add centos and more func testing to travis

14 files changed, 239 insertions, 31 deletions

diff --git a/kitchen-tests/.kitchen.travis.yml b/kitchen-tests/.kitchen.travis.yml
index 100891bdf5..2f935812dc 100644
--- a/kitchen-tests/.kitchen.travis.yml
+++ b/kitchen-tests/.kitchen.travis.yml
@@ -8,7 +8,7 @@ driver:
   instance_type: "m3.medium"
 
 provisioner:
-  name: chef_github
+  name: chef_zero
   chef_omnibus_url: "https://omnitruck.chef.io/current/install.sh"
   chef_omnibus_install_options: "-n"
   github_owner: "chef"
@@ -24,19 +24,18 @@ transport:
   ssh_key: <%= ENV['EC2_SSH_KEY_PATH'] %>
 
 platforms:
-  - name: ubuntu-12.04
+  - name: ubuntu-14.04
     driver:
       # http://cloud-images.ubuntu.com/locator/ec2/
-      # 12.04 amd64 us-west-2 hvm:ssd
-      image_id: ami-f3635fc3
-  - name: rhel-6
+      # 14.04 amd64 us-west-2 hvm:ebs-ssd
+      image_id: ami-63ac5803
+  - name: centos-6
     driver:
-      # https://github.com/chef/releng-chef-repo/blob/master/script/ci#L93-L96
-      image_id: ami-7df0bd4d
+      image_id: ami-05cf2265  
 
 suites:
   - name: webapp
     run_list:
-      - recipe[apt::default]
+      - recipe[base::default]
       - recipe[webapp::default]
     attributes:
diff --git a/kitchen-tests/.kitchen.yml b/kitchen-tests/.kitchen.yml
index c853f51b8d..095badd35a 100644
--- a/kitchen-tests/.kitchen.yml
+++ b/kitchen-tests/.kitchen.yml
@@ -7,6 +7,8 @@ driver:
 
 provisioner:
   name: chef_github
+  chef_omnibus_url: "https://omnitruck.chef.io/current/install.sh"
+  chef_omnibus_install_options: "-n"
   github_owner: "chef"
   github_repo: "chef"
   refname: <%= %x(git rev-parse HEAD) %>
@@ -15,24 +17,19 @@ provisioner:
     diff_disabled: true
 
 platforms:
-  # upstream community mysql cookbook broken on 10.04
-  #- name: ubuntu-10.04
-  #  run_list: apt::default
   - name: ubuntu-12.04
-    run_list: apt::default
   - name: ubuntu-14.04
-    run_list: apt::default
-  # upstream community mysql cookbook also broken on 14.10
-  #- name: ubuntu-14.10
-  #  run_list: apt::default
-  - name: centos-6.4
-    run_list: yum-epel::default
-  - name: centos-5.10
-    run_list: yum-epel::default
+  # needs updates for 16.04
+  #- name: ubuntu-16.04
+  # needs updates for 7.2
+  #- name: centos-7.2
+  - name: centos-6.7
+  # needs fixing for 5.11
+  #- name: centos-5.11
 
 suites:
   - name: webapp
     run_list:
-      - recipe[apt::default]
+      - recipe[base::default]
       - recipe[webapp::default]
     attributes:
diff --git a/kitchen-tests/Berksfile b/kitchen-tests/Berksfile
index decb85a8a1..23c72d5394 100644
--- a/kitchen-tests/Berksfile
+++ b/kitchen-tests/Berksfile
@@ -1,5 +1,6 @@
 source "https://supermarket.getchef.com"
 
 cookbook "webapp", :path => "cookbooks/webapp"
+cookbook "base", :path => "cookbooks/base"
 
 cookbook "php", "~> 1.5.0"
diff --git a/kitchen-tests/Berksfile.lock b/kitchen-tests/Berksfile.lock
index 2c3b22b985..b5fa7aba13 100644
--- a/kitchen-tests/Berksfile.lock
+++ b/kitchen-tests/Berksfile.lock
@@ -1,4 +1,6 @@
 DEPENDENCIES
+  base
+    path: cookbooks/base
   php (~> 1.5.0)
   webapp
     path: cookbooks/webapp
@@ -6,26 +8,60 @@ DEPENDENCIES
 GRAPH
   apache2 (3.2.2)
   apt (3.0.0)
-  aws (3.3.2)
+  aws (3.3.3)
     ohai (>= 2.1.0)
+  base (0.1.0)
+    apt (>= 0.0.0)
+    build-essential (>= 0.0.0)
+    chef-client (>= 0.0.0)
+    fail2ban (>= 0.0.0)
+    logrotate (>= 0.0.0)
+    multipackage (>= 0.0.0)
+    nscd (>= 0.0.0)
+    ntp (>= 0.0.0)
+    openssh (>= 0.0.0)
+    resolver (>= 0.0.0)
+    selinux (>= 0.0.0)
+    sudo (>= 0.0.0)
+    ubuntu (>= 0.0.0)
+    users (>= 0.0.0)
+    yum-epel (>= 0.0.0)
   build-essential (3.2.0)
     seven_zip (>= 0.0.0)
+  chef-client (4.5.0)
+    cron (>= 1.7.0)
+    logrotate (>= 1.9.0)
+    windows (>= 1.39.0)
   chef-sugar (3.3.0)
   chef_handler (1.3.0)
+  compat_resource (12.9.1)
+  cron (1.7.6)
   database (2.3.1)
     aws (>= 0.0.0)
     mysql (~> 5.0)
     mysql-chef_gem (~> 0.0)
     postgresql (>= 1.0.0)
     xfs (>= 0.0.0)
+  fail2ban (2.3.0)
+    yum-epel (>= 0.0.0)
   iis (4.1.7)
     windows (>= 1.34.6)
+  iptables (2.2.0)
+  logrotate (1.9.2)
+  multipackage (3.0.28)
+    compat_resource (>= 0.0.0)
   mysql (5.6.3)
     yum-mysql-community (>= 0.0.0)
   mysql-chef_gem (0.0.5)
     build-essential (>= 0.0.0)
     mysql (>= 0.0.0)
+  nscd (2.0.0)
+    compat_resource (>= 0.0.0)
+  ntp (1.11.0)
+    windows (>= 1.38.0)
   ohai (3.0.1)
+  openssh (2.0.0)
+    iptables (>= 1.0)
   openssl (4.4.0)
     chef-sugar (>= 3.1.1)
   php (1.5.0)
@@ -39,13 +75,19 @@ GRAPH
     apt (>= 1.9.0)
     build-essential (>= 0.0.0)
     openssl (~> 4.0)
+  resolver (1.3.0)
+  selinux (0.9.0)
   seven_zip (2.0.0)
     windows (>= 1.2.2)
+  sudo (2.9.0)
+  ubuntu (1.2.0)
+    apt (>= 0.0.0)
+  users (2.0.3)
   webapp (0.1.0)
-    apache2 (>= 0.0.0)
+    apache2 (~> 3.2.2)
     database (~> 2.3.1)
-    mysql (>= 0.0.0)
-    php (>= 0.0.0)
+    mysql (~> 5.6.3)
+    php (~> 1.5.0)
   windows (1.40.0)
     chef_handler (>= 0.0.0)
   xfs (2.0.1)
diff --git a/kitchen-tests/Gemfile b/kitchen-tests/Gemfile
index acc62156ae..6c11948730 100644
--- a/kitchen-tests/Gemfile
+++ b/kitchen-tests/Gemfile
@@ -2,7 +2,7 @@ source "https://rubygems.org"
 
 group :end_to_end do
   gem "berkshelf"
-  gem "test-kitchen", "~> 1.4"
+  gem "test-kitchen"
   gem "kitchen-appbundle-updater"
   gem "kitchen-vagrant", "~> 0.17"
   gem "kitchen-ec2", github: "test-kitchen/kitchen-ec2"
diff --git a/kitchen-tests/Gemfile.lock b/kitchen-tests/Gemfile.lock
index 3067871ab3..ca09e00496 100644
--- a/kitchen-tests/Gemfile.lock
+++ b/kitchen-tests/Gemfile.lock
@@ -166,8 +166,8 @@ DEPENDENCIES
   kitchen-appbundle-updater
   kitchen-ec2!
   kitchen-vagrant (~> 0.17)
-  test-kitchen (~> 1.4)
+  test-kitchen
   vagrant-wrapper
 
 BUNDLED WITH
-   1.11.2
+   1.12.1
diff --git a/kitchen-tests/cookbooks/base/Berksfile b/kitchen-tests/cookbooks/base/Berksfile
new file mode 100644
index 0000000000..4b6079016e
--- /dev/null
+++ b/kitchen-tests/cookbooks/base/Berksfile
@@ -0,0 +1,5 @@
+source "https://api.berkshelf.com"
+
+metadata
+
+cookbook "apt"
diff --git a/kitchen-tests/cookbooks/base/README.md b/kitchen-tests/cookbooks/base/README.md
new file mode 100644
index 0000000000..f19ab46735
--- /dev/null
+++ b/kitchen-tests/cookbooks/base/README.md
@@ -0,0 +1,3 @@
+# webapp
+
+TODO: Enter the cookbook description here.
diff --git a/kitchen-tests/cookbooks/base/attributes/default.rb b/kitchen-tests/cookbooks/base/attributes/default.rb
new file mode 100644
index 0000000000..d4e5d1ee5a
--- /dev/null
+++ b/kitchen-tests/cookbooks/base/attributes/default.rb
@@ -0,0 +1,80 @@
+#
+# ubuntu cookbook overrides
+#
+
+default["ubuntu"]["archive_url"] = "mirror://mirrors.ubuntu.com/mirrors.txt"
+default["ubuntu"]["security_url"] = "mirror://mirrors.ubuntu.com/mirrors.txt"
+default["ubuntu"]["include_source_packages"] = true
+default["ubuntu"]["components"] = "main restricted universe multiverse"
+
+#
+# openssh cookbook overrides
+#
+
+# turn off old protocols client-side
+default["openssh"]["client"]["rsa_authentication"] = "no"
+default["openssh"]["client"]["host_based_authentication"] = "no"
+# allow typical ssh v2 rsa/dsa/ecdsa key auth client-side
+default["openssh"]["client"]["pubkey_authentication"] = "yes"
+# allow password auth client-side (we can ssh 'to' hosts that require passwords)
+default["openssh"]["client"]["password_authentication"] = "yes"
+# turn off kerberos client-side
+default["openssh"]["client"]["gssapi_authentication"] = "no"
+default["openssh"]["client"]["check_host_ip"] = "no"
+# everone turns strict host key checking off anyway
+default["openssh"]["client"]["strict_host_key_checking"] = "no"
+# force protocol 2
+default["openssh"]["client"]["protocol"] = "2"
+
+# it is mostly important that the aes*-ctr ciphers appear first in this list, the cbc ciphers are for compatibility
+default["openssh"]["server"]["ciphers"] = "aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc,cast128-cbc"
+# DNS causes long timeouts when connecting clients have busted DNS
+default["openssh"]["server"]["use_dns"] = "no"
+default["openssh"]["server"]["syslog_facility"] = "AUTH"
+# only allow access via ssh pubkeys, all other mechanisms including passwords are turned off for all users
+default["openssh"]["server"]["pubkey_authentication"] = "yes"
+default["openssh"]["server"]["rhosts_rsa_authentication"] = "no"
+default["openssh"]["server"]["rsa_authentication"] = "no"
+default["openssh"]["server"]["password_authentication"] = "no"
+default["openssh"]["server"]["host_based_authentication"] = "no"
+default["openssh"]["server"]["gssapi_authentication"] = "no"
+default["openssh"]["server"]["permit_root_login"] = "without-password"
+default["openssh"]["server"]["ignore_rhosts"] = "yes"
+default["openssh"]["server"]["permit_empty_passwords"] = "no"
+default["openssh"]["server"]["challenge_response_authentication"] = "no"
+default["openssh"]["server"]["kerberos_authentication"] = "no"
+# tcp keepalives are useful to keep connections up through VPNs and firewalls
+default["openssh"]["server"]["tcp_keepalive"] = "yes"
+default["openssh"]["server"]["use_privilege_separation"] = "yes"
+default["openssh"]["server"]["max_start_ups"] = "10"
+# PAM (i think) already prints the motd on login
+default["openssh"]["server"]["print_motd"] = "no"
+# force only protocol 2 connections
+default["openssh"]["server"]["protocol"] = "2"
+# allow tunnelling x-applications back to the client
+default["openssh"]["server"]["x11_forwarding"] = "yes"
+
+#
+# chef-client cookbook overrides
+#
+
+# always wait at least 30 mins (1800 secs) between daemonized chef-client runs
+default["chef_client"]["interval"] = 1800
+# wait an additional random interval of up to 30 mins (1800 secs) between daemonized runs
+default["chef_client"]["splay"] = 1800
+# only log what we change
+default["chef_client"]["config"]["verbose_logging"] = false
+
+#
+# resolver cookbook overrides
+#
+
+default["resolver"]["nameservers"] = [ "8.8.8.8", "8.8.4.4" ]
+default["resolver"]["search"] = "chef.io"
+
+#
+# sudo cookbook overrides
+#
+
+default["authorization"]["sudo"]["passwordless"] = true
+default["authorization"]["sudo"]["users"] = %w{vagrant centos ubuntu}
diff --git a/kitchen-tests/cookbooks/base/metadata.rb b/kitchen-tests/cookbooks/base/metadata.rb
new file mode 100644
index 0000000000..9e5e792f89
--- /dev/null
+++ b/kitchen-tests/cookbooks/base/metadata.rb
@@ -0,0 +1,23 @@
+name             "base"
+maintainer       ""
+maintainer_email ""
+license          ""
+description      "Installs/Configures base"
+long_description "Installs/Configures base"
+version          "0.1.0"
+
+depends          "apt"
+depends          "build-essential"
+depends          "chef-client"
+depends          "fail2ban"
+depends          "logrotate"
+depends          "multipackage"
+depends          "nscd"
+depends          "ntp"
+depends          "openssh"
+depends          "resolver"
+depends          "selinux"
+depends          "sudo"
+depends          "ubuntu"
+depends          "users"
+depends          "yum-epel"
diff --git a/kitchen-tests/cookbooks/base/recipes/default.rb b/kitchen-tests/cookbooks/base/recipes/default.rb
new file mode 100644
index 0000000000..4ddd7a7b04
--- /dev/null
+++ b/kitchen-tests/cookbooks/base/recipes/default.rb
@@ -0,0 +1,40 @@
+#
+# Cookbook Name:: webapp
+# Recipe:: default
+#
+# Copyright (C) 2014
+#
+
+if node[:platform_family] == "debian"
+  include_recipe "apt"
+  include_recipe "ubuntu"
+end
+
+if %w{rhel fedora}.include?(node[:platform_family])
+  include_recipe "selinux::disabled"
+  include_recipe "yum-epel"
+end
+
+include_recipe "build-essential"
+
+include_recipe "#{cookbook_name}::packages"
+
+include_recipe "ntp"
+
+include_recipe "resolver"
+
+include_recipe "users::sysadmins"
+
+include_recipe "sudo"
+
+include_recipe "chef-client::delete_validation"
+include_recipe "chef-client::config"
+include_recipe "chef-client"
+
+include_recipe "openssh"
+
+include_recipe "fail2ban"
+
+include_recipe "nscd"
+
+include_recipe "logrotate"
diff --git a/kitchen-tests/cookbooks/base/recipes/packages.rb b/kitchen-tests/cookbooks/base/recipes/packages.rb
new file mode 100644
index 0000000000..f242951a4c
--- /dev/null
+++ b/kitchen-tests/cookbooks/base/recipes/packages.rb
@@ -0,0 +1,9 @@
+
+
+pkgs = %w{lsof tcpdump strace zsh dmidecode ltrace bc curl wget telnet subversion git traceroute htop iptraf tmux s3cmd sysbench }
+
+# this deliberately calls the multipackage API N times in order to do one package installation in order to exercise the
+# multipackage cookbook.
+pkgs.each do |pkg|
+  multipackage pkgs
+end
diff --git a/kitchen-tests/cookbooks/webapp/metadata.rb b/kitchen-tests/cookbooks/webapp/metadata.rb
index f1f07d952b..5124aa4f6f 100644
--- a/kitchen-tests/cookbooks/webapp/metadata.rb
+++ b/kitchen-tests/cookbooks/webapp/metadata.rb
@@ -6,7 +6,7 @@ description      "Installs/Configures webapp"
 long_description "Installs/Configures webapp"
 version          "0.1.0"
 
-depends "apache2"
+depends "apache2", "~> 3.2.2"
 depends "database", "~> 2.3.1"
-depends "mysql"
-depends "php"
+depends "mysql", "~> 5.6.3"
+depends "php", "~> 1.5.0"
diff --git a/kitchen-tests/data_bags/users/adam.json b/kitchen-tests/data_bags/users/adam.json
new file mode 100644
index 0000000000..f96d7c213f
--- /dev/null
+++ b/kitchen-tests/data_bags/users/adam.json
@@ -0,0 +1,9 @@
+{
+    "id": "adam",
+    "uid": 666,  // yes?  i figure adam likes metal, shout out to iron maiden...
+    "gid": 666,
+    "shell": "/bin/zsh",
+    "groups": [ "sysadmin" ],
+    "comment":  "Adam Jacob",
+    "password": "*"
+}