2017-10-08 12:55:01 +00:00
|
|
|
require 'serverspec'
|
|
|
|
|
|
|
|
set :backend, :exec
|
|
|
|
|
2017-10-23 21:59:41 +00:00
|
|
|
puts
|
2018-03-16 23:33:54 +00:00
|
|
|
puts '================================'
|
2017-10-23 21:59:41 +00:00
|
|
|
puts %x(ansible --version)
|
2018-03-16 23:33:54 +00:00
|
|
|
puts '================================'
|
2017-10-23 21:59:41 +00:00
|
|
|
|
2017-10-08 12:55:01 +00:00
|
|
|
%w[
|
|
|
|
bind9
|
|
|
|
cron
|
|
|
|
].each do |package|
|
|
|
|
describe package(package) do
|
|
|
|
it { should be_installed }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2018-08-08 19:06:55 +00:00
|
|
|
describe file('/etc/cron.weekly/dnssec') do
|
|
|
|
it { should be_file }
|
|
|
|
it { should be_mode 700 }
|
|
|
|
it { should be_owned_by 'root' }
|
|
|
|
it { should be_grouped_into 'root' }
|
|
|
|
it { should contain 'test.local' }
|
|
|
|
end
|
|
|
|
|
2017-10-08 12:55:01 +00:00
|
|
|
%w[
|
2018-03-31 15:50:50 +00:00
|
|
|
test.local
|
|
|
|
hello.local
|
|
|
|
disabled.local
|
|
|
|
].each do |zone|
|
|
|
|
describe file("/etc/bind/zones/#{zone}") do
|
|
|
|
it { should be_directory }
|
|
|
|
it { should be_mode 755 }
|
|
|
|
it { should be_owned_by 'bind' }
|
|
|
|
it { should be_grouped_into 'bind' }
|
|
|
|
end
|
|
|
|
|
|
|
|
describe file("/etc/bind/zones/#{zone}/db") do
|
2017-10-08 12:55:01 +00:00
|
|
|
it { should be_file }
|
|
|
|
it { should be_mode 644 }
|
|
|
|
it { should be_owned_by 'root' }
|
|
|
|
it { should be_grouped_into 'root' }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2018-03-31 15:50:50 +00:00
|
|
|
describe file('/etc/bind/zones/test.local/db.signed') do
|
|
|
|
it { should be_file }
|
|
|
|
it { should be_mode 644 }
|
|
|
|
it { should be_owned_by 'root' }
|
|
|
|
it { should be_grouped_into 'root' }
|
|
|
|
end
|
|
|
|
|
|
|
|
describe file('/etc/bind/zones/absent.local') do
|
|
|
|
it { should_not exist }
|
|
|
|
end
|
|
|
|
|
2017-10-14 23:11:49 +00:00
|
|
|
describe file('/etc/bind/named.conf.local') do
|
|
|
|
it { should be_file }
|
|
|
|
it { should be_mode 644 }
|
|
|
|
it { should be_owned_by 'root' }
|
|
|
|
it { should be_grouped_into 'root' }
|
|
|
|
it { should contain '4.2.2.4' }
|
2018-03-17 19:39:53 +00:00
|
|
|
it { should contain 'inline-signing yes;' }
|
2017-10-14 23:11:49 +00:00
|
|
|
end
|
|
|
|
|
2017-10-15 00:23:00 +00:00
|
|
|
describe file('/etc/bind/named.conf.options') do
|
|
|
|
it { should be_file }
|
|
|
|
it { should be_mode 644 }
|
|
|
|
it { should be_owned_by 'root' }
|
|
|
|
it { should be_grouped_into 'root' }
|
|
|
|
it { should contain 'listen-on { any; };' }
|
|
|
|
it { should contain 'listen-on-v6 { none; };' }
|
2018-03-21 19:30:11 +00:00
|
|
|
it { should contain 'server-id "1";' }
|
2017-10-15 00:23:00 +00:00
|
|
|
end
|
|
|
|
|
2017-10-15 20:47:13 +00:00
|
|
|
describe service('bind9') do
|
|
|
|
it { should be_enabled }
|
|
|
|
it { should be_running.under('systemd') }
|
|
|
|
end
|
|
|
|
|
2017-10-15 00:05:45 +00:00
|
|
|
describe port(53) do
|
|
|
|
it { should be_listening.with('tcp') }
|
|
|
|
it { should be_listening.with('udp') }
|
|
|
|
end
|
|
|
|
|
2018-03-17 14:14:00 +00:00
|
|
|
describe command('dig +nocmd +noall +answer +dnssec hello.test.local @127.0.0.1') do
|
2017-10-08 12:55:01 +00:00
|
|
|
its(:exit_status) { should eq 0 }
|
2018-03-16 23:33:54 +00:00
|
|
|
its(:stdout) { should contain(/hello\.test\.local\.\s+300\s+IN\s+A\s+1\.2\.3\.4/) }
|
2018-03-17 14:14:00 +00:00
|
|
|
its(:stdout) { should contain(/hello\.test\.local\.\s+300\s+IN\s+RRSIG\s+A /) }
|
2017-10-08 12:55:01 +00:00
|
|
|
end
|
|
|
|
|
2018-03-16 23:33:54 +00:00
|
|
|
describe command('dig +nocmd +noall +answer -t mx test.local @127.0.0.1') do
|
2017-10-08 12:55:01 +00:00
|
|
|
its(:exit_status) { should eq 0 }
|
2018-03-16 23:33:54 +00:00
|
|
|
its(:stdout) { should contain(/test\.local\.\s+3600\s+IN\s+MX\s+20 mail\.test\.local\./) }
|
2017-10-08 12:55:01 +00:00
|
|
|
end
|
2017-10-15 07:03:46 +00:00
|
|
|
|
2018-05-25 11:06:21 +00:00
|
|
|
describe command('dig +nocmd +noall +answer -t srv hello.test.local @127.0.0.1') do
|
|
|
|
its(:exit_status) { should eq 0 }
|
|
|
|
its(:stdout) { should contain(/hello\.test\.local\.\s+3600\s+IN\s+SRV\s+0\s+5\s+80\s+www\.test\.local\.$/) }
|
|
|
|
end
|
|
|
|
|
2018-03-17 09:47:25 +00:00
|
|
|
describe command('dig +nocmd +noall +answer -t caa hello.test.local @127.0.0.1') do
|
|
|
|
its(:exit_status) { should eq 0 }
|
|
|
|
its(:stdout) { should contain(/hello\.test\.local\.\s+3600\s+IN\s+CAA\s+0 issue "letsencrypt\.org"/) }
|
|
|
|
its(:stdout) { should contain(/hello\.test\.local\.\s+3600\s+IN\s+CAA\s+0 iodef "mailto:root@test\.local"/) }
|
|
|
|
end
|
|
|
|
|
2018-03-16 23:33:54 +00:00
|
|
|
describe command('dig +nocmd +noall +answer hello.hello.local @127.0.0.1') do
|
2017-10-15 07:03:46 +00:00
|
|
|
its(:exit_status) { should eq 0 }
|
2018-03-16 23:33:54 +00:00
|
|
|
its(:stdout) { should contain(/hello\.hello\.local\.\s+3600\s+IN\s+A\s+4\.3\.2\.1/) }
|
|
|
|
end
|
|
|
|
|
|
|
|
describe command('dig +nocmd +noall +answer -t txt hello.local @127.0.0.1') do
|
|
|
|
its(:exit_status) { should eq 0 }
|
|
|
|
its(:stdout) { should contain('"0L4M99yv8ZLptmS2GP6goHXZgTdFIyYCdfziQgoENcloUI3KshDscsoh6H6I2LA"') }
|
2017-10-15 07:03:46 +00:00
|
|
|
end
|