From fbbcbd699ed1bf44ad36bb6acc782797479f6466 Mon Sep 17 00:00:00 2001 From: Lamont Granquist Date: Wed, 11 May 2016 18:22:16 -0700 Subject: add centos and more func testing to travis --- .travis.yml | 56 ++++++++++++++- kitchen-tests/.kitchen.travis.yml | 15 ++-- kitchen-tests/.kitchen.yml | 23 +++---- kitchen-tests/Berksfile | 1 + kitchen-tests/Berksfile.lock | 50 ++++++++++++-- kitchen-tests/Gemfile | 2 +- kitchen-tests/Gemfile.lock | 4 +- kitchen-tests/cookbooks/base/Berksfile | 5 ++ kitchen-tests/cookbooks/base/README.md | 3 + kitchen-tests/cookbooks/base/attributes/default.rb | 80 ++++++++++++++++++++++ kitchen-tests/cookbooks/base/metadata.rb | 23 +++++++ kitchen-tests/cookbooks/base/recipes/default.rb | 40 +++++++++++ kitchen-tests/cookbooks/base/recipes/packages.rb | 9 +++ kitchen-tests/cookbooks/webapp/metadata.rb | 6 +- kitchen-tests/data_bags/users/adam.json | 9 +++ 15 files changed, 293 insertions(+), 33 deletions(-) create mode 100644 kitchen-tests/cookbooks/base/Berksfile create mode 100644 kitchen-tests/cookbooks/base/README.md create mode 100644 kitchen-tests/cookbooks/base/attributes/default.rb create mode 100644 kitchen-tests/cookbooks/base/metadata.rb create mode 100644 kitchen-tests/cookbooks/base/recipes/default.rb create mode 100644 kitchen-tests/cookbooks/base/recipes/packages.rb create mode 100644 kitchen-tests/data_bags/users/adam.json diff --git a/.travis.yml b/.travis.yml index 45989a6bb2..ac81f30aa4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -124,12 +124,64 @@ matrix: - cd kitchen-tests script: # FIXME: we should fix centos-6 against AWS and then enable it here - - if [ "$TRAVIS_SECURE_ENV_VARS" = "true" ]; then bundle exec kitchen test ubuntu; fi + - if [ "$TRAVIS_SECURE_ENV_VARS" = "true" ]; then bundle exec kitchen test ubuntu-1404 -l debug; fi after_failure: - cat .kitchen/logs/kitchen.log after_script: - - if [ "$TRAVIS_SECURE_ENV_VARS" = "true" ]; then bundle exec kitchen destroy ubuntu; fi + - if [ "$TRAVIS_SECURE_ENV_VARS" = "true" ]; then bundle exec kitchen destroy ubuntu-1404 -l debug; fi env: + - UBUNTU=1 + - KITCHEN_YAML=.kitchen.travis.yml + - EC2_SSH_KEY_PATH=~/.ssh/id_aws.pem + - secure: VAauyVnAMWhqvnhJOJ/tCDn3XAdWqzbWiDVQPNBkqtm2SBIvhmZl2hlrusvw6YLU31Prdf8fSFhOSysVQQs/rJYrmD/1BfV79p6M7cGXYZ0nGWwldF81N296lyFoZLyrqtmG4G0cx3Pw2ojADFgFe+B5eTGlqJFD+z371g4RF/Y= + - secure: A+qtUF2LPJGkUAdvt04AwZMt69rzaeTyR0/1XEOAuntBKKXSCzddUzr5ePDc9QQ/57AWywKxhVLpnxk3QzKN7r7zerDxyIJBgklNDpNAKkeQjP3T6FpaKEIN9ROcpPtsM6FJ5Agb+bEQoRJF7s+ampO3wLV3XpTiWNuWkcAhv9A= + - secure: J8JIg15trrPgc8X/1DsaUWDQCdDWTvN/AorXzZ/ReudHS6G/KpoynZ5lTmKjlgFiFNE/TGMDv486pStGtIcarTKTuIEmNADdEWlAVH7bxclpayMjtppVuapRCkZWccs5gz5CJyhX7yhQCFTYoqVox9Y4qHGCluF3oqCcPRtCOOw= + - secure: NJYn0blTMwIoFxZlsoMWK8hPO/fi45rgWOqEImnjvSRk++5WL+GgjLBgLvEi7wCMkBijhIMWtnva60ojd4MrxeS7evrmGRjJKXnPuSKEsrGbArZPskBjCAcg+3PlnQQUkFf6hvbGD3HZlJtcbs4hrx8tbDT2Ie7bmQfqpsawKY4= + - secure: FipoX1VzZkzPUP6Gxd05DEva7cX6xKK2Wdq+Y18nNkyW2afPLXCNl5kCsNrgvbqAzbjKaP2M8+b0zwKjrFzNebqmmx1RRfZUJWUkNRF1EgE+tHytmMZW6tNcQlTlvA0KqXi4Dt6SIQ0l/DhwwNKZ80jmpiyYi/ErxIXzbVgVtYA= + - secure: T2MbE9twIkdaor796/lDioCgb2+FP3G8lXq+lIqnjaL22WMP8yKtkjNo8ggSlvQZE7MAQHqi5LISw5MU2MI6ImTU50/pgdWreM5Cx37WWYqntcbJ0Sz7v396KGJzeqbDql1fGolHDlykfi+OJzzbIGC8cjz7iAD2RUZU95wEC5s= + - secure: hWEQInvuanQavFCE3m6/q9BjNEFZQmLc94EWnBKTMiwUAdYgQQMLohN7K1Gc8irxYKp86F+P+XWE4lfDZNK3sqmxyk51TtT2EfmKWs+jSLq4+NBYQwXCpRELC5Irpm0GRCYthhsQSuarpVWss/0s0o7iJQaHxrSPcQiwDouIpwU= + - secure: OllJUaR/WUu+H0FIjU7vQxU10JT4d+/FZuTqnX6ZTcXN3dXCirnabYp/j+r5OBY3QeOojOyzGfHUWYEUGH/PTxcxYjrohtFTWht9N9x+SxfX2fLqieH/kRKyDmIidsY8qKChf/LD9f+SwpXRXND/PctKhNR4C5BH57fGUEqE9FU= + - secure: KgKnGtM4e+cVYfLn78eTWJ1q4ORv128abB72QBc/xiSh0rvxSIojVKZCXmRetQPXIl7NoIzU2IyjR1ABEZ+vA83PayTEsOr2KDRDgolSIgZSSiDFt4U2phQsxl4fX7wFv/jWlbxM2fysKBSIRAF57CwBjGhLjmpUO+5PdoR7N2s= + - secure: IgOx4STauKnJWENQGcn2iBp32XcNd2anNR0Fua0ugjudu1+CV+IxcIhI8ohOfZEXyVK4MGTF8uXWrYtoiwyExG4mTXqpRWJCgIkncqiWlfT+8BoAGWxCQhUYub3MaNZANPgebKPJhTPQ8OwNz09gPMNkewRfAqNF05eb8FU2kGA= + - secure: CPXP6g3c1FH4Zm4U19XaPvq9nnyNsQCXRkxiPcGqsJZsGG2QMgzPQyjiAuPqnWxxZHit/6NgzUszJC+skSgcTzDTeD6rOA0Wcxtbr/Un4RRxRnTcRc6mSEZqSu9RbAZMYur/mSQ9HDHnjFe1ok85He4s9jM1iFdgjtg1ToelEmA= + - secure: fp9pzNe09PIyZ/8NjbMPGW1zdG3Q/KhJ+stUKqA+FRopAMX/Hh24gFIVJhFOmfr4Vhn0J8sF7RsFaR1mdzcPewliOzKxknWhGEGMcG9LFCZcv+vVK0Fxs4nUzCRtaXUt08FpsRofG0iBvfapZ7YBhK7lslqGVI+fxCd3ZXmayG8= + - secure: NT/6qcecxmuKYOnw1Atc6hsyJlfB6XI2Z1lg7dE0PhlEVW2EpkckHjAc+5hgg8Zt7TifYm2qDQWJwblwPP0mMj3ra4ZIMaZAiG2kzQoZ5kthqwjAV9fatZvrDXi+jd9wBF2hPyiCokAQiTLmKTYjzY2FBqPO3VDLWdf9qZqRmxw= + - secure: MjIWyfquKANh/YeoyHGksdvAUQ4wc2tBCQmq1QcRhKwb7Sy6wcDk1nujDmnGE7HFpZUS6CyoZF7AMzJGFkCzrChpsLQYUP4hc7VjkXOLzi90vJUl+ANq7KPOmxC0MjKpgeHqCysRbTYbUsnJZfbbZbIZjCAjY0YCY2pGniXpvQc= + - secure: AsZLOiFrHkGsY6jp2ShI5kYz78V6PEUyizgtPCWTgevTRGWpdCq9csIEoqUBY+vMUxmQPC6IY4fwHkrRCbv/rJyhwRl/Rnwa3aw8bdD+YD17IxnpXKGXXUyXdTZmF7HzAkVgStehL+qWZ3x9TBdExIV37KVgrVw/b+S0QqBUlQo= + - secure: jwEnSquLreMM1M6N3gGpgTGHd8VtjBUTLDdkrokhiH1jHLpz7Hmr6xeajhZws+2sLtLiB7hYi6WsZBE5VcymBoObh9MeodO9Ve5/1z06lFmx1DyYV6euyo9WUkU2WpoVfu8k7O+eAvyrXXZVqm8Oz1p7Isb6Bh5+fJH2H8rhed4= + - secure: HOAK620U6mlS11XK+JtXTBk26Tt2vWO4shA/6Zit/y0/kAz7JnbXtup7FSysXliBoSv4YsxA6IbgZ8V0tuIXj+q7EcqtHMmQhqzMJG5jRKVhtGiFIhDmwmxJvdfIvwtZOO3mMk0OspLz24sWp8wCciYZMPj0hZJR04R9aWEO3cE= + - secure: DfTRP74UWWxA460XfLoJFgRLwoKbHWNIueL6qr982AnuAxeZFofsxCqxSxcSJmu67TxuPc+b201+BmanHKYmSauGS31t0F4QXk7lCTaT/x38mAPsWvMFkY8HEl56JhmzEp2hAKDB/t0/HItwmvxT1vd5WvNRSSojEVzChftV/zE= + - secure: JoCWsJzTgj+epgzmgbvV7/bdAPHwUGXZA7Jdvv9vIJ5lCo6h9WwCw6/KCvH+bHtrT/RfZmUmxouCxJCLKwts1ZrMmedTIXpMrQJo/YgWRp7ziFnLyZ8jG8bD7rep3ngq1x/cRGc3cZvYN6IK3GS6C27OviYLFsTw74AUnWTaFSo= + - secure: iXfl0WnAnfKurZUrMeV1yOoFiiZ+MKx/Zj6ZVP2++A9EOxxIxb/fS/gIOzSjBQwzrR+fJVHIlX0g42CiBKDQWUvIl5I8kZCVIP6AHa1jyzlmZE9lqSlojz3k5RPS7pW6nIX+z1NHMvtb3e5xeLv8y4J5kwZErqZ+YDJmBRtPxPU= + - secure: RhAW5kABDPB3GWKD+NCg05Kcd92F/+kg+0icXXN166DWQYUut3MLrSY80xNzkz5nXTI9EFU4fUqlKLDiF/kelr0Zp/zpCQAB54o4cu5FkZz0Bgs9k7yUdCRyz6Vt2ChV5cYI4JTn9bMaeXEaGlOjP1iE51rYT6KO6kKlwsEnjUc= + - secure: jy/3fC+UtrDcE/X6/IxkyT2SrYMKkiEMP1ht4d5mxvNA0Xxn43E16c6FNP0JWPpWRGRIP38vnQRB4yOPU9BXvRmmswVL9Ge4e/6flJvKwD5Rlqb2dfaGaHRYV9v8Nkdzl2FvZ9eBH5KHxgG19gCG6L3RXP/+zYwrr4AQdm0fpfw= + - secure: RYEwBWYVXRTEdUWhQxdWXo6tldlVx8pha9zB0rgafcUQxaatAefnRc4X4HXTQnqr2n9TZ2TQGpM8vte/wr6Pjc85VZbimWGzgrvn0kg4MwPR8ZYiEM5qQ/pUpj4+93rpA91PhCGvZoZTqOrXHm4kMPuKro5I6qA4BFUXuANeC/s= + - secure: gHSicpqkqcZT04QurSgszrAiI6HOCw1DBlfIIi9KAJj7mG5GijD/4AQ6HCmcRMbCDJ0nUuvm/kckASnRtF5+3xvIJnuoyyEfCZWxt1lhK2UbS87VU+pVdws/VzwpisXuKsh3H0uT8DDVkWPH/ZWDgfVa74eYDEHiQFjo+2xx5ZA= + - secure: Q42bco3JXEpyVbL2akiOsaCHnAagAFIb3TF6H5qJfaLLqmGs/XrrgxliNaVMfWVSwPT2wpQvg9UGF9x37No9bZBv33DgYcWExmXb/lvGPpkctX37+FTMzECQHxOuUbYPQA7ZEuJ4AA7bwgpMISUeSyz5XXz44KcXIrZK2GWH+X4= + - secure: hugd8NVukJc3redDvlOt6zhaqa63XLNMp/eIIlNllW8VfQ6CJ1P7KJPwgxH24sDyrw7rLzOkBl6R4kaVWsCLCFp+NE6yFFHl9wDkSdLC1OX1DMrJnDsogwUqqe+jX8dxePSy26MSTfG8eo9/NxN9uXr+tKaHoi6G7BRXDHtQ8dQ= + - secure: TRkW9pIuIYHXJmPlDYoddxIp2M2W2f7qBGNJKEMB5xrOezES7w9XTg2eQXrD8jBO+fUUmMnAaDAXZuU58nMysPXx3vhtZKncg8w5CyuXJk2P8nkdPh0u5nmRhEpWrLKtLwJrX48xmJhNQvQqDAyL5c9WUzlWJ4WJFgoP5IDWmLc= + - secure: QHuMdtFCvttiIOx6iS+lH4bKXZMwsgVQ6FPsUW5zJ7uw6mAEWKEil9xNk4aYV9FywinwUs4fnFlnIW/Gj1gLkUjm4DtxdmRZIlRXIbgsNch6H916TCPg4Q2oPsW2nVdXPjW/2jhkfLUiSnuhL+ylami1NF8Up7vokXknh/jFNZU= + - secure: GTfrUVmMQSxho3Ia4Y1ONqKvVMD34GHF2/TJb8UdQV7iH+nVxVXpy3nWaCXa9ri7lRzMefkoVLy0gKK13YoVd7w3d2S3/IfNakC85XfN6VuOzK/FDkA0WoPrgKjcQ64I+3dQ6cgrMWWTieKwRZy+Ve24iRbnN055Hk+VRMu6OGw= + - secure: SOMYGVfHLkHsH6koxpw68YQ4ydEo6YXPhHbrYGQbehUbFa6+OZzBcAJRJbKjyhD2AZRvNr2jB8XnjYKvVyDGQRpkWhGYZ7CpHqINpDsqKBsbiMe3/+KmKQqS+UKxNGefquoOvyQ1N8Xy77dkWYokRtGMEuR12RkZLonxiDW8Qyg= + - secure: bSsDg+dJnPFdFiC/tbb61HdLh/Q0z2RVVAReT1wvV1BN4fN4NydvkUGbQmyFNyyunLulEs+X0oFma9L0497nUlTnan8UOg9sIleTSybPX6E9xSKKCItH1GgDw8bM9Igez5OOrrePBD3altVrH+FmGx0dlTQgM/KZMN50BJ79cXw= + - rvm: 2.2 + gemfile: kitchen-tests/Gemfile + before_install: + - gem update --system $(grep rubygems omnibus_overrides.rb | cut -d'"' -f2) + - gem install bundler -v $(grep bundler omnibus_overrides.rb | cut -d'"' -f2) + - echo -n $DO_KEY_CHUNK_{0..30} >> ~/.ssh/id_aws.base64 + - cat ~/.ssh/id_aws.base64 | tr -d ' ' | base64 --decode > ~/.ssh/id_aws.pem + before_script: + - cd kitchen-tests + script: + # FIXME: we should fix centos-6 against AWS and then enable it here + - if [ "$TRAVIS_SECURE_ENV_VARS" = "true" ]; then bundle exec kitchen test centos-6; fi + after_failure: + - cat .kitchen/logs/kitchen.log + after_script: + - if [ "$TRAVIS_SECURE_ENV_VARS" = "true" ]; then bundle exec kitchen destroy centos-6; fi + env: + - CENTOS=1 - KITCHEN_YAML=.kitchen.travis.yml - EC2_SSH_KEY_PATH=~/.ssh/id_aws.pem - secure: VAauyVnAMWhqvnhJOJ/tCDn3XAdWqzbWiDVQPNBkqtm2SBIvhmZl2hlrusvw6YLU31Prdf8fSFhOSysVQQs/rJYrmD/1BfV79p6M7cGXYZ0nGWwldF81N296lyFoZLyrqtmG4G0cx3Pw2ojADFgFe+B5eTGlqJFD+z371g4RF/Y= diff --git a/kitchen-tests/.kitchen.travis.yml b/kitchen-tests/.kitchen.travis.yml index 100891bdf5..2f935812dc 100644 --- a/kitchen-tests/.kitchen.travis.yml +++ b/kitchen-tests/.kitchen.travis.yml @@ -8,7 +8,7 @@ driver: instance_type: "m3.medium" provisioner: - name: chef_github + name: chef_zero chef_omnibus_url: "https://omnitruck.chef.io/current/install.sh" chef_omnibus_install_options: "-n" github_owner: "chef" @@ -24,19 +24,18 @@ transport: ssh_key: <%= ENV['EC2_SSH_KEY_PATH'] %> platforms: - - name: ubuntu-12.04 + - name: ubuntu-14.04 driver: # http://cloud-images.ubuntu.com/locator/ec2/ - # 12.04 amd64 us-west-2 hvm:ssd - image_id: ami-f3635fc3 - - name: rhel-6 + # 14.04 amd64 us-west-2 hvm:ebs-ssd + image_id: ami-63ac5803 + - name: centos-6 driver: - # https://github.com/chef/releng-chef-repo/blob/master/script/ci#L93-L96 - image_id: ami-7df0bd4d + image_id: ami-05cf2265 suites: - name: webapp run_list: - - recipe[apt::default] + - recipe[base::default] - recipe[webapp::default] attributes: diff --git a/kitchen-tests/.kitchen.yml b/kitchen-tests/.kitchen.yml index c853f51b8d..095badd35a 100644 --- a/kitchen-tests/.kitchen.yml +++ b/kitchen-tests/.kitchen.yml @@ -7,6 +7,8 @@ driver: provisioner: name: chef_github + chef_omnibus_url: "https://omnitruck.chef.io/current/install.sh" + chef_omnibus_install_options: "-n" github_owner: "chef" github_repo: "chef" refname: <%= %x(git rev-parse HEAD) %> @@ -15,24 +17,19 @@ provisioner: diff_disabled: true platforms: - # upstream community mysql cookbook broken on 10.04 - #- name: ubuntu-10.04 - # run_list: apt::default - name: ubuntu-12.04 - run_list: apt::default - name: ubuntu-14.04 - run_list: apt::default - # upstream community mysql cookbook also broken on 14.10 - #- name: ubuntu-14.10 - # run_list: apt::default - - name: centos-6.4 - run_list: yum-epel::default - - name: centos-5.10 - run_list: yum-epel::default + # needs updates for 16.04 + #- name: ubuntu-16.04 + # needs updates for 7.2 + #- name: centos-7.2 + - name: centos-6.7 + # needs fixing for 5.11 + #- name: centos-5.11 suites: - name: webapp run_list: - - recipe[apt::default] + - recipe[base::default] - recipe[webapp::default] attributes: diff --git a/kitchen-tests/Berksfile b/kitchen-tests/Berksfile index decb85a8a1..23c72d5394 100644 --- a/kitchen-tests/Berksfile +++ b/kitchen-tests/Berksfile @@ -1,5 +1,6 @@ source "https://supermarket.getchef.com" cookbook "webapp", :path => "cookbooks/webapp" +cookbook "base", :path => "cookbooks/base" cookbook "php", "~> 1.5.0" diff --git a/kitchen-tests/Berksfile.lock b/kitchen-tests/Berksfile.lock index 2c3b22b985..b5fa7aba13 100644 --- a/kitchen-tests/Berksfile.lock +++ b/kitchen-tests/Berksfile.lock @@ -1,4 +1,6 @@ DEPENDENCIES + base + path: cookbooks/base php (~> 1.5.0) webapp path: cookbooks/webapp @@ -6,26 +8,60 @@ DEPENDENCIES GRAPH apache2 (3.2.2) apt (3.0.0) - aws (3.3.2) + aws (3.3.3) ohai (>= 2.1.0) + base (0.1.0) + apt (>= 0.0.0) + build-essential (>= 0.0.0) + chef-client (>= 0.0.0) + fail2ban (>= 0.0.0) + logrotate (>= 0.0.0) + multipackage (>= 0.0.0) + nscd (>= 0.0.0) + ntp (>= 0.0.0) + openssh (>= 0.0.0) + resolver (>= 0.0.0) + selinux (>= 0.0.0) + sudo (>= 0.0.0) + ubuntu (>= 0.0.0) + users (>= 0.0.0) + yum-epel (>= 0.0.0) build-essential (3.2.0) seven_zip (>= 0.0.0) + chef-client (4.5.0) + cron (>= 1.7.0) + logrotate (>= 1.9.0) + windows (>= 1.39.0) chef-sugar (3.3.0) chef_handler (1.3.0) + compat_resource (12.9.1) + cron (1.7.6) database (2.3.1) aws (>= 0.0.0) mysql (~> 5.0) mysql-chef_gem (~> 0.0) postgresql (>= 1.0.0) xfs (>= 0.0.0) + fail2ban (2.3.0) + yum-epel (>= 0.0.0) iis (4.1.7) windows (>= 1.34.6) + iptables (2.2.0) + logrotate (1.9.2) + multipackage (3.0.28) + compat_resource (>= 0.0.0) mysql (5.6.3) yum-mysql-community (>= 0.0.0) mysql-chef_gem (0.0.5) build-essential (>= 0.0.0) mysql (>= 0.0.0) + nscd (2.0.0) + compat_resource (>= 0.0.0) + ntp (1.11.0) + windows (>= 1.38.0) ohai (3.0.1) + openssh (2.0.0) + iptables (>= 1.0) openssl (4.4.0) chef-sugar (>= 3.1.1) php (1.5.0) @@ -39,13 +75,19 @@ GRAPH apt (>= 1.9.0) build-essential (>= 0.0.0) openssl (~> 4.0) + resolver (1.3.0) + selinux (0.9.0) seven_zip (2.0.0) windows (>= 1.2.2) + sudo (2.9.0) + ubuntu (1.2.0) + apt (>= 0.0.0) + users (2.0.3) webapp (0.1.0) - apache2 (>= 0.0.0) + apache2 (~> 3.2.2) database (~> 2.3.1) - mysql (>= 0.0.0) - php (>= 0.0.0) + mysql (~> 5.6.3) + php (~> 1.5.0) windows (1.40.0) chef_handler (>= 0.0.0) xfs (2.0.1) diff --git a/kitchen-tests/Gemfile b/kitchen-tests/Gemfile index acc62156ae..6c11948730 100644 --- a/kitchen-tests/Gemfile +++ b/kitchen-tests/Gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org" group :end_to_end do gem "berkshelf" - gem "test-kitchen", "~> 1.4" + gem "test-kitchen" gem "kitchen-appbundle-updater" gem "kitchen-vagrant", "~> 0.17" gem "kitchen-ec2", github: "test-kitchen/kitchen-ec2" diff --git a/kitchen-tests/Gemfile.lock b/kitchen-tests/Gemfile.lock index 3067871ab3..ca09e00496 100644 --- a/kitchen-tests/Gemfile.lock +++ b/kitchen-tests/Gemfile.lock @@ -166,8 +166,8 @@ DEPENDENCIES kitchen-appbundle-updater kitchen-ec2! kitchen-vagrant (~> 0.17) - test-kitchen (~> 1.4) + test-kitchen vagrant-wrapper BUNDLED WITH - 1.11.2 + 1.12.1 diff --git a/kitchen-tests/cookbooks/base/Berksfile b/kitchen-tests/cookbooks/base/Berksfile new file mode 100644 index 0000000000..4b6079016e --- /dev/null +++ b/kitchen-tests/cookbooks/base/Berksfile @@ -0,0 +1,5 @@ +source "https://api.berkshelf.com" + +metadata + +cookbook "apt" diff --git a/kitchen-tests/cookbooks/base/README.md b/kitchen-tests/cookbooks/base/README.md new file mode 100644 index 0000000000..f19ab46735 --- /dev/null +++ b/kitchen-tests/cookbooks/base/README.md @@ -0,0 +1,3 @@ +# webapp + +TODO: Enter the cookbook description here. diff --git a/kitchen-tests/cookbooks/base/attributes/default.rb b/kitchen-tests/cookbooks/base/attributes/default.rb new file mode 100644 index 0000000000..d4e5d1ee5a --- /dev/null +++ b/kitchen-tests/cookbooks/base/attributes/default.rb @@ -0,0 +1,80 @@ +# +# ubuntu cookbook overrides +# + +default["ubuntu"]["archive_url"] = "mirror://mirrors.ubuntu.com/mirrors.txt" +default["ubuntu"]["security_url"] = "mirror://mirrors.ubuntu.com/mirrors.txt" +default["ubuntu"]["include_source_packages"] = true +default["ubuntu"]["components"] = "main restricted universe multiverse" + +# +# openssh cookbook overrides +# + +# turn off old protocols client-side +default["openssh"]["client"]["rsa_authentication"] = "no" +default["openssh"]["client"]["host_based_authentication"] = "no" +# allow typical ssh v2 rsa/dsa/ecdsa key auth client-side +default["openssh"]["client"]["pubkey_authentication"] = "yes" +# allow password auth client-side (we can ssh 'to' hosts that require passwords) +default["openssh"]["client"]["password_authentication"] = "yes" +# turn off kerberos client-side +default["openssh"]["client"]["gssapi_authentication"] = "no" +default["openssh"]["client"]["check_host_ip"] = "no" +# everone turns strict host key checking off anyway +default["openssh"]["client"]["strict_host_key_checking"] = "no" +# force protocol 2 +default["openssh"]["client"]["protocol"] = "2" + +# it is mostly important that the aes*-ctr ciphers appear first in this list, the cbc ciphers are for compatibility +default["openssh"]["server"]["ciphers"] = "aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc,cast128-cbc" +# DNS causes long timeouts when connecting clients have busted DNS +default["openssh"]["server"]["use_dns"] = "no" +default["openssh"]["server"]["syslog_facility"] = "AUTH" +# only allow access via ssh pubkeys, all other mechanisms including passwords are turned off for all users +default["openssh"]["server"]["pubkey_authentication"] = "yes" +default["openssh"]["server"]["rhosts_rsa_authentication"] = "no" +default["openssh"]["server"]["rsa_authentication"] = "no" +default["openssh"]["server"]["password_authentication"] = "no" +default["openssh"]["server"]["host_based_authentication"] = "no" +default["openssh"]["server"]["gssapi_authentication"] = "no" +default["openssh"]["server"]["permit_root_login"] = "without-password" +default["openssh"]["server"]["ignore_rhosts"] = "yes" +default["openssh"]["server"]["permit_empty_passwords"] = "no" +default["openssh"]["server"]["challenge_response_authentication"] = "no" +default["openssh"]["server"]["kerberos_authentication"] = "no" +# tcp keepalives are useful to keep connections up through VPNs and firewalls +default["openssh"]["server"]["tcp_keepalive"] = "yes" +default["openssh"]["server"]["use_privilege_separation"] = "yes" +default["openssh"]["server"]["max_start_ups"] = "10" +# PAM (i think) already prints the motd on login +default["openssh"]["server"]["print_motd"] = "no" +# force only protocol 2 connections +default["openssh"]["server"]["protocol"] = "2" +# allow tunnelling x-applications back to the client +default["openssh"]["server"]["x11_forwarding"] = "yes" + +# +# chef-client cookbook overrides +# + +# always wait at least 30 mins (1800 secs) between daemonized chef-client runs +default["chef_client"]["interval"] = 1800 +# wait an additional random interval of up to 30 mins (1800 secs) between daemonized runs +default["chef_client"]["splay"] = 1800 +# only log what we change +default["chef_client"]["config"]["verbose_logging"] = false + +# +# resolver cookbook overrides +# + +default["resolver"]["nameservers"] = [ "8.8.8.8", "8.8.4.4" ] +default["resolver"]["search"] = "chef.io" + +# +# sudo cookbook overrides +# + +default["authorization"]["sudo"]["passwordless"] = true +default["authorization"]["sudo"]["users"] = %w{vagrant centos ubuntu} diff --git a/kitchen-tests/cookbooks/base/metadata.rb b/kitchen-tests/cookbooks/base/metadata.rb new file mode 100644 index 0000000000..9e5e792f89 --- /dev/null +++ b/kitchen-tests/cookbooks/base/metadata.rb @@ -0,0 +1,23 @@ +name "base" +maintainer "" +maintainer_email "" +license "" +description "Installs/Configures base" +long_description "Installs/Configures base" +version "0.1.0" + +depends "apt" +depends "build-essential" +depends "chef-client" +depends "fail2ban" +depends "logrotate" +depends "multipackage" +depends "nscd" +depends "ntp" +depends "openssh" +depends "resolver" +depends "selinux" +depends "sudo" +depends "ubuntu" +depends "users" +depends "yum-epel" diff --git a/kitchen-tests/cookbooks/base/recipes/default.rb b/kitchen-tests/cookbooks/base/recipes/default.rb new file mode 100644 index 0000000000..4ddd7a7b04 --- /dev/null +++ b/kitchen-tests/cookbooks/base/recipes/default.rb @@ -0,0 +1,40 @@ +# +# Cookbook Name:: webapp +# Recipe:: default +# +# Copyright (C) 2014 +# + +if node[:platform_family] == "debian" + include_recipe "apt" + include_recipe "ubuntu" +end + +if %w{rhel fedora}.include?(node[:platform_family]) + include_recipe "selinux::disabled" + include_recipe "yum-epel" +end + +include_recipe "build-essential" + +include_recipe "#{cookbook_name}::packages" + +include_recipe "ntp" + +include_recipe "resolver" + +include_recipe "users::sysadmins" + +include_recipe "sudo" + +include_recipe "chef-client::delete_validation" +include_recipe "chef-client::config" +include_recipe "chef-client" + +include_recipe "openssh" + +include_recipe "fail2ban" + +include_recipe "nscd" + +include_recipe "logrotate" diff --git a/kitchen-tests/cookbooks/base/recipes/packages.rb b/kitchen-tests/cookbooks/base/recipes/packages.rb new file mode 100644 index 0000000000..f242951a4c --- /dev/null +++ b/kitchen-tests/cookbooks/base/recipes/packages.rb @@ -0,0 +1,9 @@ + + +pkgs = %w{lsof tcpdump strace zsh dmidecode ltrace bc curl wget telnet subversion git traceroute htop iptraf tmux s3cmd sysbench } + +# this deliberately calls the multipackage API N times in order to do one package installation in order to exercise the +# multipackage cookbook. +pkgs.each do |pkg| + multipackage pkgs +end diff --git a/kitchen-tests/cookbooks/webapp/metadata.rb b/kitchen-tests/cookbooks/webapp/metadata.rb index f1f07d952b..5124aa4f6f 100644 --- a/kitchen-tests/cookbooks/webapp/metadata.rb +++ b/kitchen-tests/cookbooks/webapp/metadata.rb @@ -6,7 +6,7 @@ description "Installs/Configures webapp" long_description "Installs/Configures webapp" version "0.1.0" -depends "apache2" +depends "apache2", "~> 3.2.2" depends "database", "~> 2.3.1" -depends "mysql" -depends "php" +depends "mysql", "~> 5.6.3" +depends "php", "~> 1.5.0" diff --git a/kitchen-tests/data_bags/users/adam.json b/kitchen-tests/data_bags/users/adam.json new file mode 100644 index 0000000000..f96d7c213f --- /dev/null +++ b/kitchen-tests/data_bags/users/adam.json @@ -0,0 +1,9 @@ +{ + "id": "adam", + "uid": 666, // yes? i figure adam likes metal, shout out to iron maiden... + "gid": 666, + "shell": "/bin/zsh", + "groups": [ "sysadmin" ], + "comment": "Adam Jacob", + "password": "*" +} -- cgit v1.2.1