ci(kitchen+travis): implement `inspec` test matrix

.travis.yml

@@ -0,0 +1,67 @@
+stages:
+  - test
+  # - commitlint
+  # - name: release
+  #   if: branch = master AND type != pull_request
+
+sudo: required
+cache: bundler
+language: ruby
+
+services:
+  - docker
+
+before_install:
+  - bundle install
+
+# Make sure the instances listed below match up with
+# the `platforms` defined in `kitchen.yml`
+env:
+  matrix:
+    - INSTANCE: default-debian-9-2019-2-py3
+    - INSTANCE: default-ubuntu-1804-2019-2-py3
+    - INSTANCE: default-centos-7-2019-2-py2
+    - INSTANCE: default-fedora-29-2019-2-py2
+    - INSTANCE: default-opensuse-423-2018-3-py2
+    - INSTANCE: default-debian-8-2018-3-py2
+    - INSTANCE: default-ubuntu-1604-2018-3-py2
+    - INSTANCE: default-fedora-28-2018-3-py2
+    - INSTANCE: default-debian-8-2017-7-py2
+    - INSTANCE: default-ubuntu-1604-2017-7-py2
+
+script:
+  - bundle exec kitchen verify ${INSTANCE}
+
+# jobs:
+#   include:
+#     # Define the commitlint stage
+#     - stage: commitlint
+#       language: node_js
+#       node_js: lts/*
+#       before_install: skip
+#       script:
+#         - npm install @commitlint/config-conventional -D
+#         - npm install @commitlint/travis-cli -D
+#         - commitlint-travis
+#     # Define the release stage that runs semantic-release
+#     - stage: release
+#       language: node_js
+#       node_js: lts/*
+#       before_install: skip
+#       script:
+#         # Update `AUTHORS.md`
+#         - export MAINTAINER_TOKEN=${GH_TOKEN}
+#         - go get github.com/myii/maintainer
+#         - maintainer contributor
+#
+#         # Install all dependencies required for `semantic-release`
+#         - npm install @semantic-release/changelog@3 -D
+#         - npm install @semantic-release/exec@3 -D
+#         - npm install @semantic-release/git@7 -D
+#       deploy:
+#         provider: script
+#         skip_cleanup: true
+#         script:
+#           # Run `semantic-release`
+#           - npx semantic-release@15
+

Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+gem 'kitchen-docker', '>= 2.9'
+gem 'kitchen-salt', '>= 0.6.0'
+gem 'kitchen-inspec', '>= 1.1'
+

kitchen.yml

@@ -0,0 +1,95 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+# For help on this file's format, see https://kitchen.ci/
+driver:
+  name: docker
+  use_sudo: false
+  privileged: true
+  run_command: /lib/systemd/systemd
+
+# Make sure the platforms listed below match up with
+# the `env.matrix` instances defined in `.travis.yml`
+platforms:
+  ## SALT 2019.2
+  - name: debian-9-2019-2-py3
+    driver:
+      image: netmanagers/salt-2019.2-py3:debian-9
+  - name: ubuntu-1804-2019-2-py3
+    driver:
+      image: netmanagers/salt-2019.2-py3:ubuntu-1804
+  - name: centos-7-2019-2-py2
+    driver:
+      image: netmanagers/salt-2019.2-py2:centos-7
+  - name: fedora-29-2019-2-py2
+    driver:
+      image: netmanagers/salt-2019.2-py2:fedora-29
+
+  ## SALT 2018.3
+  - name: opensuse-423-2018-3-py2
+    driver:
+      image: netmanagers/salt-2018.3-py2:opensuse-423
+      run_command: /usr/lib/systemd/systemd
+  - name: debian-8-2018-3-py2
+    driver:
+      image: netmanagers/salt-2018.3-py2:debian-8
+  - name: ubuntu-1604-2018-3-py2
+    driver:
+      image: netmanagers/salt-2018.3-py2:ubuntu-1604
+  - name: fedora-28-2018-3-py2
+    driver:
+      image: netmanagers/salt-2018.3-py2:fedora-28
+
+  # centos-6 guest fails on Debian hosts due to vsyscall issues, see
+  # https://hub.docker.com/_/centos, "A note about vsyscall"
+  # Disabled for `template-formula` because not `systemd` based
+  # - name: centos-6-2018-3
+  #   driver:
+  #     image: netmanagers/salt-2018.3-py2:centos-6
+  #     run_command: /sbin/init
+
+  ##S SALT 2017.7
+  - name: debian-8-2017-7-py2
+    driver:
+      image: netmanagers/salt-2017.7-py2:debian-8
+  - name: ubuntu-1604-2017-7-py2
+    driver:
+      image: netmanagers/salt-2017.7-py2:ubuntu-1604
+  # - name: centos-6-2017-7
+  #   driver:
+  #     image: netmanagers/salt-2017.7-py2:centos-6
+  #     run_command: /sbin/init
+
+provisioner:
+  name: salt_solo
+  log_level: info
+  salt_install: none
+  require_chef: false
+  formula: chrony
+  salt_copy_filter:
+    - .kitchen
+    - .git
+  state_top:
+    base:
+      '*':
+        - chrony
+  pillars:
+    top.sls:
+      base:
+        '*':
+          - chrony
+  pillars_from_files:
+    chrony.sls: pillar.example
+
+verifier:
+  # https://www.inspec.io/
+  name: inspec
+  sudo: true
+  # cli, documentation, html, progress, json, json-min, json-rspec, junit
+  reporter:
+    - cli
+  inspec_tests:
+    - path: test/integration/default
+
+suites:
+  - name: default

test/integration/default/controls/config_spec.rb

@@ -0,0 +1,28 @@
+# Overide by OS
+keyfile = 'keyfile '
+driftfile = '/var/lib/chrony/'
+logdir = 'logdir /var/log/chrony'
+case os[:name]
+when 'debian', 'ubuntu'
+  config_file = '/etc/chrony/chrony.conf'
+  keyfile += '/etc/chrony/chrony.keys'
+  driftfile += 'chrony.drift'
+else
+  config_file = '/etc/chrony.conf'
+  keyfile += '/etc/chrony.keys'
+  driftfile += 'drift'
+end
+
+control 'Chrony configuration' do
+  title 'should match desired lines'
+
+  describe file(config_file) do
+    it { should be_file }
+    it { should be_owned_by 'root' }
+    it { should be_grouped_into 'root' }
+    its('mode') { should cmp '0644' }
+    its('content') { should include keyfile }
+    its('content') { should include driftfile }
+    its('content') { should include logdir }
+  end
+end

test/integration/default/controls/packages_spec.rb

@@ -0,0 +1,7 @@
+control 'Chrony package' do
+  title 'should be installed'
+
+  describe package('chrony') do
+    it { should be_installed }
+  end
+end

test/integration/default/controls/services_spec.rb

@@ -0,0 +1,18 @@
+# Overide by OS
+service_name =
+  case os[:name]
+  when 'debian', 'ubuntu'
+    'chrony'
+  else
+    'chronyd'
+  end
+
+control 'Chron service' do
+  impact 0.5
+  title 'should be running and enabled'
+
+  describe service(service_name) do
+    it { should be_enabled }
+    it { should be_running }
+  end
+end

test/integration/default/inspec.yml

@@ -0,0 +1,11 @@
+name: chrony
+title: Chrony Formula
+maintainer: Your Name
+license: Apache-2.0
+summary: Verify that the chrony formula is setup and configured correctly
+supports:
+  - os-name: debian
+  - os-name: ubuntu
+  - os-name: centos
+  - os-name: fedora
+  - os-name: opensuse