Move integration to use docker, now all platforms work.

Author: Michael Chmielewski

.kitchen.yml

@@ -1,75 +1,203 @@
 ---
 driver:
-  name: vagrant
+  name: docker
 
 provisioner:
   product_name: chef
   product_version: 14
 
 platforms:
-  - name: ubuntu-16.04
+  - name: amazonlinux-1
     attributes:
       threatstack:
         repo:
-          url: <%= ENV['TS_DEB_REPO_URL'] != nil ? ENV['TS_DEB_REPO_URL']: nil %>
-          key: <%= ENV['TS_DEB_REPO_KEY'] != nil ? ENV['TS_DEB_REPO_KEY'] : nil %>
-          components: <%= ENV['TS_REPO_COMPONENTS'] != nil ? ENV['TS_REPO_COMPONENTS'] : nil %>
-  - name: ubuntu-18.04
-    attributes:
-      threatstack:
-        repo:
-          url: <%= ENV['TS_DEB_REPO_URL'] != nil ? ENV['TS_DEB_REPO_URL'] : nil %>
-          key: <%= ENV['TS_DEB_REPO_KEY'] != nil ? ENV['TS_DEB_REPO_KEY'] : nil %>
-          components: <%= ENV['TS_REPO_COMPONENTS'] != nil ? ENV['TS_REPO_COMPONENTS'] : nil %>
-  - name: ubuntu-20.04
-    attributes:
-      threatstack:
-        repo:
-          url: <%= ENV['TS_DEB_REPO_URL'] != nil ? ENV['TS_DEB_REPO_URL'] : nil %>
-          key: <%= ENV['TS_DEB_REPO_KEY'] != nil ? ENV['TS_DEB_REPO_KEY'] : nil %>
-          components: <%= ENV['TS_REPO_COMPONENTS'] != nil ? ENV['TS_REPO_COMPONENTS'] : nil %>
-  - name: debian-8
-    attributes:
-      threatstack:
-        repo:
-          url: <%= ENV['TS_DEB_REPO_URL'] != nil ? ENV['TS_DEB_REPO_URL'] : nil %>
-          key: <%= ENV['TS_DEB_REPO_KEY'] != nil ? ENV['TS_DEB_REPO_KEY'] : nil %>
-          components: <%= ENV['TS_REPO_COMPONENTS'] != nil ? ENV['TS_REPO_COMPONENTS'] : nil %>
-  - name: debian-9
-    attributes:
-      threatstack:
-        repo:
-          url: <%= ENV['TS_DEB_REPO_URL'] != nil ? ENV['TS_DEB_REPO_URL'] : nil %>
-          key: <%= ENV['TS_DEB_REPO_KEY'] != nil ? ENV['TS_DEB_REPO_KEY'] : nil %>
-          components: <%= ENV['TS_REPO_COMPONENTS'] != nil ? ENV['TS_REPO_COMPONENTS'] : nil %>
-  - name: debian-10
+          url: <%= ENV['TS_RPM_REPO_URL'] != nil ? ENV['TS_RPM_REPO_URL'] + '/amzn1' : nil %>
+          key_file_uri: <%= ENV['TS_RPM_REPO_URL'] != nil ? ENV['TS_RPM_REPO_URL'] + '/amzn1/repomd.xml.key' : nil %>
+        validate_gpg_key: false  # This is ONLY for test purposes! Don't do this in your actual roles/recipes
+    driver_config:
+      image: amazonlinux:1
+      run_command: /sbin/init
+      privileged: true
+      run_options:
+        env: container=docker
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup
+      provision_command:
+        - yum install -y audit initscripts
+        - sed -i 's/local_events = yes/local_events = no/g' /etc/audit/auditd.conf
+        - chkconfig auditd on
+  - name: amazonlinux-2
     attributes:
       threatstack:
         repo:
-          url: <%= ENV['TS_DEB_REPO_URL'] != nil ? ENV['TS_DEB_REPO_URL'] : nil %>
-          key: <%= ENV['TS_DEB_REPO_KEY'] != nil ? ENV['TS_DEB_REPO_KEY'] : nil %>
-          components: <%= ENV['TS_REPO_COMPONENTS'] != nil ? ENV['TS_REPO_COMPONENTS'] : nil %>
+          url: <%= ENV['TS_RPM_REPO_URL'] != nil ? ENV['TS_RPM_REPO_URL'] + '/amzn2' : nil %>
+          key_file_uri: <%= ENV['TS_RPM_REPO_URL'] != nil ? ENV['TS_RPM_REPO_URL'] + '/amzn2/repomd.xml.key' : nil %>
+        validate_gpg_key: false  # This is ONLY for test purposes! Don't do this in your actual roles/recipes
+    driver_config:
+      image: amazonlinux:2
+      run_command: /sbin/init
+      privileged: true
+      run_options:
+        env: container=docker
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup
+      provision_command:
+        - yum install -y audit initscripts
+        - sed -i 's/local_events = yes/local_events = no/g' /etc/audit/auditd.conf
+        - systemctl enable auditd.service
+    image: centos:7
   - name: centos-7
     attributes:
       threatstack:
         repo:
           url: <%= ENV['TS_RPM_REPO_URL'] != nil ? ENV['TS_RPM_REPO_URL'] + '/el7' : nil %>
           key_file_uri: <%= ENV['TS_RPM_REPO_URL'] != nil ? ENV['TS_RPM_REPO_URL'] + '/el7/repomd.xml.key' : nil %>
         validate_gpg_key: false # This is ONLY for test purposes! Don't do this in your actual roles/recipes
+    driver_config:
+      image: centos:7
+      run_command: /sbin/init
+      privileged: true
+      run_options:
+        env: container=docker
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup
+      provision_command:
+        - yum install -y audit initscripts
+        - sed -i 's/local_events = yes/local_events = no/g' /etc/audit/auditd.conf
+        - systemctl enable auditd.service
   - name: centos-8
     attributes:
       threatstack:
         repo:
           url: <%= ENV['TS_RPM_REPO_URL'] != nil ? ENV['TS_RPM_REPO_URL'] + '/el8' : nil %>
           key_file_uri: <%= ENV['TS_RPM_REPO_URL'] != nil ? ENV['TS_RPM_REPO_URL'] + '/el8/repomd.xml.key' : nil %>
         validate_gpg_key: false # This is ONLY for test purposes! Don't do this in your actual roles/recipes
-  - name: amazonlinux-2
+    driver_config:
+      image: centos:8
+      run_command: /sbin/init
+      privileged: true
+      run_options:
+        env: container=docker
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup
+      provision_command:
+        - yum install -y audit initscripts
+        - sed -i 's/local_events = yes/local_events = no/g' /etc/audit/auditd.conf
+        - systemctl enable auditd.service
+  - name: debian-8
     attributes:
       threatstack:
         repo:
-          url: <%= ENV['TS_RPM_REPO_URL'] != nil ? ENV['TS_RPM_REPO_URL'] + '/amzn2' : nil %>
-          key_file_uri: <%= ENV['TS_RPM_REPO_URL'] != nil ? ENV['TS_RPM_REPO_URL'] + '/amzn2/repomd.xml.key' : nil %>
-        validate_gpg_key: false  # This is ONLY for test purposes! Don't do this in your actual roles/recipes
+          url: <%= ENV['TS_DEB_REPO_URL'] != nil ? ENV['TS_DEB_REPO_URL']: nil %>
+          key: <%= ENV['TS_DEB_REPO_KEY'] != nil ? ENV['TS_DEB_REPO_KEY'] : nil %>
+          components: <%= ENV['TS_REPO_COMPONENTS'] != nil ? ENV['TS_REPO_COMPONENTS'] : nil %>
+    driver_config:
+      image: debian:8
+      run_command: /sbin/init
+      cap_add:
+        - SYS_ADMIN
+      run_options:
+        env: container=docker
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup
+      provision_command:
+        - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
+        - systemctl enable ssh.service
+  - name: debian-9
+    threatstack:
+      repo:
+        url: <%= ENV['TS_DEB_REPO_URL'] != nil ? ENV['TS_DEB_REPO_URL']: nil %>
+        key: <%= ENV['TS_DEB_REPO_KEY'] != nil ? ENV['TS_DEB_REPO_KEY'] : nil %>
+        components: <%= ENV['TS_REPO_COMPONENTS'] != nil ? ENV['TS_REPO_COMPONENTS'] : nil %>
+    driver_config:
+      image: debian:9
+      run_command: /bin/systemd
+      cap_add:
+        - SYS_ADMIN
+      run_options:
+        env: container=docker
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup
+      provision_command:
+        - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
+        - systemctl enable ssh.service
+        - apt install -y gnupg
+  - name: debian-10
+    threatstack:
+      repo:
+        url: <%= ENV['TS_DEB_REPO_URL'] != nil ? ENV['TS_DEB_REPO_URL']: nil %>
+        key: <%= ENV['TS_DEB_REPO_KEY'] != nil ? ENV['TS_DEB_REPO_KEY'] : nil %>
+        components: <%= ENV['TS_REPO_COMPONENTS'] != nil ? ENV['TS_REPO_COMPONENTS'] : nil %>
+    driver_config:
+      image: debian:10
+      run_command: /sbin/init
+      cap_add:
+        - SYS_ADMIN
+      run_options:
+        env: container=docker
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup
+      provision_command:
+        - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
+        - systemctl enable ssh.service
+        - apt install -y gnupg
+  - name: ubuntu-16.04
+    threatstack:
+      repo:
+        url: <%= ENV['TS_DEB_REPO_URL'] != nil ? ENV['TS_DEB_REPO_URL']: nil %>
+        key: <%= ENV['TS_DEB_REPO_KEY'] != nil ? ENV['TS_DEB_REPO_KEY'] : nil %>
+        components: <%= ENV['TS_REPO_COMPONENTS'] != nil ? ENV['TS_REPO_COMPONENTS'] : nil %>
+    driver_config:
+      image: ubuntu:16.04
+      run_command: /sbin/init
+      cap_add:
+        - SYS_ADMIN
+      run_options:
+        env: container=docker
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup
+      provision_command:
+        - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
+        - systemctl enable ssh.service
+        - apt install -y gnupg
+  - name: ubuntu-18.04
+    threatstack:
+      repo:
+        url: <%= ENV['TS_DEB_REPO_URL'] != nil ? ENV['TS_DEB_REPO_URL']: nil %>
+        key: <%= ENV['TS_DEB_REPO_KEY'] != nil ? ENV['TS_DEB_REPO_KEY'] : nil %>
+        components: <%= ENV['TS_REPO_COMPONENTS'] != nil ? ENV['TS_REPO_COMPONENTS'] : nil %>
+    driver_config:
+      image: ubuntu:18.04
+      run_command: /sbin/init
+      cap_add:
+        - SYS_ADMIN
+      run_options:
+        env: container=docker
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup
+      provision_command:
+        - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
+        - systemctl enable ssh.service
+        - apt install -y gnupg
+  - name: ubuntu-20.04
+    threatstack:
+      repo:
+        url: <%= ENV['TS_DEB_REPO_URL'] != nil ? ENV['TS_DEB_REPO_URL']: nil %>
+        key: <%= ENV['TS_DEB_REPO_KEY'] != nil ? ENV['TS_DEB_REPO_KEY'] : nil %>
+        components: <%= ENV['TS_REPO_COMPONENTS'] != nil ? ENV['TS_REPO_COMPONENTS'] : nil %>
+    driver_config:
+      image: ubuntu:20.04
+      run_command: /sbin/init
+      cap_add:
+        - SYS_ADMIN
+      run_options:
+        env: container=docker
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup
+      provision_command:
+        - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
+        - systemctl enable ssh.service
+        - apt install -y gnupg
 
 suites:
   - name: default

Gemfile

@@ -1,15 +1,19 @@
-source 'https://rubygems.org'
+source ENV['GEM_SOURCE'] || 'https://rubygems.org'
 
-gem 'chefspec', '= 7.3.4'
-gem 'berkshelf', '= 6.3.1'
-gem 'rubocop', '= 0.61.1'
-gem 'foodcritic', '= 15.1.0'
-gem 'cucumber-core', '= 3.2.1'
-gem 'serverspec', '= 2.41.3'
-gem 'stove', '= 6.1.1'
-gem 'test-kitchen', '= 1.20.0'
-gem 'kitchen-vagrant', '= 1.5.0'
-gem 'kitchen-ec2'
+group :development, :unit_tests , :test do
+  gem 'rake', "13.0.1",         :require => false
+  gem 'chefspec', '= 7.3.4',    :require => false
+  gem 'berkshelf', '= 6.3.1'
+  gem 'rubocop', '= 0.61.1'
+  gem 'foodcritic', '= 15.1.0'
+end
+
+group :system_tests do
+  gem 'serverspec',         :require => false
+  gem 'test-kitchen',       :require => false
+  gem 'kitchen-docker',     :require => false
+  gem 'kitchen-ec2',        :require => false
+end
 
 if chefversion = ENV['CHEF_VERSION']
   gem 'chef', chefversion