Browse Source
Setting up openstack tests for iptables formula
Change-Id: Ib924de131cca35052b50555c280484ef0161ebaamaster^2
Dzmitry Stremkouski
6 years ago
6 changed files with 88 additions and 69 deletions
+ 59
- 0
.kitchen.openstack.yml
View File
| @@ -0,0 +1,59 @@ | |||
| --- | |||
| driver: | |||
| name: openstack | |||
| openstack_username: <%= ENV['OS_USERNAME'] %> | |||
| openstack_api_key: <%= ENV['OS_PASSWORD'] %> | |||
| openstack_auth_url: <%= ENV['OS_AUTH_URL'] %> | |||
| openstack_domain_name: <%= ENV['OS_DOMAIN_NAME'] %> | |||
| openstack_project_name: <%= ENV['OS_PROJECT_NAME'] %> | |||
| openstack_identity_api_version: <%= ENV['OS_IDENTITY_VERSION'] || 3 %> | |||
| availability_zone: <%= ENV['OS_AZ'] || 'nova' %> | |||
| openstack_network_name: <%= ENV['OS_FLOATING_NETWORK_NAME'] || 'public' %> | |||
| security_groups: | |||
| - kitchen | |||
| network_id: <%= ENV['OS_INTERNAL_NETWORK_ID'] || '21790488-0dc2-4864-9016-ae4f09d8a67f' %> | |||
| user_data: user_data.sh | |||
| require_chef_omnibus: false | |||
| floating_ip_pool: <%= ENV['OS_FLOATING_NETWORK_NAME'] || 'public' %> | |||
| image_id: <%= ENV['OS_IMAGE_ID'] || '60878bd4-cb4a-4d71-ae02-2a8ee4476d10' %> | |||
| flavor_id: <%= ENV['OS_FLAVOR_ID'] || 'ac2a36af-f9a0-4af7-8220-e85cff4d2bce' %> | |||
| read_timeout: 180 | |||
| write_timeout: 180 | |||
| connect_timeout: 180 | |||
| transport: | |||
| username: kitchen | |||
| password: kitchen | |||
| connection_timeout: 10 | |||
| connection_retries: 5 | |||
| provisioner: | |||
| name: salt_solo | |||
| salt_install: bootstrap | |||
| salt_bootstrap_url: https://bootstrap.saltstack.com | |||
| salt_version: <%= ENV['SALT_VERSION'] || '2018.3.0' %> | |||
| require_chef: false | |||
| log_level: error | |||
| formula: iptables | |||
| state_top: | |||
| base: | |||
| "*": | |||
| - iptables | |||
| pillars: | |||
| top.sls: | |||
| base: | |||
| "*": | |||
| - iptables | |||
| verifier: | |||
| name: inspec | |||
| sudo: true | |||
| platforms: | |||
| - name: saltstack-ubuntu-<%= ENV['UBUNTU_DISTRO'] || 'xenial' %>-salt-<%= ENV['SALT_VERSION'] || '2018.3.0' %> | |||
| suites: | |||
| - name: iptables | |||
| provisioner: | |||
| pillars-from-files: | |||
| iptables.sls: tests/pillar/iptables.sls | |||
+ 0
- 42
.kitchen.yml
View File
| @@ -1,42 +0,0 @@ | |||
| --- | |||
| driver: | |||
| name: docker | |||
| hostname: iptables.ci.local | |||
| use_sudo: false | |||
| provisioner: | |||
| name: salt_solo | |||
| salt_install: bootstrap | |||
| salt_bootstrap_url: https://bootstrap.saltstack.com | |||
| salt_version: latest | |||
| require_chef: false | |||
| log_level: error | |||
| formula: iptables | |||
| grains: | |||
| noservices: True | |||
| state_top: | |||
| base: | |||
| "*": | |||
| - iptables | |||
| pillars: | |||
| top.sls: | |||
| base: | |||
| "*": | |||
| - iptables | |||
| verifier: | |||
| name: inspec | |||
| sudo: true | |||
| platforms: | |||
| - name: <%=ENV['PLATFORM'] || 'saltstack-ubuntu-xenial-salt-stable' %> | |||
| driver_config: | |||
| image: <%=ENV['PLATFORM'] || 'epcim/salt:saltstack-ubuntu-xenial-salt-stable'%> | |||
| platform: ubuntu | |||
| suites: | |||
| - name: iptables | |||
| provisioner: | |||
| pillars-from-files: | |||
| iptables.sls: tests/pillar/iptables.sls | |||
+ 8
- 21
.travis.yml
View File
| @@ -2,38 +2,25 @@ language: python | |||
| python: | |||
| - "2.7.13" | |||
| sudo: required | |||
| services: | |||
| - docker | |||
| install: | |||
| - pip install PyYAML | |||
| - pip install virtualenv | |||
| - | | |||
| test -e Gemfile || cat <<EOF > Gemfile | |||
| source 'https://rubygems.org' | |||
| gem 'rake' | |||
| gem 'test-kitchen' | |||
| gem 'kitchen-docker' | |||
| gem 'kitchen-inspec' | |||
| gem 'inspec', '<3.0.0' | |||
| #Version was frozen, because of issues in the version of inspec >3.0.0 -- see https://mirantis.jira.com/browse/PROD-24324 for more info | |||
| gem 'kitchen-salt', :git => 'https://github.com/salt-formulas/kitchen-salt.git' | |||
| - bundle install | |||
| git clone https://gerrit.mcp.mirantis.com/salt-formulas/salt-formulas-scripts | |||
| ./salt-formulas-scripts/bootstrap-openstack-kitchen.sh | |||
| env: | |||
| - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2016.3 SUITE=iptables | |||
| - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2017.7 SUITE=iptables | |||
| - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2018.3 SUITE=iptables | |||
| # - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2017.7 SUITE=iptables | |||
| # - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2018.3 SUITE=iptables | |||
| - UBUNTU_DISTRO=xenial SALT_VERSION=2018.3 SUITE=iptables | |||
| - UBUNTU_DISTRO=xenial SALT_VERSION=2017.7 SUITE=iptables | |||
| - UBUNTU_DISTRO=bionic SALT_VERSION=2018.3 SUITE=iptables | |||
| - UBUNTU_DISTRO=bionic SALT_VERSION=2017.7 SUITE=iptables | |||
| before_script: | |||
| - set -o pipefail | |||
| - make test | tail | |||
| script: | |||
| - test ! -e .kitchen.yml || bundle exec kitchen converge ${SUITE} || true | |||
| - test ! -e .kitchen.yml || bundle exec kitchen verify ${SUITE} -t tests/integration | |||
| - test ! -e .kitchen.openstack.yml || bundle exec kitchen converge ${SUITE} || true | |||
| - test ! -e .kitchen.openstack.yml || bundle exec kitchen verify ${SUITE} -t tests/integration | |||
| notifications: | |||
| on: | |||
+ 4
- 4
README.rst
View File
| @@ -28,13 +28,13 @@ Sample pillars | |||
| service: | |||
| v4: | |||
| enabled: true | |||
| persistent_config: /etc/iptables.v4 | |||
| persistent_config: /etc/iptables/rules.v4 | |||
| modules: | |||
| - nf_conntrack_ftp | |||
| - nf_conntrack_pptp | |||
| v6: | |||
| enabled: false | |||
| persistent_config: /etc/iptables.v6 | |||
| persistent_config: /etc/iptables/rules.v6 | |||
| modules: | |||
| - nf_conntrack_ipv6 | |||
| defaults: | |||
| @@ -70,8 +70,8 @@ Sample pillars | |||
| comment: "Log my packets" | |||
| nat: | |||
| chains: | |||
| OUTPUT: | |||
| PREROUTING: | |||
| OUTPUT: {} | |||
| PREROUTING: {} | |||
| POSTROUTING: | |||
| policy: ACCEPT | |||
| ruleset: | |||
+ 2
- 2
tests/pillar/iptables.sls
View File
| @@ -44,8 +44,8 @@ iptables: | |||
| action: LOG | |||
| nat: | |||
| chains: | |||
| OUTPUT: | |||
| PREROUTING: | |||
| OUTPUT: {} | |||
| PREROUTING: {} | |||
| POSTROUTING: | |||
| policy: ACCEPT | |||
| ruleset: | |||
+ 15
- 0
user_data.sh
View File
| @@ -0,0 +1,15 @@ | |||
| #!/bin/bash -xe | |||
| # Speedup reverse hostname lookup | |||
| sed -i "s/127.0.0.1.*/127.0.0.1 localhost $(hostname)/" /etc/hosts | |||
| # Enabling password auth for kitchen user | |||
| sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config | |||
| # Disable sshd NS lookups | |||
| echo "UseDNS no" >> /etc/ssh/sshd_config | |||
| service ssh restart | |||
| # Create user 'kitchen' with password 'kitchen' | |||
| useradd -m -G adm,sudo -p '$6$DqOdqb/l$hOpDWFPeC8/45Oo8NbqZyqLZxYd.Vtlujf9A4OdwUKgBjRcETuc9Gd2C7OyI99MY2N/pACrbV8WymqV.H1XZ1.' -s /bin/bash kitchen | |||
| # Passwordless sudo for user 'kitchen' | |||
| echo "kitchen ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/99-kitchen | |||
| # Secure kitchen home | |||
| chown kitchen:root /home/kitchen -R | |||
| chmod 0700 /home/kitchen | |||
Loading…