssh"]["server"]["print_motd"] = "no"
+# force only protocol 2 connections
+default["openssh"]["server"]["protocol"] = "2"
+# allow tunnelling x-applications back to the client
+default["openssh"]["server"]["x11_forwarding"] = "yes"
+
+#
+# chef-client cookbook overrides
+#
+
+# always wait at least 30 mins (1800 secs) between daemonized chef-client runs
+default["chef_client"]["interval"] = 1800
+# wait an additional random interval of up to 30 mins (1800 secs) between daemonized runs
+default["chef_client"]["splay"] = 1800
+# only log what we change
+default["chef_client"]["config"]["verbose_logging"] = false
+
+#
+# resolver cookbook overrides
+#
+
+default["resolver"]["nameservers"] = [ "8.8.8.8", "8.8.4.4" ]
+default["resolver"]["search"] = "chef.io"
+
+#
+# sudo cookbook overrides
+#
+
+default["authorization"]["sudo"]["passwordless"] = true
+default["authorization"]["sudo"]["users"] = %w{vagrant centos ubuntu}
diff --git a/kitchen-tests/cookbooks/base/metadata.rb b/kitchen-tests/cookbooks/base/metadata.rb
new file mode 100644
index 0000000000..9e5e792f89
--- /dev/null
+++ b/kitchen-tests/cookbooks/base/metadata.rb
@@ -0,0 +1,23 @@
+name             "base"
+maintainer       ""
+maintainer_email ""
+license          ""
+description      "Installs/Configures base"
+long_description "Installs/Configures base"
+version          "0.1.0"
+
+depends          "apt"
+depends          "build-essential"
+depends          "chef-client"
+depends          "fail2ban"
+depends          "logrotate"
+depends          "multipackage"
+depends          "nscd"
+depends          "ntp"
+depends          "openssh"
+depends          "resolver"
+depends          "selinux"
+depends          "sudo"
+depends          "ubuntu"
+depends          "users"
+depends          "yum-epel"
diff --git a/kitchen-tests/cookbooks/base/recipes/default.rb b/kitchen-tests/cookbooks/base/recipes/default.rb
new file mode 100644
index 0000000000..4ddd7a7b04
--- /dev/null
+++ b/kitchen-tests/cookbooks/base/recipes/default.rb
@@ -0,0 +1,40 @@
+#
+# Cookbook Name:: webapp
+# Recipe:: default
+#
+# Copyright (C) 2014
+#
+
+if node[:platform_family] == "debian"
+  include_recipe "apt"
+  include_recipe "ubuntu"
+end
+
+if %w{rhel fedora}.include?(node[:platform_family])
+  include_recipe "selinux::disabled"
+  include_recipe "yum-epel"
+end
+
+include_recipe "build-essential"
+
+include_recipe "#{cookbook_name}::packages"
+
+include_recipe "ntp"
+
+include_recipe "resolver"
+
+include_recipe "users::sysadmins"
+
+include_recipe "sudo"
+
+include_recipe "chef-client::delete_validation"
+include_recipe "chef-client::config"
+include_recipe "chef-client"
+
+include_recipe "openssh"
+
+include_recipe "fail2ban"
+
+include_recipe "nscd"
+
+include_recipe "logrotate"
diff --git a/kitchen-tests/cookbooks/base/recipes/packages.rb b/kitchen-tests/cookbooks/base/recipes/packages.rb
new file mode 100644
index 0000000000..f242951a4c
--- /dev/null
+++ b/kitchen-tests/cookbooks/base/recipes/packages.rb
@@ -0,0 +1,9 @@
+
+
+pkgs = %w{lsof tcpdump strace zsh dmidecode ltrace bc curl wget telnet subversion git traceroute htop iptraf tmux s3cmd sysbench }
+
+# this deliberately calls the multipackage API N times in order to do one package installation in order to exercise the
+# multipackage cookbook.
+pkgs.each do |pkg|
+  multipackage pkgs
+end
diff --git a/kitchen-tests/cookbooks/webapp/metadata.rb b/kitchen-tests/cookbooks/webapp/metadata.rb
index f1f07d952b..5124aa4f6f 100644
--- a/kitchen-tests/cookbooks/webapp/metadata.rb
+++ b/kitchen-tests/cookbooks/webapp/metadata.rb
@@ -6,7 +6,7 @@ description      "Installs/Configures webapp"
 long_description "Installs/Configures webapp"
 version          "0.1.0"
 
-depends "apache2"
+depends "apache2", "~> 3.2.2"
 depends "database", "~> 2.3.1"
-depends "mysql"
-depends "php"
+depends "mysql", "~> 5.6.3"
+depends "php", "~> 1.5.0"
diff --git a/kitchen-tests/data_bags/users/adam.json b/kitchen-tests/data_bags/users/adam.json
new file mode 100644
index 0000000000..f96d7c213f
--- /dev/null
+++ b/kitchen-tests/data_bags/users/adam.json
@@ -0,0 +1,9 @@
+{
+    "id": "adam",
+    "uid": 666,  // yes?  i figure adam likes metal, shout out to iron maiden...
+    "gid": 666,
+    "shell": "/bin/zsh",
+    "groups": [ "sysadmin" ],
+    "comment":  "Adam Jacob",
+    "password": "*"
+}