Setting up openstack tests for iptables formula
Change-Id: Ib924de131cca35052b50555c280484ef0161ebaa
diff --git a/.kitchen.openstack.yml b/.kitchen.openstack.yml
new file mode 100644
index 0000000..0390cfc
--- /dev/null
+++ b/.kitchen.openstack.yml
@@ -0,0 +1,59 @@
+---
+driver:
+ name: openstack
+ openstack_username: <%= ENV['OS_USERNAME'] %>
+ openstack_api_key: <%= ENV['OS_PASSWORD'] %>
+ openstack_auth_url: <%= ENV['OS_AUTH_URL'] %>
+ openstack_domain_name: <%= ENV['OS_DOMAIN_NAME'] %>
+ openstack_project_name: <%= ENV['OS_PROJECT_NAME'] %>
+ openstack_identity_api_version: <%= ENV['OS_IDENTITY_VERSION'] || 3 %>
+ availability_zone: <%= ENV['OS_AZ'] || 'nova' %>
+ openstack_network_name: <%= ENV['OS_FLOATING_NETWORK_NAME'] || 'public' %>
+ security_groups:
+ - kitchen
+ network_id: <%= ENV['OS_INTERNAL_NETWORK_ID'] || '21790488-0dc2-4864-9016-ae4f09d8a67f' %>
+ user_data: user_data.sh
+ require_chef_omnibus: false
+ floating_ip_pool: <%= ENV['OS_FLOATING_NETWORK_NAME'] || 'public' %>
+ image_id: <%= ENV['OS_IMAGE_ID'] || '60878bd4-cb4a-4d71-ae02-2a8ee4476d10' %>
+ flavor_id: <%= ENV['OS_FLAVOR_ID'] || 'ac2a36af-f9a0-4af7-8220-e85cff4d2bce' %>
+ read_timeout: 180
+ write_timeout: 180
+ connect_timeout: 180
+
+transport:
+ username: kitchen
+ password: kitchen
+ connection_timeout: 10
+ connection_retries: 5
+
+provisioner:
+ name: salt_solo
+ salt_install: bootstrap
+ salt_bootstrap_url: https://bootstrap.saltstack.com
+ salt_version: <%= ENV['SALT_VERSION'] || '2018.3.0' %>
+ require_chef: false
+ log_level: error
+ formula: iptables
+ state_top:
+ base:
+ "*":
+ - iptables
+ pillars:
+ top.sls:
+ base:
+ "*":
+ - iptables
+
+verifier:
+ name: inspec
+ sudo: true
+
+platforms:
+ - name: saltstack-ubuntu-<%= ENV['UBUNTU_DISTRO'] || 'xenial' %>-salt-<%= ENV['SALT_VERSION'] || '2018.3.0' %>
+
+suites:
+ - name: iptables
+ provisioner:
+ pillars-from-files:
+ iptables.sls: tests/pillar/iptables.sls
diff --git a/.kitchen.yml b/.kitchen.yml
deleted file mode 100644
index 89e569c..0000000
--- a/.kitchen.yml
+++ /dev/null
@@ -1,42 +0,0 @@
----
-driver:
- name: docker
- hostname: iptables.ci.local
- use_sudo: false
-
-provisioner:
- name: salt_solo
- salt_install: bootstrap
- salt_bootstrap_url: https://bootstrap.saltstack.com
- salt_version: latest
- require_chef: false
- log_level: error
- formula: iptables
- grains:
- noservices: True
- state_top:
- base:
- "*":
- - iptables
- pillars:
- top.sls:
- base:
- "*":
- - iptables
-
-verifier:
- name: inspec
- sudo: true
-
-platforms:
- - name: <%=ENV['PLATFORM'] || 'saltstack-ubuntu-xenial-salt-stable' %>
- driver_config:
- image: <%=ENV['PLATFORM'] || 'epcim/salt:saltstack-ubuntu-xenial-salt-stable'%>
- platform: ubuntu
-
-suites:
-
- - name: iptables
- provisioner:
- pillars-from-files:
- iptables.sls: tests/pillar/iptables.sls
diff --git a/.travis.yml b/.travis.yml
index c143109..a4527be 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -2,38 +2,25 @@
python:
- "2.7.13"
sudo: required
-services:
- - docker
install:
- - pip install PyYAML
- - pip install virtualenv
- |
- test -e Gemfile || cat <<EOF > Gemfile
- source 'https://rubygems.org'
- gem 'rake'
- gem 'test-kitchen'
- gem 'kitchen-docker'
- gem 'kitchen-inspec'
- gem 'inspec', '<3.0.0'
- #Version was frozen, because of issues in the version of inspec >3.0.0 -- see https://mirantis.jira.com/browse/PROD-24324 for more info
- gem 'kitchen-salt', :git => 'https://github.com/salt-formulas/kitchen-salt.git'
- - bundle install
+ git clone https://gerrit.mcp.mirantis.com/salt-formulas/salt-formulas-scripts
+ ./salt-formulas-scripts/bootstrap-openstack-kitchen.sh
env:
- - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2016.3 SUITE=iptables
- - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2017.7 SUITE=iptables
- - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2018.3 SUITE=iptables
-# - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2017.7 SUITE=iptables
-# - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2018.3 SUITE=iptables
+ - UBUNTU_DISTRO=xenial SALT_VERSION=2018.3 SUITE=iptables
+ - UBUNTU_DISTRO=xenial SALT_VERSION=2017.7 SUITE=iptables
+ - UBUNTU_DISTRO=bionic SALT_VERSION=2018.3 SUITE=iptables
+ - UBUNTU_DISTRO=bionic SALT_VERSION=2017.7 SUITE=iptables
before_script:
- set -o pipefail
- make test | tail
script:
- - test ! -e .kitchen.yml || bundle exec kitchen converge ${SUITE} || true
- - test ! -e .kitchen.yml || bundle exec kitchen verify ${SUITE} -t tests/integration
+ - test ! -e .kitchen.openstack.yml || bundle exec kitchen converge ${SUITE} || true
+ - test ! -e .kitchen.openstack.yml || bundle exec kitchen verify ${SUITE} -t tests/integration
notifications:
on:
diff --git a/README.rst b/README.rst
index a59e5e8..15b8b01 100644
--- a/README.rst
+++ b/README.rst
@@ -28,13 +28,13 @@
service:
v4:
enabled: true
- persistent_config: /etc/iptables.v4
+ persistent_config: /etc/iptables/rules.v4
modules:
- nf_conntrack_ftp
- nf_conntrack_pptp
v6:
enabled: false
- persistent_config: /etc/iptables.v6
+ persistent_config: /etc/iptables/rules.v6
modules:
- nf_conntrack_ipv6
defaults:
@@ -70,8 +70,8 @@
comment: "Log my packets"
nat:
chains:
- OUTPUT:
- PREROUTING:
+ OUTPUT: {}
+ PREROUTING: {}
POSTROUTING:
policy: ACCEPT
ruleset:
diff --git a/tests/pillar/iptables.sls b/tests/pillar/iptables.sls
index 05fe015..ef797c6 100644
--- a/tests/pillar/iptables.sls
+++ b/tests/pillar/iptables.sls
@@ -44,8 +44,8 @@
action: LOG
nat:
chains:
- OUTPUT:
- PREROUTING:
+ OUTPUT: {}
+ PREROUTING: {}
POSTROUTING:
policy: ACCEPT
ruleset:
diff --git a/user_data.sh b/user_data.sh
new file mode 100644
index 0000000..85f3fcd
--- /dev/null
+++ b/user_data.sh
@@ -0,0 +1,15 @@
+#!/bin/bash -xe
+# Speedup reverse hostname lookup
+sed -i "s/127.0.0.1.*/127.0.0.1 localhost $(hostname)/" /etc/hosts
+# Enabling password auth for kitchen user
+sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
+# Disable sshd NS lookups
+echo "UseDNS no" >> /etc/ssh/sshd_config
+service ssh restart
+# Create user 'kitchen' with password 'kitchen'
+useradd -m -G adm,sudo -p '$6$DqOdqb/l$hOpDWFPeC8/45Oo8NbqZyqLZxYd.Vtlujf9A4OdwUKgBjRcETuc9Gd2C7OyI99MY2N/pACrbV8WymqV.H1XZ1.' -s /bin/bash kitchen
+# Passwordless sudo for user 'kitchen'
+echo "kitchen ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/99-kitchen
+# Secure kitchen home
+chown kitchen:root /home/kitchen -R
+chmod 0700 /home/kitchen