-
Notifications
You must be signed in to change notification settings - Fork 0
/
kitchen.yml
202 lines (198 loc) · 6.64 KB
/
kitchen.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
---
provisioner:
name: chef_infra
always_update_cookbooks: true
kitchen_root: <%= ::Dir.pwd %>
data_bags_path: <%= ::File.join(ENV['HOME'], '.chef/databags') %>
log_level: auto
verifier:
name: inspec
title: InSpec Profile for Deploy-Context
maintainer: Jimmy Provencher
copyright: JimboDragon
copyright_email: jimmy.provencher@hotmail.ca
license: Apache-2.0
summary: An InSpec Compliance Profile for Deploy-Context
version: 0.1.0
depends:
- name: supermarket-profile
supermarket: dev-sec/linux-baseline
platforms:
- name: vb-deploy-context
provisioner:
product_name: chef-workstation
channel: stable
install_strategy: once
chef_license: accept
product_version: latest
transport: # Dealing with 22.04 deprecating ssh-rsa prior to tooling being ready for it
name: ssh
username: vagrant
password: vagrant
driver:
name: vagrant
box: bento/ubuntu-22.04
cache_directory: <%= File.expand_path("#{::Dir.pwd}/omnibus/cache") %>
kitchen_cache_directory: <%= File.expand_path("#{::Dir.pwd}/.kitchen/cache") %>
domain: <%= ENV['AWS_SSH_DEPLOYCONTEXT_DOMAIN_NAME'] %>
vm_hostname: <%= ENV['AWS_SSH_DEPLOYCONTEXT_DOMAIN_NAME'] %>
network:
- ["forwarded_port", {guest: 22, host: 2220}]
- ["forwarded_port", {guest: 80, host: 8880}]
- ["forwarded_port", {guest: 443, host: 4430}]
customize:
memory: 8196
cpus: 2
firmware: bios
hwvirtex: "on"
vtxvpid: "on"
vtxux: "on"
nested-hw-virt: "on"
cpuhotplug: "on"
vrde: "on"
vrdeport: 3390
autostart-enabled: "on"
pre_create_command: "ssh-keygen -f \"<%= ENV['HOME'] %>/.ssh/known_hosts\" -R \"[127.0.0.1]:2220\"; ssh-keygen -f \"<%= ENV['HOME'] %>/.ssh/known_hosts\" -R \"[<%= ENV['AWS_SSH_DEPLOYCONTEXT_DOMAIN_NAME'] %>]:2220\";"
- name: vb-workstation-context
provisioner:
product_name: chef-workstation
channel: stable
install_strategy: once
chef_license: accept
product_version: latest
transport: # Dealing with 22.04 deprecating ssh-rsa prior to tooling being ready for it
name: ssh
username: vagrant
password: vagrant
driver:
name: vagrant
box: bento/ubuntu-22.04
cache_directory: <%= File.expand_path("#{::Dir.pwd}/omnibus/cache") %>
kitchen_cache_directory: <%= File.expand_path("#{::Dir.pwd}/.kitchen/cache") %>
domain: <%= ENV['AWS_SSH_DEPLOYCONTEXT_DOMAIN_NAME'] %>
vm_hostname: <%= ENV['AWS_SSH_DEPLOYCONTEXT_DOMAIN_NAME'] %>
network:
- ["forwarded_port", {guest: 22, host: 2223}]
- ["forwarded_port", {guest: 443, host: 4433}]
customize:
memory: 8196
cpus: 2
firmware: bios
hwvirtex: "on"
vtxvpid: "on"
vtxux: "on"
nested-hw-virt: "on"
cpuhotplug: "on"
vrde: "on"
vrdeport: 3390
autostart-enabled: "on"
pre_create_command: "ssh-keygen -f \"<%= ENV['HOME'] %>/.ssh/known_hosts\" -R \"[127.0.0.1]:2223\"; ssh-keygen -f \"<%= ENV['HOME'] %>/.ssh/known_hosts\" -R \"[<%= ENV['AWS_SSH_DEPLOYCONTEXT_DOMAIN_NAME'] %>]:2223\";"
- name: dock-deploy-context
driver:
name: dokken
image: habitat/default-studio-x86_64-linux
socket: tcp://127.0.0.1:2375
provisioner:
name: dokken
product_name: chef-workstation
channel: stable
install_strategy: once
chef_license: accept
product_version: latest
pull_chef_image: true
transport:
name: dokken
intermediate_instructions:
- RUN /usr/bin/apt-get update
- RUN /usr/bin/apt-get install lsb_release
- RUN mkdir -p /opt/kitchen
- COPY . /opt/kitchen
- WORKDIR /opt/kitchen
ports:
- container_port:
- host_ip: 127.0.0.1
- host_port: 4431
- name: aws-deploy-context
driver:
name: ec2
aws_ssh_key_id: <%= ENV['AWS_SSH_DEPLOYCONTEXT_KITCHEN_KEY'] %>
security_group_ids: ["<%= ENV['AWS_SSH_DEPLOYCONTEXT_KITCHEN_KEY'] %>"]
region: us-east-1
subnet_id: <%= ENV['AWS_SSH_DEPLOYCONTEXT_SUBNET_ID'] %>
iam_profile_name: deploy-context-kitchen-role
instance_type: t2.micro
associate_public_ip: true
interface: dns
image_id: ami-067d1e60475437da2
provisioner:
product_name: chef-workstation
- name: aws-deploy-context-chefserver
driver:
name: ec2
aws_ssh_key_id: <%= ENV['AWS_SSH_DEPLOYCONTEXT_KITCHEN_KEY'] %>
security_group_ids: ["<%= ENV['AWS_SSH_DEPLOYCONTEXT_KITCHEN_KEY'] %>"]
region: us-east-1
subnet_id: <%= ENV['AWS_SSH_DEPLOYCONTEXT_SUBNET_ID'] %>
iam_profile_name: deploy-context-kitchen-role
instance_type: t2.micro
associate_public_ip: true
interface: dns
image_id: ami-067d1e60475437da2
suites:
- name: default
includes:
- vb-deploy-context
- dock-deploy-context
- aws-deploy-context
attributes:
infra_chef:
project_name: exemple
- name: workstation
named_run_list: kitchen_user
verifier:
name: inspec
inspec_tests:
- test/integration/default/workstation_test.rb
- test/integration/default/kitchen_user_test.rb
- test/integration/default/deploy-context_test.rb
attributes:
audit:
compliance_phase: true
os-hardening:
components:
auditd: true
deploy-context:
context_databag: default_context
secret_key: "<%= ::File.read(::File.join(ENV['HOME'], '.chef/secret')) %>"
chef_repo_name: <%= ENV['CHEF_REPO_NAME'] %>
chef_repo_git: <%= ENV['CHEF_REPO_GIT'] %>
organisation_name: <%= ENV['CHEF_ORGANISATION_NAME'] %>
application_name: <%= ENV['APPLICATION_NAME'] %>
suite_kitchen: docker
chef_accept:
chef_infra_client: "<%= ::File.read('/etc/chef/accepted_licenses/chef_infra_client').split("\n").join('\n') %>"
chef_infra_server: "<%= ::File.read('/etc/chef/accepted_licenses/chef_infra_server').split("\n").join('\n') %>"
chef_workstation: "<%= ::File.read('/etc/chef/accepted_licenses/chef_workstation').split("\n").join('\n') %>"
inspec: "<%= ::File.read('/etc/chef/accepted_licenses/inspec').split("\n").join('\n') %>"
plans:
- spec/habitat
- habitat
user:
deploy:
- git
- ssh
- chef
- gem
system:
deploy:
- git
- ssh
- chef
- cucumber
- habitat
- gem
- docker
- aws
- circleci
includes:
- <%= ENV['KITCHEN_WORKSTATION'] %>