Merge pull request #71 from dev-sec/docker

add docker support

Author: chris-rock

.kitchen.vagrant.yml

@@ -0,0 +1,65 @@
+---
+driver:
+  name: vagrant
+
+provisioner:
+  name: ansible_playbook
+  test_repo_uri: https://github.com/hardening-io/tests-ssh-hardening.git
+  hosts: all
+  require_ansible_repo: false
+  require_ansible_omnibus: true
+  require_chef_for_busser: false
+  require_ruby_for_busser: false
+  ansible_verbose: true
+  roles_path: ../ansible-ssh-hardening/
+  playbook: default.yml
+
+platforms:
+- name: ubuntu-12.04
+  driver_config:
+    box: opscode-ubuntu-12.04
+    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-12.04_chef-provisionerless.box
+- name: ubuntu-14.04
+  driver_config:
+    box: opscode-ubuntu-14.04
+    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-14.04_chef-provisionerless.box
+- name: centos-6.4
+  driver_config:
+    box: opscode-centos-6.4
+    box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-6.4_provisionerless.box
+- name: centos-6.5
+  driver_config:
+    box: opscode-centos-6.5
+    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_centos-6.5_chef-provisionerless.box
+- name: oracle-6.4
+  driver_config:
+    box: oracle-6.4
+    box_url: https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel64-64.box
+- name: oracle-6.5
+  driver_config:
+    box: oracle-6.5
+    box_url: https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel65-64.box
+- name: debian-6
+  driver_config:
+    box: debian-6
+    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-6.0.10_chef-provisionerless.box
+- name: debian-7
+  driver_config:
+    box: debian-7
+    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-7.8_chef-provisionerless.box
+- name: debian-8
+  driver_config:
+    box: debian-8
+    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-8.1_chef-provisionerless.box
+
+verifier:
+  name: inspec
+  sudo: true
+  inspec_tests:
+    - https://github.com/dev-sec/tests-ssh-hardening
+
+suites:
+- name: ssh-ansible_1.9
+  provisioner:
+    ansible_version: 1.9.4
+- name: ssh-ansible_latest

.kitchen.yml

@@ -1,6 +1,12 @@
 ---
 driver:
-  name: vagrant
+  name: docker
+  use_sudo: false
+  provision_command:
+      - "mkdir /var/run/sshd"
+
+transport:
+  max_ssh_sessions: 5
 
 provisioner:
   name: ansible_playbook
@@ -15,45 +21,39 @@ provisioner:
   roles_path: ../ansible-ssh-hardening/
   playbook: default.yml
 
-verifier:
-  name: inspec
-  sudo: true
-  inspec_tests:
-    - https://github.com/dev-sec/tests-ssh-hardening
-
 platforms:
 - name: ubuntu-12.04
-  driver_config:
-    box: opscode-ubuntu-12.04
-    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-12.04_chef-provisionerless.box
+  driver:
+    image: ubuntu:12.04
 - name: ubuntu-14.04
-  driver_config:
-    box: opscode-ubuntu-14.04
-    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-14.04_chef-provisionerless.box
-- name: centos-6.4
-  driver_config:
-    box: opscode-centos-6.4
-    box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-6.4_provisionerless.box
-- name: centos-6.5
-  driver_config:
-    box: opscode-centos-6.5
-    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_centos-6.5_chef-provisionerless.box
-- name: oracle-6.4
-  driver_config:
-    box: oracle-6.4
-    box_url: https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel64-64.box
-- name: oracle-6.5
-  driver_config:
-    box: oracle-6.5
-    box_url: https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel65-64.box
+  driver:
+    image: ubuntu:14.04
+- name: ubuntu-16.04
+  driver:
+    image: ubuntu:16.04
+- name: centos-6.6
+  driver:
+    image: centos:6.6
+- name: centos-6.7
+  driver:
+    image: centos:6.7
+- name: centos-7
+  driver:
+    image: centos:7
+    privileged: true
+    run_command: /usr/sbin/init
 - name: debian-7
-  driver_config:
-    box: debian-7
-    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-7.8_chef-provisionerless.box
+  driver:
+    image: debian:7
 - name: debian-8
-  driver_config:
-    box: debian-8
-    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-8.1_chef-provisionerless.box
+  driver:
+    image: debian:8
+
+verifier:
+  name: inspec
+  sudo: true
+  inspec_tests:
+    - https://github.com/dev-sec/tests-ssh-hardening
 
 suites:
 - name: ssh-ansible_1.9

Gemfile

@@ -23,6 +23,7 @@ group :integration do
   gem 'kitchen-sharedtests', '~> 0.2.0'
   gem 'kitchen-sync'
   gem 'kitchen-transport-rsync'
+  gem 'kitchen-docker'
 end
 
 group :openstack do

README.md

@@ -51,15 +51,20 @@ This role provides secure ssh-client and ssh-server configurations.
 
 ## Local Testing
 
-For local testing you can use vagrant and Virtualbox of VMWare to run tests locally. You will have to install Virtualbox and Vagrant on your system. See [Vagrant Downloads](http://downloads.vagrantup.com/) for a vagrant package suitable for your system. For all our tests we use `test-kitchen`. If you are not familiar with `test-kitchen` please have a look at [their guide](http://kitchen.ci/docs/getting-started).
+The preferred way of locally testing the role is to use Docker. You will have to install Docker on your system. See [Get started](https://docs.docker.com/) for a Docker package suitable to for your system.
+
+You can also use vagrant and Virtualbox or VMWare to run tests locally. You will have to install Virtualbox and Vagrant on your system. See [Vagrant Downloads](http://downloads.vagrantup.com/) for a vagrant package suitable for your system. For all our tests we use `test-kitchen`. If you are not familiar with `test-kitchen` please have a look at [their guide](http://kitchen.ci/docs/getting-started).
 
 Next install test-kitchen:
 
 ```bash
 # Install dependencies
 gem install bundler
 bundle install
+```
 
+### Testing with Docker
+```
 # fast test on one machine
 bundle exec kitchen test default-ubuntu-1204
 
@@ -71,6 +76,18 @@ bundle exec kitchen create default-ubuntu-1204
 bundle exec kitchen converge default-ubuntu-1204
 ```
 
+### Testing with Virtualbox
+```
+# fast test on one machine
+KITCHEN_YAML=".kitchen.vagrant.yml" bundle exec kitchen test default-ubuntu-1204
+
+# test on all machines
+KITCHEN_YAML=".kitchen.vagrant.yml" bundle exec kitchen test
+
+# for development
+KITCHEN_YAML=".kitchen.vagrant.yml" bundle exec kitchen create default-ubuntu-1204
+KITCHEN_YAML=".kitchen.vagrant.yml" bundle exec kitchen converge default-ubuntu-1204
+```
 For more information see [test-kitchen](http://kitchen.ci/docs/getting-started)
 
 ## FAQ / Pitfalls

Thorfile

@@ -9,13 +9,18 @@ galaxy_info:
     - name: EL
       versions:
         - 6
+        - 7
+    - name: Oracle Linux
+      versions:
+        - 6
+        - 7
     - name: Ubuntu
       versions:
         - precise
         - trusty
+        - xenial
     - name: Debian
       versions:
-        - squeeze
         - wheezy
         - jessie
   galaxy_tags: