From 7752132275db8fa1e3faa0f58974dbb5d44fb0f8 Mon Sep 17 00:00:00 2001 From: Daniel Dehennin Date: Mon, 20 Jul 2020 16:28:19 +0200 Subject: [PATCH 1/3] feat(ci): update travis and kitchen to latest formula standards Import .travis.yml and kitchen.yml from `template-formula`. --- .travis.yml | 67 +++++++++++-------------- kitchen.yml | 137 +++++++++++++++++++++++++--------------------------- 2 files changed, 96 insertions(+), 108 deletions(-) diff --git a/.travis.yml b/.travis.yml index a27d7e7..08c3398 100644 --- a/.travis.yml +++ b/.travis.yml @@ -25,17 +25,14 @@ stages: - name: 'release' if: 'branch = master AND type != pull_request' jobs: - allow_failures: - - env: Lint_rubocop - fast_finish: true include: ## Define the test stage that runs the linters (and testing matrix, if applicable) - # Run all of the linters in a single job (except `rubocop`) + # Run all of the linters in a single job - language: 'node_js' node_js: 'lts/*' env: 'Lint' - name: 'Lint: salt-lint, yamllint, shellcheck & commitlint' + name: 'Lint: salt-lint, yamllint, rubocop, shellcheck & commitlint' before_install: 'skip' script: # Install and run `salt-lint` @@ -46,6 +43,9 @@ jobs: # Need at least `v1.17.0` for the `yaml-files` setting - pip install --user yamllint>=1.17.0 - yamllint -s . + # Install and run `rubocop` + - gem install rubocop + - rubocop -d # Run `shellcheck` (already pre-installed in Travis) - shellcheck --version - git ls-files -- '*.sh' '*.bash' '*.ksh' @@ -54,50 +54,41 @@ jobs: - npm i -D @commitlint/config-conventional @commitlint/travis-cli - commitlint-travis - # Run the `rubocop` linter in a separate job that is allowed to fail - # Once these lint errors are fixed, this can be merged into a single job - - language: node_js - node_js: lts/* - env: Lint_rubocop - name: 'Lint: rubocop' - before_install: skip - script: - # Install and run `rubocop` - - gem install rubocop - - rubocop -d ## Define the rest of the matrix based on Kitchen testing # Make sure the instances listed below match up with # the `platforms` defined in `kitchen.yml` - env: INSTANCE=default-debian-10-master-py3 + - env: INSTANCE=default-ubuntu-2004-master-py3 # - env: INSTANCE=default-ubuntu-1804-master-py3 - # - env: INSTANCE=default-centos-8-master-py3 + - env: INSTANCE=default-centos-8-master-py3 + - env: INSTANCE=default-fedora-32-master-py3 # - env: INSTANCE=default-fedora-31-master-py3 - # - env: INSTANCE=default-opensuse-leap-151-master-py3 - # - env: INSTANCE=default-amazonlinux-2-master-py3 + - env: INSTANCE=default-opensuse-leap-152-master-py3 + - env: INSTANCE=default-amazonlinux-2-master-py3 + # - env: INSTANCE=default-debian-10-3000-3-py3 + # - env: INSTANCE=default-debian-9-3000-3-py3 + # - env: INSTANCE=default-ubuntu-1804-3000-3-py3 + # - env: INSTANCE=default-centos-8-3000-3-py3 + # - env: INSTANCE=default-centos-7-3000-3-py3 + # - env: INSTANCE=default-fedora-31-3000-3-py3 + # - env: INSTANCE=default-opensuse-leap-152-3000-3-py3 + # - env: INSTANCE=default-amazonlinux-2-3000-3-py3 + # - env: INSTANCE=default-ubuntu-1804-3000-3-py2 + # - env: INSTANCE=default-ubuntu-1604-3000-3-py2 + # - env: INSTANCE=default-arch-base-latest-3000-3-py2 # - env: INSTANCE=default-debian-10-2019-2-py3 # - env: INSTANCE=default-debian-9-2019-2-py3 - - env: INSTANCE=default-ubuntu-1804-2019-2-py3 + # - env: INSTANCE=default-ubuntu-1804-2019-2-py3 + # - env: INSTANCE=default-ubuntu-1604-2019-2-py3 # - env: INSTANCE=default-centos-8-2019-2-py3 + # - env: INSTANCE=default-centos-7-2019-2-py3 # - env: INSTANCE=default-fedora-31-2019-2-py3 - - env: INSTANCE=default-opensuse-leap-151-2019-2-py3 - # - env: INSTANCE=default-centos-7-2019-2-py2 - - env: INSTANCE=default-amazonlinux-2-2019-2-py3 - # - env: INSTANCE=default-arch-base-latest-2019-2-py2 - - env: INSTANCE=default-fedora-30-2018-3-py3 - # - env: INSTANCE=default-debian-9-2018-3-py2 - # - env: INSTANCE=default-ubuntu-1604-2018-3-py2 - # - env: INSTANCE=default-centos-7-2018-3-py2 - # - env: INSTANCE=default-opensuse-leap-151-2018-3-py2 - # - env: INSTANCE=default-amazonlinux-1-2018-3-py2 - # - env: INSTANCE=default-arch-base-latest-2018-3-py2 - # - env: INSTANCE=default-debian-8-2017-7-py2 - # - env: INSTANCE=default-ubuntu-1604-2017-7-py2 - - env: INSTANCE=default-centos-6-2017-7-py2 - # - env: INSTANCE=default-fedora-30-2017-7-py2 - # - env: INSTANCE=default-opensuse-leap-151-2017-7-py2 - # - env: INSTANCE=default-amazonlinux-1-2017-7-py2 - # - env: INSTANCE=default-arch-base-latest-2017-7-py2 + # - env: INSTANCE=default-opensuse-leap-152-2019-2-py3 + # - env: INSTANCE=default-amazonlinux-2-2019-2-py3 + # - env: INSTANCE=default-centos-6-2019-2-py2 + # - env: INSTANCE=default-amazonlinux-1-2019-2-py2 + - env: INSTANCE=default-arch-base-latest-2019-2-py2 ## Define the release stage that runs `semantic-release` - stage: 'release' diff --git a/kitchen.yml b/kitchen.yml index 2601306..d221fde 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -15,20 +15,26 @@ platforms: - name: debian-10-master-py3 driver: image: saltimages/salt-master-py3:debian-10 + - name: ubuntu-2004-master-py3 + driver: + image: saltimages/salt-master-py3:ubuntu-20.04 - name: ubuntu-1804-master-py3 driver: image: saltimages/salt-master-py3:ubuntu-18.04 - name: centos-8-master-py3 driver: image: saltimages/salt-master-py3:centos-8 + - name: fedora-32-master-py3 + driver: + image: saltimages/salt-master-py3:fedora-32 - name: fedora-31-master-py3 driver: image: saltimages/salt-master-py3:fedora-31 - - name: opensuse-leap-151-master-py3 + - name: opensuse-leap-152-master-py3 driver: - image: netmanagers/salt-master-py3:opensuse-leap-15.1 + image: saltimages/salt-master-py3:opensuse-leap-15.2 run_command: /usr/lib/systemd/systemd - # Workaround to avoid intermittent failures on `opensuse-leap-15.1`: + # Workaround to avoid intermittent failures on `opensuse-leap-15.2`: # => SCP did not finish successfully (255): (Net::SCP::Error) transport: max_ssh_sessions: 1 @@ -36,6 +42,47 @@ platforms: driver: image: saltimages/salt-master-py3:amazonlinux-2 + ## SALT `3000.3` + - name: debian-10-3000-3-py3 + driver: + image: saltimages/salt-3000.3-py3:debian-10 + - name: debian-9-3000-3-py3 + driver: + image: saltimages/salt-3000.3-py3:debian-9 + - name: ubuntu-1804-3000-3-py3 + driver: + image: saltimages/salt-3000.3-py3:ubuntu-18.04 + - name: centos-8-3000-3-py3 + driver: + image: saltimages/salt-3000.3-py3:centos-8 + - name: centos-7-3000-3-py3 + driver: + image: saltimages/salt-3000.3-py3:centos-7 + - name: fedora-31-3000-3-py3 + driver: + image: saltimages/salt-3000.3-py3:fedora-31 + - name: opensuse-leap-152-3000-3-py3 + driver: + image: saltimages/salt-3000.3-py3:opensuse-leap-15.2 + run_command: /usr/lib/systemd/systemd + # Workaround to avoid intermittent failures on `opensuse-leap-15.2`: + # => SCP did not finish successfully (255): (Net::SCP::Error) + transport: + max_ssh_sessions: 1 + - name: amazonlinux-2-3000-3-py3 + driver: + image: saltimages/salt-3000.3-py3:amazonlinux-2 + - name: ubuntu-1804-3000-3-py2 + driver: + image: saltimages/salt-3000.3-py2:ubuntu-18.04 + - name: ubuntu-1604-3000-3-py2 + driver: + image: saltimages/salt-3000.3-py2:ubuntu-16.04 + - name: arch-base-latest-3000-3-py2 + driver: + image: saltimages/salt-3000.3-py2:arch-base-latest + run_command: /usr/lib/systemd/systemd + ## SALT `2019.2` - name: debian-10-2019-2-py3 driver: @@ -46,92 +93,42 @@ platforms: - name: ubuntu-1804-2019-2-py3 driver: image: saltimages/salt-2019.2-py3:ubuntu-18.04 + - name: ubuntu-1604-2019-2-py3 + driver: + image: saltimages/salt-2019.2-py3:ubuntu-16.04 - name: centos-8-2019-2-py3 driver: image: saltimages/salt-2019.2-py3:centos-8 + - name: centos-7-2019-2-py3 + driver: + image: saltimages/salt-2019.2-py3:centos-7 - name: fedora-31-2019-2-py3 driver: image: saltimages/salt-2019.2-py3:fedora-31 - - name: opensuse-leap-151-2019-2-py3 + - name: opensuse-leap-152-2019-2-py3 driver: - image: netmanagers/salt-2019.2-py3:opensuse-leap-15.1 + image: saltimages/salt-2019.2-py3:opensuse-leap-15.2 run_command: /usr/lib/systemd/systemd - # Workaround to avoid intermittent failures on `opensuse-leap-15.1`: + # Workaround to avoid intermittent failures on `opensuse-leap-15.2`: # => SCP did not finish successfully (255): (Net::SCP::Error) transport: max_ssh_sessions: 1 - - name: centos-7-2019-2-py2 - driver: - image: netmanagers/salt-2019.2-py2:centos-7 - name: amazonlinux-2-2019-2-py3 driver: image: saltimages/salt-2019.2-py3:amazonlinux-2 + - name: centos-6-2019-2-py2 + driver: + image: saltimages/salt-2019.2-py2:centos-6 + run_command: /sbin/init + - name: amazonlinux-1-2019-2-py2 + driver: + image: saltimages/salt-2019.2-py2:amazonlinux-1 + run_command: /sbin/init - name: arch-base-latest-2019-2-py2 driver: image: saltimages/salt-2019.2-py2:arch-base-latest run_command: /usr/lib/systemd/systemd - ## SALT `2018.3` - - name: fedora-30-2018-3-py3 - driver: - image: netmanagers/salt-2018.3-py3:fedora-30 - - name: debian-9-2018-3-py2 - driver: - image: netmanagers/salt-2018.3-py2:debian-9 - - name: ubuntu-1604-2018-3-py2 - driver: - image: netmanagers/salt-2018.3-py2:ubuntu-16.04 - - name: centos-7-2018-3-py2 - driver: - image: netmanagers/salt-2018.3-py2:centos-7 - - name: opensuse-leap-151-2018-3-py2 - driver: - image: netmanagers/salt-2018.3-py2:opensuse-leap-15.1 - run_command: /usr/lib/systemd/systemd - # Workaround to avoid intermittent failures on `opensuse-leap-15.1`: - # => SCP did not finish successfully (255): (Net::SCP::Error) - transport: - max_ssh_sessions: 1 - - name: amazonlinux-1-2018-3-py2 - driver: - image: netmanagers/salt-2018.3-py2:amazonlinux-1 - run_command: /sbin/init - - name: arch-base-latest-2018-3-py2 - driver: - image: netmanagers/salt-2018.3-py2:arch-base-latest - run_command: /usr/lib/systemd/systemd - - ## SALT `2017.7` - - name: debian-8-2017-7-py2 - driver: - image: netmanagers/salt-2017.7-py2:debian-8 - - name: ubuntu-1604-2017-7-py2 - driver: - image: netmanagers/salt-2017.7-py2:ubuntu-16.04 - - name: centos-6-2017-7-py2 - driver: - image: netmanagers/salt-2017.7-py2:centos-6 - run_command: /sbin/init - - name: fedora-30-2017-7-py2 - driver: - image: netmanagers/salt-2017.7-py2:fedora-30 - - name: opensuse-leap-151-2017-7-py2 - driver: - image: netmanagers/salt-2017.7-py2:opensuse-leap-15.1 - run_command: /usr/lib/systemd/systemd - # Workaround to avoid intermittent failures on `opensuse-leap-15.1`: - # => SCP did not finish successfully (255): (Net::SCP::Error) - transport: - max_ssh_sessions: 1 - - name: amazonlinux-1-2017-7-py2 - driver: - image: netmanagers/salt-2017.7-py2:amazonlinux-1 - run_command: /sbin/init - - name: arch-base-latest-2017-7-py2 - driver: - image: netmanagers/salt-2017.7-py2:arch-base-latest - run_command: /usr/lib/systemd/systemd - provisioner: name: salt_solo log_level: debug From 7a1f6199d0ed32d6df6249ec9ec3710614642e62 Mon Sep 17 00:00:00 2001 From: Daniel Dehennin Date: Mon, 20 Jul 2020 16:28:22 +0200 Subject: [PATCH 2/3] fix(jinja): encode context as json Or with python2 the template are generated with `u''`. --- openssh/config.sls | 4 ++-- openssh/known_hosts.sls | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/openssh/config.sls b/openssh/config.sls index 3a5ca8e..b5e373e 100644 --- a/openssh/config.sls +++ b/openssh/config.sls @@ -17,7 +17,7 @@ sshd_config: ) }} - template: jinja - context: - sshd_config: {{ sshd_config }} + sshd_config: {{ sshd_config | json }} - user: {{ openssh.sshd_config_user }} - group: {{ openssh.sshd_config_group }} - mode: {{ openssh.sshd_config_mode }} @@ -40,7 +40,7 @@ ssh_config: ) }} - template: jinja - context: - ssh_config: {{ ssh_config }} + ssh_config: {{ ssh_config | json }} - user: {{ openssh.ssh_config_user }} - group: {{ openssh.ssh_config_group }} - mode: {{ openssh.ssh_config_mode }} diff --git a/openssh/known_hosts.sls b/openssh/known_hosts.sls index c8d49a9..db0e267 100644 --- a/openssh/known_hosts.sls +++ b/openssh/known_hosts.sls @@ -15,7 +15,7 @@ manage ssh_known_hosts file: ) }} - template: jinja - context: - known_hosts: {{ openssh | traverse("known_hosts", {}) }} + known_hosts: {{ openssh | traverse("known_hosts", {}) | json }} - user: root - group: {{ openssh.ssh_config_group }} - mode: 644 From 6b7d8df1560091f615e2138a56d4cb8e50b7ab5c Mon Sep 17 00:00:00 2001 From: Daniel Dehennin Date: Mon, 20 Jul 2020 16:28:28 +0200 Subject: [PATCH 3/3] fix(inspec): the package name for Arch is openssh For Arch, Inspec define `platform[:family]` as `linux` and `platform[:name]` as `arch`. --- test/integration/default/controls/packages_spec.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/integration/default/controls/packages_spec.rb b/test/integration/default/controls/packages_spec.rb index d0058c2..589c852 100644 --- a/test/integration/default/controls/packages_spec.rb +++ b/test/integration/default/controls/packages_spec.rb @@ -3,7 +3,8 @@ # Overide by Platform package_name = case platform[:family] - when 'suse' + # `linux` here is sufficient for `arch` + when 'suse', 'linux' 'openssh' else 'openssh-server'