From ff078030428af6e08c0412cf63ca4d3236810a4f Mon Sep 17 00:00:00 2001 From: Travis Truman Date: Wed, 8 Jun 2016 17:03:53 -0400 Subject: [PATCH] Add support for Xenial and CentOS 7 to the Vagrantfile Added additional documentation on Vagrantfile usage for all platforms. Change-Id: If8941308f96313bfd71c9252c9508b6b68ab457e --- .gitignore | 3 +++ README.md | 32 ++++++++++++++++++++++++++---- Vagrantfile | 57 ++++++++++++++++++++++++++++++++++++++++++----------- 3 files changed, 77 insertions(+), 15 deletions(-) diff --git a/.gitignore b/.gitignore index 71b747b0..2dbb4d0f 100644 --- a/.gitignore +++ b/.gitignore @@ -62,3 +62,6 @@ ChangeLog # Files created by releasenotes build releasenotes/build + +# Vagrant testing artifacts +.vagrant diff --git a/README.md b/README.md index 8b837bca..604a4ba2 100644 --- a/README.md +++ b/README.md @@ -31,11 +31,35 @@ Using the role is fairly straightforward: Running with Vagrant -------------------- -Security Ansible can be easily run for testing using Vagrant. +This role can be tested easily on multiple platforms using Vagrant. -To do so run: - `vagrant destroy` To destroy any previously created Vagrant setup - `vagrant up` Spin up Ubuntu Trusty VM and run ansible-security against it +The `Vagrantfile` supports testing on: + * Ubuntu 14.04 + * Ubuntu 16.04 + * CentOS 7 + +To test on all platforms: + +```shell +vagrant destroy --force && vagrant up +``` + +To test on Ubuntu 14.04 only: + +```shell +vagrant destroy ubuntu1404 --force && vagrant up ubuntu1404 +``` + +To test on Ubuntu 16.04 only: +```shell +vagrant destroy ubuntu1604 --force && vagrant up ubuntu1604 +``` + +To test on CentOS 7 only: + +```shell +vagrant destroy centos7 --force && vagrant up centos7 +``` License ------- diff --git a/Vagrantfile b/Vagrantfile index a4ca67cb..09adb7ba 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -1,16 +1,51 @@ -# Sets up Ubuntu 14.04, downloads security-ansible, and runs it +# Runs the role against Ubuntu 14.04, 16.04 and CentOS 7 +# for local testing purposes Vagrant.configure("2") do |config| - config.vm.box = "ubuntu/trusty64" - config.vm.hostname = "sec-ansible-test" - config.vm.provision "ansible" do |ansible| - # ansible.verbose = "vvv" - ansible.playbook = "tests/vagrant.yml" - # we'll skip V-38496 because Vagrant itself creates the user that causes - # this to fail - ansible.skip_tags = ['V-38496'] - # we need to run as sudo for a lot of the checks ansible-security runs - ansible.raw_arguments = ['-s'] + config.vm.define "ubuntu1404" do |trusty| + trusty.vm.box = "ubuntu/trusty64" + trusty.vm.hostname = "sec-ansible-test-ubuntu1404" + + trusty.vm.provision "ansible" do |ansible| + # ansible.verbose = "vvv" + ansible.playbook = "tests/vagrant.yml" + # we'll skip V-38496 because Vagrant itself creates the user that causes + # this to fail + ansible.skip_tags = ['V-38496'] + # we need to run as sudo for a lot of the checks ansible-security runs + ansible.raw_arguments = ['-s'] + end + end + + config.vm.define "ubuntu1604" do |trusty| + trusty.vm.box = "ubuntu/xenial64" + trusty.vm.hostname = "sec-ansible-test-ubuntu1604" + + trusty.vm.provision "ansible" do |ansible| + # ansible.verbose = "vvv" + ansible.playbook = "tests/vagrant.yml" + # we'll skip V-38496 because Vagrant itself creates the user that causes + # this to fail + ansible.skip_tags = ['V-38496'] + # we need to run as sudo for a lot of the checks ansible-security runs + ansible.raw_arguments = ['-s'] + end + end + + config.vm.define "centos7" do |centos7| + centos7.vm.box = "centos/7" + centos7.vm.hostname = "sec-ansible-test-centos-7" + + centos7.vm.provision "ansible" do |ansible| + # ansible.verbose = "vvv" + ansible.playbook = "tests/vagrant.yml" + # we'll skip V-38496 because Vagrant itself creates the user that causes + # this to fail + ansible.skip_tags = ['V-38496'] + # we need to run as sudo for a lot of the checks ansible-security runs + ansible.raw_arguments = ['-s'] + end end end +