use new Docker images #8
Conversation
|
I can have a look here once ssh-hardening 2.0 is released:-) |
| @@ -1,18 +1,27 @@ | |||
| --- | |||
| driver: | |||
| name: vagrant | |||
| driver_config: | |||
| http_proxy: <%= ENV['http_proxy'] || nil %> | |||
There was a problem hiding this comment.
I usually set this in the global local Vagrantfile, so it works absolutely with all (foreign too) Vagrant and kitchen files for me:
$ cat ~/.vagrant.d/Vagrantfile
Vagrant.configure("2") do |config|
if Vagrant.has_plugin?('vagrant-proxyconf')
config.proxy.http = ENV['http_proxy'] if ENV.key?('http_proxy')
config.proxy.https = ENV['https_proxy'] if ENV.key?('https_proxy')
config.yum_proxy.http = ENV['https_proxy'] if ENV.key?('https_proxy')
config.proxy.no_proxy = ENV['no_proxy'] if ENV.key?('no_proxy')
end
if !ENV["GLOBAL_VAGRANT_CACHIER_DISABLED"] && Vagrant.has_plugin?("vagrant-cachier")
config.cache.scope = :box
end
endThere was a problem hiding this comment.
I'd like to focus on the docker part since I simply copied the vagrant-configuration and did not change it. I'll change it in another PR.
| @@ -23,6 +32,10 @@ platforms: | |||
| driver_config: | |||
| box: opscode-ubuntu-14.04 | |||
| box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-14.04_chef-provisionerless.box | |||
| - name: ubuntu-16.04 | |||
| driver_config: | |||
| box: opscode-ubuntu-16.04 | |||
There was a problem hiding this comment.
usually its better to use the bento boxes, as the opscode boxes are not maintained anymore
There was a problem hiding this comment.
I'd like to focus on the docker part since I simply copied the vagrant-configuration and did not change it. I'll change it in another PR.
| driver_config: | ||
| box: debian-6 | ||
| box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-6.0.10_chef-provisionerless.box | ||
| box: boxcutter/ol72 |
There was a problem hiding this comment.
There are bento boxes available for oracle, I would suggest to use them as they are maintained
There was a problem hiding this comment.
I'd like to focus on the docker part since I simply copied the vagrant-configuration and did not change it. I'll change it in another PR.
| - 'inspec exec https://github.com/dev-sec/nginx-baseline/ -t docker://$(cat ${container_id})' | ||
|
|
||
| notifications: | ||
| webhooks: https://galaxy.ansible.com/api/v1/notifications/ |
There was a problem hiding this comment.
out of interest: what does this hook?:)
There was a problem hiding this comment.
This gets used to show the build status here: https://galaxy.ansible.com/dev-sec/nginx-hardening/
.travis.yml
Outdated
| - 'docker exec "$(cat ${container_id})" ansible-galaxy install -r /etc/ansible/roles/ansible-nginx-hardening/requirements.yml -p /etc/ansible/roles/' | ||
|
|
||
| # Test role. | ||
| - 'docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/ansible-nginx-hardening/default.yml' |
There was a problem hiding this comment.
(just asking) what is the reason of not using the kitchen here? Its somehow redundant, you have a kitchen configuration for docker, but CI runs it completely without it
There was a problem hiding this comment.
I tried using kitchen with travis before, but did not get it to work. Too many dependency-problems. Kitchen stills gets used locally, though.
|
Thanks for reviewing, @artem-sidorenko! Do you see anything blocking here, except for the vagrant part? |
|
@rndmh3ro no:) |
This uses my own docker images (https://github.com/rndmh3ro/docker-ansible). These are just the base images with pre-installed Docker to save time and hassle when testing the roles.
This also enables full travis testing of all supported operating systems!
This too removes ansible 1.9 support, to better test the role. Also there's no more support for Ansible < 2.0, see https://groups.google.com/forum/#!topic/ansible-devel/6-6FdxZ94kc.
There are no changes in the nginx-configuration itself. Though the tests will fail. I'll fix this once this PR is merged.