Merge pull request #6 from hellofresh/feature-centos-support

PTII-273 Add centos support and tests

Author: antonu17

.travis.yml

@@ -1,9 +1,16 @@
 ---
 language: python
+
 services:
   - docker
+
+branches:
+  only:
+    - master
+
 install:
   - pip install molecule
   - pip install docker-py
+
 script:
   - molecule test

README.md

@@ -20,7 +20,7 @@ You can override variables in your group_vars
 - `sssd_ldap_default_bind_dn: cn=manager,dc=example,dc=org`
 - `sssd_ldap_default_authtok: bind_password`
 - `sssd_ldap_user_ssh_public_key: sshPublicKey`
-
+- `sssd_ldap_override_gid: 500`
 
 Dependencies
 ------------
@@ -30,7 +30,7 @@ None
 Example Playbook
 ----------------
 
-Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+An example of how to use the role:
 
     - hosts: servers
       roles:

molecule/default/molecule.yml

@@ -6,17 +6,43 @@ driver:
 lint:
   name: yamllint
 platforms:
-  - name: instance
-    image: ubuntu:xenial
+  - name: ubuntu-xenial
+    image: solita/ubuntu-systemd:latest
+    command: /sbin/init
+    privileged: True
+    capabilities:
+      - SYS_ADMIN
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+  - name: centos-7
+    image: centos/systemd
+    command: /usr/sbin/init
+    privileged: True
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    capabilities:
+      - SYS_ADMIN
 provisioner:
   name: ansible
+  inventory:
+    group_vars:
+      all:
+        sssd_ldap_search_base: dc=example,dc=com
+        sssd_ldap_uri: ldap://localhost
+        sssd_ldap_default_bind_dn: cn=Manager,dc=example,dc=com
+        sssd_ldap_default_authtok: s3cr3t
+        sssd_ldap_user_ssh_public_key: sshPublicKey
+        sssd_ldap_override_gid: 1
   lint:
     name: ansible-lint
     options:
-      x: ANSIBLE0013
+      x:
+        - ANSIBLE0013
 scenario:
   name: default
 verifier:
   name: testinfra
+  options:
+    v: true
   lint:
     name: flake8

molecule/default/prepare.yml

@@ -1,5 +1,62 @@
 ---
 - name: Prepare
   hosts: all
-  gather_facts: false
-  tasks: []
+  gather_facts: true
+  become: true
+
+  vars:
+    openssh_clients:
+      Debian: openssh-client
+      RedHat: openssh-clients
+
+  roles:
+    - role: openldap
+      openldap_server_domain_name: example.com
+      openldap_server_rootpw: s3cr3t
+      openldap_server_enable_ssl: false
+
+  tasks:
+    - name: install python-ldap
+      package:
+        name: python-ldap
+    - name: Make sure we have an test user
+      ldap_entry:
+        bind_dn: cn=Manager,dc=example,dc=com
+        bind_pw: s3cr3t
+        dn: cn=test,dc=example,dc=com
+        objectClass:
+          - top
+          - person
+          - posixAccount
+          - inetOrgPerson
+          - organizationalPerson
+          - ldapPublicKey
+        attributes:
+          uid: test
+          uidNumber: 5000
+          givenName: Test
+          sn: Test
+          cn: Test
+          loginShell: /bin/bash
+          homeDirectory: /home/test
+          sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYaGyXcqdQUIxjPr3eqXro9X/2LrLH2o+OrFeGRB2u3WxigroynxD8vLjtG6qyYYtgnvR9+2usVhbNNS3QdF3G5wenCR4Zpk6VIYofQrBYmrzJG9Bsig3G4SgnGF2x4KimupjCdD4+1S9OMF/4GzQZdaLl2HkSTYE+6430FbSD8i3IdpbRI526X8q4njrTHgIYUtAVFTPSudZ/3fIzFpfNlWq5wy1CXCGc7aqmHECQzareeoAM5NfgrUkw7TFrKP/zelDkqpJ6pwYTWg2VZYmoXmh2o+ttWFatGzJPUoeU/r+SjMn4YvMunT+L6NIrbJQkXwB9i3upMx2bQcuPl0cl test-key
+          gidNumber: 5000
+    - name: create /root/.ssh dir
+      file:
+        path: /root/.ssh
+        state: directory
+        mode: 0755
+    - name: copy ssh key
+      copy:
+        src: test.key
+        dest: /root/.ssh/id_rsa
+        mode: 0600
+        owner: root
+        group: root
+    - name: enable login
+      file:
+        path: /run/nologin
+        state: absent
+    - name: install ssh client
+      package:
+        name: "{{ openssh_clients[ansible_os_family] }}"

molecule/default/requirements.yml

@@ -0,0 +1,4 @@
+---
+- src: git+https://github.com/antonu17/openldap_server.git
+  version: master
+  name: openldap

molecule/default/test.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA2Ghsl3KnUFCMYz693ql66PV/9i6yx9qPjqxXhkQdrt1sYoK6
+Mp8Q/Ly47RuqsmGLYJ70fftrrFYWzTUt0HRdxucHpwkeGaZOlSGKH0KwWJq8yRvQ
+bIoNxuEoJxhdseCoprqYwnQ+PtUvTjBf+Bs0GXWi5dh5Ek2BPuuN9BW0g/ItyHaW
+0SOdul/KuJ460x4CGFLQFRUz0rnWf93yMxaXzZVqucMtQlwhnO2qphxAkM2q3nqA
+DOTX4K1JMO0xayj/83pQ5KqSeqcGE1oNlWWJqF5odqPrbVhWrRsyT1KHlP6/kozJ
++GLzLp0/i+jSK2yUJF8AfYt7qTMdm0HLj5dHJQIDAQABAoIBABKjC5cPXLFh/nUd
+liRy3A7r9ZUx+FuVyv8ygGcjvpqsnwTs1TQ+1qutZQ+mblDmbaZoig2/dUpmL5iE
+l+l33AuhIduUwW7cD7BwLwD6MU2wJcn8BzsRuJYEFf0n8Am9m0igkT9N2351xZkq
+OVmYnigDJYA94E9fNV5B0vvOUrl6HT3aORqePvWeQKRaeBpeyVmjXsi3A/92G6tc
+JZh/y19HVuyrQiiQhrVN3w8OVxnX8heMD68BPi9njqK3RTiUGtLrlMAcbdKGkfIL
+MsQei9XlFdSce4ROFxJ38/1bRJdy4hYcYRPTEkrKpAaQQmE7VsSOmzTIz3Qer6kT
+7zjggZECgYEA9CIvlCAPmK8RT6O1oSD4XNqhAGNlUs6MABrf4q8vKhwHSfgZSZNF
+zL/cX85EozzjnSgmJzYC0abM/L2LvZTlI93fSpgN5FwXZEdh/ab4XTr8gmxpQDZC
+HPN/JfdkZj18HJG47a+8JXLGjC5W/nMupAc6n8jH3CLpE5O3U/HJ758CgYEA4u09
+zgnT5x02nFjN6MMSEEQxhR8wqb+vDmPpg/cMzyoVjrQjgHLpXpPsoG/Rh4wziUpH
+roR4jv8DZ2GDkIKQoeOaUFZbGHxX6UDCUl3EFNI3dL/rMioh3YhN687NM+f0JK6G
++GV+ESRNDDZeE4QX1lryrR3P8x9SCDnQ2V8KArsCgYBRb1nZmjw5nSQ0IZLDlcDj
+EFamT4GL9rQCkPRfpDoiXMkdpnGg9kxROSqklqSUown18V+QstaL4oz8Panwaktp
+BGiodEImC4YOADWyq9CrILL8Ond9YNv61kpyeqx14kqVKRK7zmP/ReLu/cItDHTh
+aDvo8sugJdEDo8GCceP/VwKBgQCI2tL/Q2YMZ83blKL50Us/jCDhS+IpPXTxlMfr
+0j5jYdoGahVPDf44D7YRO959hMw/7BA266VZd+oxmtmheVyIhZ82/B2MMtFB1tBa
+pDnw5KaVPnk1k7tAw0dbAyk2OJlA1hCIFY1mASKGTvOFiZBmsgrQ5L3YvfbXBycx
+MOP0qQKBgQC+flfm7v0C4nlBvygKNOzqfcN3lX4hdxdBbkJPsz3RXKXJpKu//K5u
+hGvEcF1qcgdB5zgtUCU9OkQxNPijN8TU2qwtL4CnUy3J4ji0HDST1FrV4wCskM5N
+584tSeZqfYENG1o30RF1DX5yS0QFj/wYENXqAcrWQruwdZ7B0B0DZw==
+-----END RSA PRIVATE KEY-----

molecule/default/test.key.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYaGyXcqdQUIxjPr3eqXro9X/2LrLH2o+OrFeGRB2u3WxigroynxD8vLjtG6qyYYtgnvR9+2usVhbNNS3QdF3G5wenCR4Zpk6VIYofQrBYmrzJG9Bsig3G4SgnGF2x4KimupjCdD4+1S9OMF/4GzQZdaLl2HkSTYE+6430FbSD8i3IdpbRI526X8q4njrTHgIYUtAVFTPSudZ/3fIzFpfNlWq5wy1CXCGc7aqmHECQzareeoAM5NfgrUkw7TFrKP/zelDkqpJ6pwYTWg2VZYmoXmh2o+ttWFatGzJPUoeU/r+SjMn4YvMunT+L6NIrbJQkXwB9i3upMx2bQcuPl0cl test-key

molecule/default/tests/test_default.py

@@ -12,3 +12,36 @@ def test_hosts_file(host):
     assert f.exists
     assert f.user == 'root'
     assert f.group == 'root'
+
+
+def test_sssd_ldap_user(host):
+    user = host.user('test')
+    assert user.uid == 5000
+    assert user.gid == 1
+
+
+def test_sssd_service_state(host):
+    assert host.service('sssd').is_enabled
+    assert host.service('sssd').is_running
+
+
+def test_sshd_service_state(host):
+    assert host.service('sshd').is_enabled
+    assert host.service('sshd').is_running
+
+
+def test_ssh_access(host):
+    host.run_test(
+        '/usr/bin/ssh '
+        '-o StrictHostKeyChecking=no '
+        '-o BatchMode=yes '
+        '-T '
+        '-i /root/.ssh/id_rsa '
+        '-l test '
+        'localhost '
+        'exit'
+    )
+
+
+def test_homedir_created(host):
+    assert host.file('/home/test').is_directory

tasks/pamd.yml

@@ -6,3 +6,8 @@
   when: ansible_os_family == "Debian"
   notify:
     - run pam auth update
+
+- name: pamd | add pam_mkhomedir for RedHat machines
+  command: authconfig --enablemkhomedir --update
+  changed_when: false
+  when: ansible_os_family == "RedHat"

tasks/sshd.yml

@@ -6,9 +6,14 @@
   notify:
     - restart sshd
 
-- name: sssd_ldap | sshd | make authorized keys lookup script run as nobody
+- name: sshd | make authorized keys lookup script run as nobody
   lineinfile:
     path: /etc/ssh/sshd_config
     line: 'AuthorizedKeysCommandUser nobody'
   notify:
     - restart sshd
+
+- name: sshd | ensure sshd service is enabled
+  service:
+    name: sshd
+    enabled: true