-
Notifications
You must be signed in to change notification settings - Fork 29
use new docker files #26
Changes from all commits
ba7d3d5
5a1e875
a58e5bf
619aed0
bf03862
6e2a25d
934685c
72344ca
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,13 +1,3 @@ | ||
README.pdf | ||
README.html | ||
shared_test_repo/ | ||
test/integration | ||
.kitchen | ||
coverage | ||
Vagrantfile.erb | ||
|
||
Gemfile.lock | ||
Berksfile.lock | ||
|
||
ansible.cfg | ||
hosts | ||
Gemfile.lock |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
--- | ||
driver: | ||
name: vagrant | ||
|
||
provisioner: | ||
name: ansible_playbook | ||
hosts: all | ||
require_ansible_repo: false | ||
require_ansible_omnibus: true | ||
require_chef_for_busser: false | ||
require_ruby_for_busser: false | ||
ansible_verbose: true | ||
roles_path: ../ansible-mysql-hardening/ | ||
playbook: default.yml | ||
requirements_path: requirements.yml | ||
sudo_command: 'sudo -E -H' | ||
|
||
transport: | ||
max_ssh_sessions: 5 | ||
|
||
platforms: | ||
- name: ubuntu-14.04 | ||
- name: ubuntu-16.04 | ||
- name: centos-6.8 | ||
- name: centos-7.3 | ||
- name: oracle-6.8 | ||
- name: oracle-7.3 | ||
- name: debian-7.11 | ||
- name: debian-8.7 | ||
|
||
verifier: | ||
name: inspec | ||
sudo: true | ||
inspec_tests: | ||
- https://github.com/dev-sec/mysql-baseline/ | ||
|
||
suites: | ||
- name: mysql |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,62 +1,77 @@ | ||
--- | ||
driver: | ||
name: vagrant | ||
name: docker | ||
privileged: true | ||
use_sudo: false | ||
|
||
transport: | ||
max_ssh_sessions: 5 | ||
|
||
provisioner: | ||
name: ansible_playbook | ||
test_repo_uri: https://github.com/hardening-io/tests-mysql-hardening.git | ||
hosts: all | ||
playbook: default.yml | ||
require_ansible_repo: false | ||
require_ansible_omnibus: true | ||
requirements_path: requirements.yml | ||
require_chef_for_busser: false | ||
require_ruby_for_busser: false | ||
ansible_verbose: true | ||
ansible_diff: true | ||
hosts: all | ||
roles_path: ../ansible-mysql-hardening/ | ||
playbook: default.yml | ||
requirements_path: requirements.yml | ||
sudo_command: 'sudo -E -H' | ||
|
||
platforms: | ||
- name: ubuntu-12.04 | ||
driver_config: | ||
box: opscode-ubuntu-12.04 | ||
box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-12.04_chef-provisionerless.box | ||
- name: ubuntu-14.04 | ||
driver_config: | ||
box: opscode-ubuntu-14.04 | ||
box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-14.04_chef-provisionerless.box | ||
- name: centos-6.4 | ||
driver_config: | ||
box: opscode-centos-6.4 | ||
box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-6.4_provisionerless.box | ||
- name: centos-6.5 | ||
driver_config: | ||
box: opscode-centos-6.5 | ||
box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_centos-6.5_chef-provisionerless.box | ||
- name: centos-7.2 | ||
driver_config: | ||
box: opscode-centos-7.2 | ||
box_url: http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_centos-7.2_chef-provisionerless.box | ||
- name: oracle-6.4 | ||
driver_config: | ||
box: oracle-6.4 | ||
box_url: https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel64-64.box | ||
- name: oracle-6.5 | ||
driver_config: | ||
box: oracle-6.5 | ||
box_url: https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel65-64.box | ||
- name: debian-6 | ||
driver_config: | ||
box: debian-6 | ||
box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-6.0.10_chef-provisionerless.box | ||
- name: debian-7 | ||
driver_config: | ||
box: debian-7 | ||
box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-7.8_chef-provisionerless.box | ||
- name: debian-8 | ||
driver_config: | ||
box: debian-8 | ||
box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-8.1_chef-provisionerless.box | ||
- name: centos6-ansible-latest | ||
driver: | ||
image: rndmh3ro/docker-centos6-ansible:latest | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. docker stuff should be in There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Docker is the default testing method in this role. What else should be there then? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. hmm ok, looks like the other repos are non-standard as well so ignore this commend then :) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Actually I'll change this to the bento boxes. I just discovered that bento has all of them. |
||
platform: centos | ||
- name: centos7-ansible-latest | ||
driver: | ||
image: rndmh3ro/docker-centos7-ansible:latest | ||
platform: centos | ||
- name: oracle6-ansible-latest | ||
driver: | ||
image: rndmh3ro/docker-oracle6-ansible:latest | ||
platform: centos | ||
- name: oracle7-ansible-latest | ||
driver: | ||
image: rndmh3ro/docker-oracle7-ansible:latest | ||
platform: centos | ||
- name: ubuntu1404-ansible-latest | ||
driver: | ||
image: rndmh3ro/docker-ubuntu1404-ansible:latest | ||
platform: ubuntu | ||
- name: ubuntu1604-ansible-latest | ||
driver: | ||
image: rndmh3ro/docker-ubuntu1604-ansible:latest | ||
platform: ubuntu | ||
- name: debian7-ansible-latest | ||
driver: | ||
image: rndmh3ro/docker-debian7-ansible:latest | ||
platform: debian | ||
intermediate_instructions: | ||
- RUN /usr/bin/apt-get update | ||
- RUN /usr/bin/apt-get install -y procps | ||
- name: debian8-ansible-latest | ||
driver: | ||
image: rndmh3ro/docker-debian8-ansible:latest | ||
platform: debian | ||
intermediate_instructions: | ||
- RUN /usr/bin/apt-get update | ||
- RUN /usr/bin/apt-get install -y procps | ||
pid_one_command: /bin/systemd | ||
- name: debian9-ansible-latest | ||
driver: | ||
image: rndmh3ro/docker-debian9-ansible:latest | ||
platform: debian | ||
|
||
verifier: | ||
name: inspec | ||
sudo: true | ||
inspec_tests: | ||
- https://github.com/dev-sec/mysql-baseline | ||
|
||
suites: | ||
- name: ansible_1.9 | ||
provisioner: | ||
ansible_version: 1.9.4 | ||
- name: ansible_latest | ||
- name: mysql |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,21 +1,75 @@ | ||
--- | ||
notifications: | ||
webhooks: https://galaxy.ansible.com/api/v1/notifications/ | ||
language: python | ||
python: "2.7" | ||
services: docker | ||
|
||
env: | ||
- ANSIBLE_VERSION=latest | ||
- ANSIBLE_VERSION=1.9.4 | ||
- distro: centos6 | ||
version: latest | ||
run_opts: "--privileged" | ||
init: /sbin/init | ||
|
||
- distro: centos7 | ||
init: /usr/lib/systemd/systemd | ||
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" | ||
version: latest | ||
|
||
- distro: oracle6 | ||
version: latest | ||
run_opts: "--privileged" | ||
init: /sbin/init | ||
|
||
- distro: oracle7 | ||
init: /usr/lib/systemd/systemd | ||
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" | ||
version: latest | ||
|
||
# see https://github.com/dev-sec/mysql-baseline/issues/35 | ||
# - distro: ubuntu1604 | ||
# version: latest | ||
# init: /lib/systemd/systemd | ||
# run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" | ||
|
||
# - distro: ubuntu1404 | ||
# version: latest | ||
# run_opts: "--privileged" | ||
# init: /sbin/init | ||
|
||
- distro: debian7 | ||
version: latest | ||
run_opts: "--privileged" | ||
init: /sbin/init | ||
|
||
# - distro: debian8 | ||
# version: latest | ||
# init: /bin/systemd | ||
# run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" | ||
|
||
# - distro: debian9 | ||
# version: latest | ||
# init: /lib/systemd/systemd | ||
# run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" | ||
|
||
before_install: | ||
- sudo apt-get update -qq | ||
- sudo apt-get install -qq python-apt python-pycurl python-mysqldb | ||
install: | ||
- if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install ansible; else pip install ansible==$ANSIBLE_VERSION; fi | ||
- echo -e 'localhost ansible_connection=local' > spec/inventory | ||
- echo -e '[defaults]\nroles_path = ../\nhostfile = ./spec/inventory' > ansible.cfg | ||
# Pull container | ||
- 'docker pull rndmh3ro/docker-${distro}-ansible:${version}' | ||
|
||
script: | ||
- ansible-playbook --syntax-check spec/travis.yml | ||
- ansible-playbook --sudo -v --diff spec/travis.yml | ||
- container_id=$(mktemp) | ||
# Run container in detached state. | ||
- 'docker run --detach --volume="${PWD}":/etc/ansible/roles/ansible-mysql-hardening:ro ${run_opts} rndmh3ro/docker-${distro}-ansible:${version} "${init}" > "${container_id}"' | ||
|
||
# Install ansible galaxy requirements | ||
- 'docker exec "$(cat ${container_id})" ansible-galaxy install -r /etc/ansible/roles/ansible-mysql-hardening/requirements.yml -p /etc/ansible/roles/' | ||
|
||
# Test role. | ||
- 'travis_wait docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/ansible-mysql-hardening/default.yml' | ||
|
||
# Verify role | ||
- 'inspec exec https://github.com/rndmh3ro/mysql-baseline/ -t docker://$(cat ${container_id})' | ||
|
||
after_failure: | ||
# Check MySQL settings. | ||
- 'docker exec --tty ${container_id} env TERM=xterm cat /var/log/mysql/error.log' | ||
- 'docker exec --tty ${container_id} env TERM=xterm cat /var/log/mysql.err' | ||
- 'docker exec --tty ${container_id} env TERM=xterm cat /var/log/mysql.log' | ||
notifications: | ||
webhooks: https://galaxy.ansible.com/api/v1/notifications/ |
This file was deleted.
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# config file for ansible -- http://ansible.com/ | ||
# ============================================== | ||
|
||
# nearly all parameters can be overridden in ansible-playbook | ||
# or with command line flags. ansible will read ANSIBLE_CONFIG, | ||
# ansible.cfg in the current working directory, .ansible.cfg in | ||
# the home directory or /etc/ansible/ansible.cfg, whichever it | ||
# finds first | ||
|
||
[defaults] | ||
ansible_managed = Ansible managed: {file} modified on %Y-%m-%d by {uid} on {host} | ||
|
||
role_path = /vagrant | ||
scp_if_ssh = True |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
any reason to not use
dokken
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ẁhat's the difference and advantages?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I took a look at https://github.com/someara/kitchen-dokken.
It sounds good, but right now we use kitchen-docker in all our ansible-roles. So I'l write it on my todo-list to check out dokken.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Take a look at https://github.com/dev-sec/chef-mysql-hardening/blob/master/.kitchen.yml
tl;dr dokken abstracts away from of the docker stuff that you don't care about in a CI environment (i.e. the
run_opts
andinit
options you have in the travis config)Your config looks like it works fine the way it is, so just a thought if you have time or for the future :)