Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Tests #13

Merged
merged 6 commits into from Jan 14, 2015
Merged

Fix Tests #13

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
07be624
update virtual boxes for oel
chris-rock Jan 6, 2015
157f1c6
bugfix: ensure we test with postgres 9.3 and pg repo
chris-rock Jan 6, 2015
bc981c6
update readme for postgres 9.3
chris-rock Jan 6, 2015
d0e9b58
bugfix: stub commands for chefspec
chris-rock Jan 14, 2015
973cfed
bugfix: only test for postgres 9.3
chris-rock Jan 14, 2015
b87ec5d
bugfix: lint fixes
chris-rock Jan 14, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
37 changes: 34 additions & 3 deletions .kitchen.yml
View file
Open in desktop
Expand Up @@ -24,11 +24,11 @@ platforms:
- name: oracle-6.4
driver_config:
box: oracle-6.4
box_url: https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel64-64.box
box_url: https://vagrantcloud.com/box-cutter/boxes/oel64/versions/1.0.8/providers/virtualbox.box
- name: oracle-6.5
driver_config:
box: oracle-6.5
box_url: https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel65-64.box
box_url: https://vagrantcloud.com/box-cutter/boxes/oel65/versions/1.0.8/providers/virtualbox.box
- name: debian-6
driver_config:
box: debian-6
Expand All @@ -37,7 +37,38 @@ platforms:
driver_config:
box: debian-7
box_url: https://s3.eu-central-1.amazonaws.com/ffuenf-vagrantboxes/debian/debian-7.7.0-amd64_virtualbox.box

suites:
- name: default
run_list:
- role[postgresql]
- recipe[chef-solo-search]
- recipe[apt]
- recipe[postgresql::server]
- recipe[postgres-hardening]
excludes: ["centos-6.4", "centos-6.5", "oracle-6.4", "oracle-6.5"]
attributes: {
postgresql: {
enable_pgdg_apt: true,
version: "9.3",
password: {
postgres: "iloverandompasswordsbutthiswilldo"
}
}
}
- name: default-rhel
run_list:
- recipe[chef-solo-search]
- recipe[apt]
- recipe[postgresql::server]
- recipe[postgres-hardening]
excludes: ["debian-6", "debian-7", "ubuntu-12.04", "ubuntu-14.04"]
attributes: {
postgresql: {
enable_pgdg_yum: true,
version: "9.3",
password: {
postgres: "iloverandompasswordsbutthiswilldo"
}
}
}

22 changes: 22 additions & 0 deletions README.md
View file
Open in desktop
Expand Up @@ -26,6 +26,28 @@ add the following to your runlist and customize security option attributes
"recipe[postgres-hardening]"
```

You should also use the official postgres packages, because those offer the latest fixes. Enable the suitable option for the [postgres cookbook](https://github.com/hw-cookbooks/postgresql).

```bash
"postgresql": {

# debian, ubuntu
"enable_pgdg_apt": true

# rhel
"enable_pgdg_yum": true

}
```

The hardening cookbook is only optimized for Postgresql 9.3. This can be activated for [postgres cookbook](https://github.com/hw-cookbooks/postgresql).

```bash
"postgresql": {
version: "9.3"
}
```

### Enable SSL

Please read http://www.postgresql.org/docs/9.1/static/ssl-tcp.html first.
Expand Down
13 changes: 12 additions & 1 deletion spec/default_spec.rb
View file
Open in desktop
Expand Up @@ -4,7 +4,18 @@

describe 'postgres-hardening::default' do

let(:chef_run) { ChefSpec::SoloRunner.converge(described_recipe) }
let(:chef_run) do
ChefSpec::SoloRunner.new do |node|
node.set['postgresql']['version'] = '9.3'
end.converge(described_recipe)
end

before do
@postgres_version = '9.3'
stub_command("ls /var/lib/postgresql/#{@postgres_version}/main/recovery.conf").and_return(true)
stub_command("ls -l /var/lib/postgresql/#{@postgres_version}/main/server.crt |grep /etc/ssl/certs/ssl-cert-snakeoil.pem").and_return(true)
stub_command("ls -l /var/lib/postgresql/#{@postgres_version}/main/server.key |grep /etc/ssl/private/ssl-cert-snakeoil.key").and_return(true)
end

it 'includes postgres-hardening::hardening recipe' do
expect(chef_run).to include_recipe('postgres-hardening::hardening')
Expand Down
11 changes: 7 additions & 4 deletions spec/hardening_spec.rb
View file
Open in desktop
Expand Up @@ -7,10 +7,10 @@
context 'with platform_family debian' do

platforms = [
{ os_name: 'ubuntu', os_version: '12.04', postgres_version: '9.1' },
{ os_name: 'ubuntu', os_version: '12.04', postgres_version: '9.3' },
{ os_name: 'ubuntu', os_version: '14.04', postgres_version: '9.3' },
{ os_name: 'debian', os_version: '6.0.5', postgres_version: '8.4' },
{ os_name: 'debian', os_version: '7.5', postgres_version: '9.1' }
{ os_name: 'debian', os_version: '6.0.5', postgres_version: '9.3' },
{ os_name: 'debian', os_version: '7.5', postgres_version: '9.3' }
]

platforms.each do |platform|
Expand All @@ -20,11 +20,14 @@
let(:chef_run) do
ChefSpec::ServerRunner.new(
platform: platform[:os_name], version: platform[:os_version]
).converge('postgresql::server', 'postgres-hardening::hardening')
) do |node|
node.set['postgresql']['version'] = '9.3'
end.converge('postgresql::server', 'postgres-hardening::hardening')
end

before do
@postgres_version = platform[:postgres_version]
stub_command("ls /var/lib/postgresql/#{@postgres_version}/main/recovery.conf").and_return(true)
end

it 'creates necessary directories with correct mode' do
Expand Down