Adding support for bionic
Change-Id: Ie113ddc14fad15d7e9e1de82f99b324ce53bae35
diff --git a/.kitchen.openstack.yml b/.kitchen.openstack.yml
index 1dad750..073881b 100644
--- a/.kitchen.openstack.yml
+++ b/.kitchen.openstack.yml
@@ -15,8 +15,10 @@
user_data: user_data.sh
require_chef_omnibus: false
floating_ip_pool: <%= ENV['OS_FLOATING_NETWORK_NAME'] || 'public' %>
- image_id: <%= ENV['OS_IMAGE_ID'] || '60878bd4-cb4a-4d71-ae02-2a8ee4476d10' %>
+ allocate_floating_ip: true
+ image_id: <%= ENV['OS_IMAGE_ID'] %>
flavor_id: <%= ENV['OS_FLAVOR_ID'] || 'ac2a36af-f9a0-4af7-8220-e85cff4d2bce' %>
+ server_name: <%= ENV['SUITE'] %>-ubuntu-<%= ENV['UBUNTU_VERSION'].gsub ".","_" %>-salt-<%= ENV['SALT_VERSION'].gsub ".","_" %>
read_timeout: 720
write_timeout: 720
connect_timeout: 360
@@ -25,13 +27,15 @@
username: kitchen
password: kitchen
connection_timeout: 10
- connection_retries: 5
+ connection_retries: 60
provisioner:
name: salt_solo
salt_install: bootstrap
salt_bootstrap_url: https://bootstrap.saltstack.com
salt_version: <%= ENV['SALT_VERSION'] %>
+ salt_apt_repo_key: https://repo.saltstack.com/apt/ubuntu/<%= ENV['UBUNTU_VERSION'] || '16.04' %>/amd64/latest/SALTSTACK-GPG-KEY.pub
+ salt_apt_repo: https://repo.saltstack.com/apt/ubuntu/<%= ENV['UBUNTU_VERSION'] || '16.04' %>/amd64/
require_chef: false
log_level: info
formula: iptables
diff --git a/.travis.yml b/.travis.yml
index ebbd003..ae41d0b 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -16,10 +16,10 @@
- bundle install
env:
- - UBUNTU_DISTRO=xenial SALT_VERSION='2018.3.0' SUITE=iptables
- - UBUNTU_DISTRO=xenial SALT_VERSION='2017.7.0' SUITE=iptables
- # - UBUNTU_DISTRO=bionic SALT_VERSION='2018.3' SUITE=iptables
- # - UBUNTU_DISTRO=bionic SALT_VERSION='2017.7' SUITE=iptables
+ - UBUNTU_DISTRO=xenial UBUNTU_VERSION=16.04 OS_AZ=mcp-mk OS_IMAGE_ID=60878bd4-cb4a-4d71-ae02-2a8ee4476d10 SALT_VERSION='2018.3.3' SUITE=iptables
+ - UBUNTU_DISTRO=xenial UBUNTU_VERSION=16.04 OS_AZ=mcp-mk OS_IMAGE_ID=60878bd4-cb4a-4d71-ae02-2a8ee4476d10 SALT_VERSION='2017.7.6' SUITE=iptables
+ - UBUNTU_DISTRO=bionic UBUNTU_VERSION=18.04 OS_AZ=mcp-mk OS_IMAGE_ID=d9e69f28-5adc-4f2b-a084-4714454ead0a SALT_VERSION='2018.3.3' SUITE=iptables
+ - UBUNTU_DISTRO=bionic UBUNTU_VERSION=18.04 OS_AZ=mcp-mk OS_IMAGE_ID=d9e69f28-5adc-4f2b-a084-4714454ead0a SALT_VERSION='2017.7.6' SUITE=iptables
before_script:
- set -o pipefail
diff --git a/README.rst b/README.rst
index 15b8b01..5bedae3 100644
--- a/README.rst
+++ b/README.rst
@@ -63,11 +63,9 @@
10:
rule: -s 192.168.0.0/24 -p tcp
log_drop:
- policy: DROP
ruleset:
10:
action: LOG
- comment: "Log my packets"
nat:
chains:
OUTPUT: {}
diff --git a/tests/pillar/iptables.sls b/tests/pillar/iptables.sls
index ef797c6..58b3e3e 100644
--- a/tests/pillar/iptables.sls
+++ b/tests/pillar/iptables.sls
@@ -21,7 +21,7 @@
rule: ""
v6:
metadata_rules: false
- policy: DROP
+ policy: ACCEPT
ruleset:
action: ACCEPT
params: ""
@@ -30,6 +30,8 @@
v4:
filter:
chains:
+ FORWARD:
+ policy: DROP
INPUT:
ruleset:
5:
@@ -37,10 +39,8 @@
10:
rule: -s 192.168.0.0/24 -p tcp
log_drop:
- policy: DROP
ruleset:
10:
- rule: ""
action: LOG
nat:
chains:
@@ -53,7 +53,6 @@
rule: -s 192.168.0.0/24 -p tcp -o lo
action: SNAT
params: --to-source=127.0.0.1
- config: v4
v6:
filter:
chains:
@@ -64,8 +63,6 @@
10:
rule: -s 200A:0:200C::1/64 -p tcp
log_drop:
- policy: DROP
ruleset:
10:
- rule: ""
action: LOG
diff --git a/user_data.sh b/user_data.sh
index 85f3fcd..caa3f4e 100644
--- a/user_data.sh
+++ b/user_data.sh
@@ -5,7 +5,9 @@
sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
# Disable sshd NS lookups
echo "UseDNS no" >> /etc/ssh/sshd_config
+# Apply ssh configuration
service ssh restart
+
# Create user 'kitchen' with password 'kitchen'
useradd -m -G adm,sudo -p '$6$DqOdqb/l$hOpDWFPeC8/45Oo8NbqZyqLZxYd.Vtlujf9A4OdwUKgBjRcETuc9Gd2C7OyI99MY2N/pACrbV8WymqV.H1XZ1.' -s /bin/bash kitchen
# Passwordless sudo for user 'kitchen'