update testing method

use default.yml in repo for testing
consolidate kitchen vars

Author: Sebastian Gumprich

.gitignore

@@ -11,4 +11,3 @@ Berksfile.lock
 
 ansible.cfg
 hosts
-default.yml

.kitchen.yml

@@ -9,6 +9,11 @@ provisioner:
   require_ansible_omnibus: true
   require_chef_for_busser: false
   require_ruby_for_busser: false
+  ansible_verbose: true
+  ansible_diff: true
+  roles_path: ../ansible-ssh-hardening/
+  playbook: default.yml
+
 platforms:
 - name: ubuntu-12.04
   driver_config:
@@ -50,18 +55,7 @@ verifier:
   name: inspec
 suites:
 - name: ansible_1.9
-  hosts: all
-  ansible_verbose: true
-  ansible_diff: true
-  roles_path: ../ansible-ssh-hardening/
   provisioner:
-    playbook: test/integration/playbooks/default.yml
     ansible_version: 1.9.4
 - name: ansible_latest
-  hosts: all
-  ansible_verbose: true
-  ansible_diff: true
-  roles_path: ../ansible-ssh-hardening/
-  provisioner:
-    playbook: test/integration/playbooks/default.yml
 

default.yml

@@ -0,0 +1,17 @@
+---
+- name: wrapper playbook for kitchen testing "ansible-ssh-hardening" with custom settings
+  hosts: localhost
+  roles:
+    - ansible-ssh-hardening
+  vars:
+    network_ipv6_enable: true
+    ssh_allow_root_with_key: true
+    ssh_client_password_login: true
+    ssh_client_cbc_required: true
+    ssh_server_weak_hmac: true
+    ssh_client_weak_kex: true
+
+- name: wrapper playbook for kitchen testing "ansible-ssh-hardening" with default settings
+  hosts: localhost
+  roles:
+    - ansible-ssh-hardening

tasks/main.yml

@@ -5,7 +5,7 @@
 - name: test to see if selinux is running
   command: getenforce
   register: sestatus
-  changed_when: false
+  failed_when: false
   ignore_errors: true
 
 - name: check the ssh_password policy state