ソースを参照

Setting up openstack tests for iptables formula

Change-Id: Ib924de131cca35052b50555c280484ef0161ebaa
master^2
Dzmitry Stremkouski 6年前
コミット
1ca901c8b7
6個のファイルの変更88行の追加69行の削除
  1. +59
    -0
      .kitchen.openstack.yml
  2. +0
    -42
      .kitchen.yml
  3. +8
    -21
      .travis.yml
  4. +4
    -4
      README.rst
  5. +2
    -2
      tests/pillar/iptables.sls
  6. +15
    -0
      user_data.sh

+ 59
- 0
.kitchen.openstack.yml ファイルの表示

@@ -0,0 +1,59 @@
---
driver:
name: openstack
openstack_username: <%= ENV['OS_USERNAME'] %>
openstack_api_key: <%= ENV['OS_PASSWORD'] %>
openstack_auth_url: <%= ENV['OS_AUTH_URL'] %>
openstack_domain_name: <%= ENV['OS_DOMAIN_NAME'] %>
openstack_project_name: <%= ENV['OS_PROJECT_NAME'] %>
openstack_identity_api_version: <%= ENV['OS_IDENTITY_VERSION'] || 3 %>
availability_zone: <%= ENV['OS_AZ'] || 'nova' %>
openstack_network_name: <%= ENV['OS_FLOATING_NETWORK_NAME'] || 'public' %>
security_groups:
- kitchen
network_id: <%= ENV['OS_INTERNAL_NETWORK_ID'] || '21790488-0dc2-4864-9016-ae4f09d8a67f' %>
user_data: user_data.sh
require_chef_omnibus: false
floating_ip_pool: <%= ENV['OS_FLOATING_NETWORK_NAME'] || 'public' %>
image_id: <%= ENV['OS_IMAGE_ID'] || '60878bd4-cb4a-4d71-ae02-2a8ee4476d10' %>
flavor_id: <%= ENV['OS_FLAVOR_ID'] || 'ac2a36af-f9a0-4af7-8220-e85cff4d2bce' %>
read_timeout: 180
write_timeout: 180
connect_timeout: 180

transport:
username: kitchen
password: kitchen
connection_timeout: 10
connection_retries: 5

provisioner:
name: salt_solo
salt_install: bootstrap
salt_bootstrap_url: https://bootstrap.saltstack.com
salt_version: <%= ENV['SALT_VERSION'] || '2018.3.0' %>
require_chef: false
log_level: error
formula: iptables
state_top:
base:
"*":
- iptables
pillars:
top.sls:
base:
"*":
- iptables

verifier:
name: inspec
sudo: true

platforms:
- name: saltstack-ubuntu-<%= ENV['UBUNTU_DISTRO'] || 'xenial' %>-salt-<%= ENV['SALT_VERSION'] || '2018.3.0' %>

suites:
- name: iptables
provisioner:
pillars-from-files:
iptables.sls: tests/pillar/iptables.sls

+ 0
- 42
.kitchen.yml ファイルの表示

@@ -1,42 +0,0 @@
---
driver:
name: docker
hostname: iptables.ci.local
use_sudo: false

provisioner:
name: salt_solo
salt_install: bootstrap
salt_bootstrap_url: https://bootstrap.saltstack.com
salt_version: latest
require_chef: false
log_level: error
formula: iptables
grains:
noservices: True
state_top:
base:
"*":
- iptables
pillars:
top.sls:
base:
"*":
- iptables

verifier:
name: inspec
sudo: true

platforms:
- name: <%=ENV['PLATFORM'] || 'saltstack-ubuntu-xenial-salt-stable' %>
driver_config:
image: <%=ENV['PLATFORM'] || 'epcim/salt:saltstack-ubuntu-xenial-salt-stable'%>
platform: ubuntu

suites:

- name: iptables
provisioner:
pillars-from-files:
iptables.sls: tests/pillar/iptables.sls

+ 8
- 21
.travis.yml ファイルの表示

@@ -2,38 +2,25 @@ language: python
python:
- "2.7.13"
sudo: required
services:
- docker

install:
- pip install PyYAML
- pip install virtualenv
- |
test -e Gemfile || cat <<EOF > Gemfile
source 'https://rubygems.org'
gem 'rake'
gem 'test-kitchen'
gem 'kitchen-docker'
gem 'kitchen-inspec'
gem 'inspec', '<3.0.0'
#Version was frozen, because of issues in the version of inspec >3.0.0 -- see https://mirantis.jira.com/browse/PROD-24324 for more info
gem 'kitchen-salt', :git => 'https://github.com/salt-formulas/kitchen-salt.git'
- bundle install
git clone https://gerrit.mcp.mirantis.com/salt-formulas/salt-formulas-scripts
./salt-formulas-scripts/bootstrap-openstack-kitchen.sh

env:
- PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2016.3 SUITE=iptables
- PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2017.7 SUITE=iptables
- PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2018.3 SUITE=iptables
# - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2017.7 SUITE=iptables
# - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2018.3 SUITE=iptables
- UBUNTU_DISTRO=xenial SALT_VERSION=2018.3 SUITE=iptables
- UBUNTU_DISTRO=xenial SALT_VERSION=2017.7 SUITE=iptables
- UBUNTU_DISTRO=bionic SALT_VERSION=2018.3 SUITE=iptables
- UBUNTU_DISTRO=bionic SALT_VERSION=2017.7 SUITE=iptables

before_script:
- set -o pipefail
- make test | tail

script:
- test ! -e .kitchen.yml || bundle exec kitchen converge ${SUITE} || true
- test ! -e .kitchen.yml || bundle exec kitchen verify ${SUITE} -t tests/integration
- test ! -e .kitchen.openstack.yml || bundle exec kitchen converge ${SUITE} || true
- test ! -e .kitchen.openstack.yml || bundle exec kitchen verify ${SUITE} -t tests/integration

notifications:
on:

+ 4
- 4
README.rst ファイルの表示

@@ -28,13 +28,13 @@ Sample pillars
service:
v4:
enabled: true
persistent_config: /etc/iptables.v4
persistent_config: /etc/iptables/rules.v4
modules:
- nf_conntrack_ftp
- nf_conntrack_pptp
v6:
enabled: false
persistent_config: /etc/iptables.v6
persistent_config: /etc/iptables/rules.v6
modules:
- nf_conntrack_ipv6
defaults:
@@ -70,8 +70,8 @@ Sample pillars
comment: "Log my packets"
nat:
chains:
OUTPUT:
PREROUTING:
OUTPUT: {}
PREROUTING: {}
POSTROUTING:
policy: ACCEPT
ruleset:

+ 2
- 2
tests/pillar/iptables.sls ファイルの表示

@@ -44,8 +44,8 @@ iptables:
action: LOG
nat:
chains:
OUTPUT:
PREROUTING:
OUTPUT: {}
PREROUTING: {}
POSTROUTING:
policy: ACCEPT
ruleset:

+ 15
- 0
user_data.sh ファイルの表示

@@ -0,0 +1,15 @@
#!/bin/bash -xe
# Speedup reverse hostname lookup
sed -i "s/127.0.0.1.*/127.0.0.1 localhost $(hostname)/" /etc/hosts
# Enabling password auth for kitchen user
sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
# Disable sshd NS lookups
echo "UseDNS no" >> /etc/ssh/sshd_config
service ssh restart
# Create user 'kitchen' with password 'kitchen'
useradd -m -G adm,sudo -p '$6$DqOdqb/l$hOpDWFPeC8/45Oo8NbqZyqLZxYd.Vtlujf9A4OdwUKgBjRcETuc9Gd2C7OyI99MY2N/pACrbV8WymqV.H1XZ1.' -s /bin/bash kitchen
# Passwordless sudo for user 'kitchen'
echo "kitchen ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/99-kitchen
# Secure kitchen home
chown kitchen:root /home/kitchen -R
chmod 0700 /home/kitchen

読み込み中…
キャンセル
保存