Merge pull request #90 from dev-sec/docker

Docker

Author: atomic111

.kitchen.vagrant.yml

@@ -0,0 +1,61 @@
+---
+driver:
+  name: vagrant
+
+provisioner:
+  name: ansible_playbook
+  test_repo_uri: https://github.com/hardening-io/tests-os-hardening.git
+  hosts: all
+  require_ansible_repo: false
+  require_ansible_omnibus: true
+  require_chef_for_busser: false
+  require_ruby_for_busser: false
+  ansible_verbose: true
+  roles_path: ../ansible-os-hardening/
+  playbook: default.yml
+
+platforms:
+- name: ubuntu-12.04
+  driver_config:
+    box: opscode-ubuntu-12.04
+    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-12.04_chef-provisionerless.box
+- name: ubuntu-14.04
+  driver_config:
+    box: opscode-ubuntu-14.04
+    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-14.04_chef-provisionerless.box
+- name: centos-6.4
+  driver_config:
+    box: opscode-centos-6.4
+    box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-6.4_provisionerless.box
+- name: centos-6.5
+  driver_config:
+    box: opscode-centos-6.5
+    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_centos-6.5_chef-provisionerless.box
+- name: oracle-6.4
+  driver_config:
+    box: oracle-6.4
+    box_url: https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel64-64.box
+- name: oracle-6.5
+  driver_config:
+    box: oracle-6.5
+    box_url: https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel65-64.box
+- name: debian-7
+  driver_config:
+    box: debian-7
+    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-7.8_chef-provisionerless.box
+- name: debian-8
+  driver_config:
+    box: debian-8
+    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-8.1_chef-provisionerless.box
+
+verifier:
+  name: inspec
+  sudo: true
+  inspec_tests:
+    - https://github.com/dev-sec/tests-os-hardening
+
+suites:
+- name: os-ansible_1.9
+  provisioner:
+    ansible_version: 1.9.4
+- name: os-ansible_latest

.kitchen.yml

@@ -1,6 +1,11 @@
 ---
 driver:
-  name: vagrant
+  name: docker
+  use_sudo: false
+  privileged: true
+
+transport:
+  max_ssh_sessions: 5
 
 provisioner:
   name: ansible_playbook
@@ -14,53 +19,47 @@ provisioner:
   hosts: all
   roles_path: ../ansible-os-hardening/
   playbook: default.yml
-
-verifier:
-  name: inspec
-  sudo: true
-  inspec_tests:
-    - https://github.com/dev-sec/tests-os-hardening
+  ansible_extra_flags:
+    - "--skip-tags=sysctl"
 
 platforms:
 - name: ubuntu-12.04
-  driver_config:
-    box: opscode-ubuntu-12.04
-    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-12.04_chef-provisionerless.box
+  driver:
+    image: ubuntu:12.04
 - name: ubuntu-14.04
-  driver_config:
-    box: opscode-ubuntu-14.04
-    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-14.04_chef-provisionerless.box
-- name: centos-6.4
-  driver_config:
-    box: opscode-centos-6.4
-    box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-6.4_provisionerless.box
-- name: centos-6.5
-  driver_config:
-    box: opscode-centos-6.5
-    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_centos-6.5_chef-provisionerless.box
-- name: centos-7.2
-  driver_config:
-    box: opscode-centos-7.2
-    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_centos-7.2_chef-provisionerless.box
-- name: oracle-6.4
-  driver_config:
-    box: oracle-6.4
-    box_url: https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel64-64.box
-- name: oracle-6.5
-  driver_config:
-    box: oracle-6.5
-    box_url: https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel65-64.box
+  driver:
+    image: ubuntu:14.04
+- name: ubuntu-16.04
+  driver:
+    image: ubuntu:16.04
+    provision_command:
+      - "apt-get install initramfs-tools -y"
+- name: centos-6.6
+  driver:
+    image: centos:6.6
+- name: centos-6.7
+  driver:
+    image: centos:6.7
+- name: centos-7
+  driver:
+    image: centos:7
+    privileged: true
+    run_command: /usr/sbin/init
 - name: debian-7
-  driver_config:
-    box: debian-7
-    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-7.8_chef-provisionerless.box
+  driver:
+    image: debian:7
 - name: debian-8
-  driver_config:
-    box: debian-8
-    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-8.1_chef-provisionerless.box
+  driver:
+    image: debian:8
+
+verifier:
+  name: inspec
+  sudo: true
+  inspec_tests:
+    - https://github.com/dev-sec/tests-os-hardening
 
 suites:
-- name: os-ansible_1.9
+- name: os_ansible_1.9
   provisioner:
     ansible_version: 1.9.4
-- name: os-ansible_latest
+- name: os_ansible_latest

Gemfile

@@ -19,10 +19,11 @@ group :integration do
   gem 'test-kitchen', '~> 1.0'
   gem 'kitchen-ansible'
   gem 'kitchen-vagrant'
-  gem 'kitchen-inspec', '~> 0.9'
+  gem 'kitchen-inspec'
   gem 'kitchen-sharedtests', '~> 0.2.0'
   gem 'kitchen-sync'
   gem 'kitchen-transport-rsync'
+  gem 'kitchen-docker'
 end
 
 group :openstack do

README.md

@@ -137,18 +137,20 @@ Alternatively you can change Ansible's [hash-behaviour](https://docs.ansible.com
 
 ## Local Testing
 
-For local testing you can use vagrant and Virtualbox of VMWare to run tests locally. You will have to install Virtualbox and Vagrant on your system. See [Vagrant Downloads](http://downloads.vagrantup.com/) for a vagrant package suitable for your system. For all our tests we use `test-kitchen`. If you are not familiar with `test-kitchen` please have a look at [their guide](http://kitchen.ci/docs/getting-started).
+The preferred way of locally testing the role is to use Docker. You will have to install Docker on your system. See [Get started](https://docs.docker.com/) for a Docker package suitable to for your system.
+
+You can also use vagrant and Virtualbox or VMWare to run tests locally. You will have to install Virtualbox and Vagrant on your system. See [Vagrant Downloads](http://downloads.vagrantup.com/) for a vagrant package suitable for your system. For all our tests we use `test-kitchen`. If you are not familiar with `test-kitchen` please have a look at [their guide](http://kitchen.ci/docs/getting-started).
 
 Next install test-kitchen:
 
 ```bash
 # Install dependencies
 gem install bundler
 bundle install
+```
 
-# Fetch tests
-bundle exec thor kitchen:fetch-remote-tests
-
+### Testing with Docker
+```
 # fast test on one machine
 bundle exec kitchen test default-ubuntu-1204
 
@@ -160,8 +162,19 @@ bundle exec kitchen create default-ubuntu-1204
 bundle exec kitchen converge default-ubuntu-1204
 ```
 
-For more information see [test-kitchen](http://kitchen.ci/docs/getting-started)
+### Testing with Virtualbox
+```
+# fast test on one machine
+KITCHEN_YAML=".kitchen.vagrant.yml" bundle exec kitchen test default-ubuntu-1204
+
+# test on all machines
+KITCHEN_YAML=".kitchen.vagrant.yml" bundle exec kitchen test
 
+# for development
+KITCHEN_YAML=".kitchen.vagrant.yml" bundle exec kitchen create default-ubuntu-1204
+KITCHEN_YAML=".kitchen.vagrant.yml" bundle exec kitchen converge default-ubuntu-1204
+```
+For more information see [test-kitchen](http://kitchen.ci/docs/getting-started)
 
 ## Contributors + Kudos