openstack/ansible-hardening
Code Issues Proposed changes

Add support for Xenial and CentOS 7 to the Vagrantfile

Browse Source 
Added additional documentation on Vagrantfile
usage for all platforms.

Change-Id: If8941308f96313bfd71c9252c9508b6b68ab457e
This commit is contained in:
Travis Truman 2016-06-08 17:03:53 -04:00
parent 3bc293f77c
commit ff07803042
3 changed files with 77 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -62,3 +62,6 @@ ChangeLog
# Files created by releasenotes build # Files created by releasenotes build
releasenotes/build releasenotes/build
# Vagrant testing artifacts
.vagrant

32
README.md
View File

@ -31,11 +31,35 @@ Using the role is fairly straightforward:
Running with Vagrant Running with Vagrant
-------------------- --------------------
Security Ansible can be easily run for testing using Vagrant. This role can be tested easily on multiple platforms using Vagrant.
To do so run: The `Vagrantfile` supports testing on:
`vagrant destroy` To destroy any previously created Vagrant setup * Ubuntu 14.04
`vagrant up` Spin up Ubuntu Trusty VM and run ansible-security against it * Ubuntu 16.04
* CentOS 7
To test on all platforms:
```shell
vagrant destroy --force && vagrant up
```
To test on Ubuntu 14.04 only:
```shell
vagrant destroy ubuntu1404 --force && vagrant up ubuntu1404
```
To test on Ubuntu 16.04 only:
```shell
vagrant destroy ubuntu1604 --force && vagrant up ubuntu1604
```
To test on CentOS 7 only:
```shell
vagrant destroy centos7 --force && vagrant up centos7
```
License License
------- -------

57
Vagrantfile vendored
View File

@ -1,16 +1,51 @@
# Sets up Ubuntu 14.04, downloads security-ansible, and runs it # Runs the role against Ubuntu 14.04, 16.04 and CentOS 7
# for local testing purposes
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
config.vm.box = "ubuntu/trusty64"
config.vm.hostname = "sec-ansible-test"
config.vm.provision "ansible" do |ansible| config.vm.define "ubuntu1404" do |trusty|
# ansible.verbose = "vvv" trusty.vm.box = "ubuntu/trusty64"
ansible.playbook = "tests/vagrant.yml" trusty.vm.hostname = "sec-ansible-test-ubuntu1404"
# we'll skip V-38496 because Vagrant itself creates the user that causes
# this to fail trusty.vm.provision "ansible" do |ansible|
ansible.skip_tags = ['V-38496'] # ansible.verbose = "vvv"
# we need to run as sudo for a lot of the checks ansible-security runs ansible.playbook = "tests/vagrant.yml"
ansible.raw_arguments = ['-s'] # we'll skip V-38496 because Vagrant itself creates the user that causes
# this to fail
ansible.skip_tags = ['V-38496']
# we need to run as sudo for a lot of the checks ansible-security runs
ansible.raw_arguments = ['-s']
end
end
config.vm.define "ubuntu1604" do |trusty|
trusty.vm.box = "ubuntu/xenial64"
trusty.vm.hostname = "sec-ansible-test-ubuntu1604"
trusty.vm.provision "ansible" do |ansible|
# ansible.verbose = "vvv"
ansible.playbook = "tests/vagrant.yml"
# we'll skip V-38496 because Vagrant itself creates the user that causes
# this to fail
ansible.skip_tags = ['V-38496']
# we need to run as sudo for a lot of the checks ansible-security runs
ansible.raw_arguments = ['-s']
end
end
config.vm.define "centos7" do |centos7|
centos7.vm.box = "centos/7"
centos7.vm.hostname = "sec-ansible-test-centos-7"
centos7.vm.provision "ansible" do |ansible|
# ansible.verbose = "vvv"
ansible.playbook = "tests/vagrant.yml"
# we'll skip V-38496 because Vagrant itself creates the user that causes
# this to fail
ansible.skip_tags = ['V-38496']
# we need to run as sudo for a lot of the checks ansible-security runs
ansible.raw_arguments = ['-s']
end
end end
end end