Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
a9531a6
commit 591cd5c
Showing
9 changed files
with
92 additions
and
53 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
*.retry | ||
tests/test.sh | ||
*/__pycache__ | ||
*.pyc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,32 +1,31 @@ | ||
--- | ||
language: python | ||
services: docker | ||
|
||
env: | ||
- distro: centos7 | ||
- distro: centos6 | ||
# - distro: ubuntu1804 | ||
- distro: ubuntu1604 | ||
# - distro: debian9 | ||
- distro: debian8 | ||
- distro: fedora27 | ||
global: | ||
- ROLE_NAME: security | ||
matrix: | ||
- MOLECULE_DISTRO: centos7 | ||
MOLECULE_DOCKER_COMMAND: /usr/lib/systemd/systemd | ||
- MOLECULE_DISTRO: centos6 | ||
- MOLECULE_DISTRO: fedora27 | ||
- MOLECULE_DISTRO: ubuntu1604 | ||
- MOLECULE_DISTRO: debian8 | ||
|
||
script: | ||
# Configure test script so we can run extra tests after playbook is run. | ||
- export container_id=$(date +%s) | ||
- export cleanup=false | ||
install: | ||
# Install test dependencies. | ||
- pip install molecule docker | ||
|
||
# Download test shim. | ||
- wget -O ${PWD}/tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/ | ||
- chmod +x ${PWD}/tests/test.sh | ||
before_script: | ||
# Use actual Ansible Galaxy role name for the project directory. | ||
- cd ../ | ||
- mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME | ||
- cd geerlingguy.$ROLE_NAME | ||
|
||
script: | ||
# Run tests. | ||
- ${PWD}/tests/test.sh | ||
|
||
# Make sure fail2ban process is running. | ||
- > | ||
sudo docker exec ${container_id} ps -ax | grep -q 'fail2ban' | ||
&& (echo 'fail2ban is on: pass' && exit 0) | ||
|| (echo 'fail2ban is on: fail' && exit 1) | ||
- molecule test | ||
|
||
notifications: | ||
webhooks: https://galaxy.ansible.com/api/v1/notifications/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
--- | ||
dependency: | ||
name: galaxy | ||
driver: | ||
name: docker | ||
lint: | ||
name: yamllint | ||
options: | ||
config-file: molecule/default/yaml-lint.yml | ||
platforms: | ||
- name: instance | ||
image: geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible | ||
command: ${MOLECULE_DOCKER_COMMAND:-"sleep infinity"} | ||
privileged: true | ||
pre_build_image: true | ||
provisioner: | ||
name: ansible | ||
lint: | ||
name: ansible-lint | ||
playbooks: | ||
converge: ${MOLECULE_PLAYBOOK:-playbook.yml} | ||
scenario: | ||
name: default | ||
verifier: | ||
name: testinfra | ||
lint: | ||
name: flake8 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,38 +1,41 @@ | ||
- hosts: all | ||
--- | ||
- name: Converge | ||
hosts: all | ||
become: true | ||
|
||
pre_tasks: | ||
- name: Update apt cache. | ||
package: update_cache=yes cache_valid_time=600 | ||
package: update_cache=true cache_valid_time=600 | ||
when: ansible_os_family == 'Debian' | ||
|
||
- name: Ensure build dependencies are installed (RedHat). | ||
package: 'name="{{ item }}" state=present' | ||
with_items: | ||
- openssh-server | ||
- openssh-clients | ||
package: | ||
name: | ||
- openssh-server | ||
- openssh-clients | ||
state: present | ||
when: ansible_os_family == 'RedHat' | ||
|
||
- name: Ensure build dependencies are installed (Fedora). | ||
package: 'name="{{ item }}" state=present' | ||
with_items: | ||
- procps | ||
package: name=procps state=present | ||
when: ansible_distribution == 'Fedora' | ||
|
||
- name: Ensure build dependencies are installed (Debian). | ||
package: 'name="{{ item }}" state=present' | ||
with_items: | ||
- openssh-server | ||
- openssh-client | ||
package: | ||
name: | ||
- openssh-server | ||
- openssh-client | ||
state: present | ||
when: ansible_os_family == 'Debian' | ||
|
||
- name: Ensure auth.log file is present. | ||
copy: | ||
dest: /var/log/auth.log | ||
content: "" | ||
force: no | ||
force: false | ||
when: > | ||
(ansible_distribution == 'Ubuntu' and ansible_distribution_version == '14.04') or | ||
(ansible_distribution == 'Debian' and ansible_distribution_release == 'jessie') | ||
roles: | ||
- role_under_test | ||
- role: geerlingguy.security |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
import os | ||
|
||
import testinfra.utils.ansible_runner | ||
|
||
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( | ||
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') | ||
|
||
|
||
def test_hosts_file(host): | ||
f = host.file('/etc/hosts') | ||
|
||
assert f.exists | ||
assert f.user == 'root' | ||
assert f.group == 'root' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
--- | ||
extends: default | ||
rules: | ||
line-length: | ||
max: 120 | ||
level: warning |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,3 @@ | ||
--- | ||
security_ssh_config_path: /etc/ssh/sshd_config | ||
security_sshd_name: ssh | ||
security_sshd_name: ssh |