Add travis-support

[rndmh3ro]

No description provided.

[chris-rock]

looks like we should not disable ipv6 for travis test

[rndmh3ro]

We have to merge #16 first, then travis should work.

[rndmh3ro]

Build is still failing, this time because of insufficent permissions:

error: permission denied on key 'net.ipv4.tcp_timestamps'

My plan is to add to the failing task(s) a tag (e.g. travis_skip) and then skip this tag when travis runs:

- ansible-playbook --sudo -v --diff spec/travis.yml -e os_network_ipv6_enable=true --skip-tags=travis_skip

[chris-rock]

cant we write all options into travis.yml. then everything would be in one place. otherwise we mix the implementation with specific edge cases

[rndmh3ro]

To skip single tasks you have to specify tags and then use the skip-tags-option.
Now we could give each of the included task-files a tag and skip the sysctl-tasks:
In tasks/main.yml

- include: suid_sgid.yml
- include: sysctl.yml tags=sysctl

In .travis.yml:

script:
  - ansible-playbook --syntax-check spec/travis.yml
  - ansible-playbook --sudo -v --diff spec/travis.yml -e os_network_ipv6_enable=true --skip-tags=sysctl

Or we could use conditionals on all problematic tasks and evaluate them to false just like here:

  - ansible-playbook --sudo -v --diff spec/travis.yml -e os_network_ipv6_enable=true

But then we could not use #20.

[chris-rock]

@rndmh3ro Thanks for pointing this out. I definitely like #20. Instead of skipping complete tasks, we could also overwrite the parameter values and switch back to os defaults for travis playbook for required parameters: https://docs.ansible.com/playbooks_variables.html#variables-defined-in-a-playbook

What do you think?

[rndmh3ro]

I cannot get it to work. Even though when a sysctl-variable doesn't get changed, traivis throws errors at me.
How do the puppet and chef implementations pass? They should also be getting a permission denied and fail, if I'm correct.

[chris-rock]

we do not use travis vms for applying hardening, instead we opt in for a separate jenkins setup

[rndmh3ro]

Then, I'd say we exclude the sysctl-tasks from travis. I can confirm that it works locally. Nonetheless all other tasks should work with travis!

[chris-rock]

amazing. let's do this

[rndmh3ro]

I think this is ready for merging now, @chris-rock. Would be great if you could do it.

[chris-rock]

amazing work @rndmh3ro

[chris-rock]

I rebased the branch on master. If this goes through, I'll merge.

[chris-rock]

@rndmh3ro Could you have a look, what is going wrong?

[chris-rock]

Thank you very much. As I said, amazing work!