From ac1093f98d998357d4fd321e498bc53fb67f2caf Mon Sep 17 00:00:00 2001 From: Travis McPeak Date: Wed, 13 Jan 2016 08:44:40 -0600 Subject: [PATCH] Adding Vagrant setup for deploying security-ansible This commit adds an initial Vagrant setup that will run the security ansible tests in check mode against a clean Ubuntu Trusty 64 image. Change-Id: If5499dd111c66b9888d3fbc0772c568ef08954f5 Co-Authored-By: Rob Clark Co-Authored-By: Eric Brown --- README.md | 9 +++++++++ Vagrantfile | 16 ++++++++++++++++ tests/vagrant.yml | 19 +++++++++++++++++++ 3 files changed, 44 insertions(+) create mode 100644 Vagrantfile create mode 100644 tests/vagrant.yml diff --git a/README.md b/README.md index b4de62b2..fd95baff 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,15 @@ Using the role is fairly straightforward: roles: - openstack-ansible-security +Running with Vagrant +-------------------- + +Security Ansible can be easily run for testing using Vagrant. + +To do so run: + `vagrant destroy` To destroy any previously created Vagrant setup + `vagrant up` Spin up Ubuntu Trusty VM and run ansible-security against it + License ------- diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 00000000..a4ca67cb --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,16 @@ +# Sets up Ubuntu 14.04, downloads security-ansible, and runs it + +Vagrant.configure("2") do |config| + config.vm.box = "ubuntu/trusty64" + config.vm.hostname = "sec-ansible-test" + + config.vm.provision "ansible" do |ansible| + # ansible.verbose = "vvv" + ansible.playbook = "tests/vagrant.yml" + # we'll skip V-38496 because Vagrant itself creates the user that causes + # this to fail + ansible.skip_tags = ['V-38496'] + # we need to run as sudo for a lot of the checks ansible-security runs + ansible.raw_arguments = ['-s'] + end +end diff --git a/tests/vagrant.yml b/tests/vagrant.yml new file mode 100644 index 00000000..040006ba --- /dev/null +++ b/tests/vagrant.yml @@ -0,0 +1,19 @@ +--- +# Copyright 2016, HPE, VMWare +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Playbook for role testing + hosts: all + roles: + - role: "../../../openstack-ansible-security"