test: replace kitchen to molecule
This commit is contained in:
parent
4d27cbc05c
commit
1dc9ed9418
15 changed files with 193 additions and 431 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1,2 +1,2 @@
|
|||
.kitchen/*
|
||||
|
||||
*.pyc
|
||||
|
|
33
.kitchen.yml
33
.kitchen.yml
|
@ -1,33 +0,0 @@
|
|||
---
|
||||
driver:
|
||||
name: docker_cli
|
||||
|
||||
transport:
|
||||
name: docker_cli
|
||||
|
||||
provisioner:
|
||||
name: ansible_playbook
|
||||
hosts: localhost
|
||||
require_ansible_repo: false
|
||||
require_ansible_omnibus: false
|
||||
require_chef_for_busser: true
|
||||
ansible_verbose: false
|
||||
ansible_inventory: ./test/integration/inventory
|
||||
ansible_vault_password_file: ./test/integration/vault
|
||||
|
||||
platforms:
|
||||
- name: debian-10
|
||||
driver_config:
|
||||
image: "nishiki/debian10:ansible-<%= ENV['ANSIBLE_VERSION'] ? ENV['ANSIBLE_VERSION'] : '2.9' %>"
|
||||
command: /bin/systemd
|
||||
volume:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
privileged: cap-add=SYS_ADMIN
|
||||
|
||||
suites:
|
||||
- name: bind
|
||||
- name: bind-zones-subset
|
||||
provisioner:
|
||||
extra_vars:
|
||||
bind_zones_subset:
|
||||
- test.local
|
28
.travis.yml
28
.travis.yml
|
@ -1,27 +1,29 @@
|
|||
---
|
||||
sudo: required
|
||||
language: ruby
|
||||
dist: bionic
|
||||
addons:
|
||||
apt:
|
||||
packages:
|
||||
- python3
|
||||
- python3-pip
|
||||
- python3-setuptools
|
||||
|
||||
env:
|
||||
- ANSIBLE_VERSION=2.6
|
||||
- ANSIBLE_VERSION=2.7
|
||||
- ANSIBLE_VERSION=2.7.16
|
||||
- ANSIBLE_VERSION=2.8.8
|
||||
- ANSIBLE_VERSION=2.9.4
|
||||
|
||||
services:
|
||||
- docker
|
||||
|
||||
before_install:
|
||||
- bundle install
|
||||
- sudo pip install --upgrade pip
|
||||
- sudo pip install ansible-lint
|
||||
- sudo pip3 install ansible==${ANSIBLE_VERSION}
|
||||
- sudo pip3 install molecule 'molecule[docker]' docker testinfra ansible-lint yamllint
|
||||
- git clone https://github.com/ansible/galaxy-lint-rules.git
|
||||
|
||||
script:
|
||||
- kitchen conv bind-debian-9
|
||||
- kitchen conv bind-debian-9 | grep changed=0
|
||||
- kitchen verify bind-debian-9
|
||||
- kitchen conv bind-zones-subset-debian-9
|
||||
- kitchen conv bind-zones-subset-debian-9 | grep changed=0
|
||||
- kitchen verify bind-zones-subset-debian-9
|
||||
- ansible-lint -r galaxy-lint-rules/rules .
|
||||
- ansible --version
|
||||
- molecule test
|
||||
|
||||
notifications:
|
||||
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
||||
|
|
|
@ -5,6 +5,10 @@ Which is based on [Keep A Changelog](http://keepachangelog.com/)
|
|||
|
||||
## [Unreleased]
|
||||
|
||||
### Changed
|
||||
|
||||
- test: replace kitchen to molecule
|
||||
|
||||
## v1.3.0 (2020-02-12)
|
||||
- feat: add support debian 10
|
||||
- break: change with_items to loop
|
||||
|
|
8
Gemfile
8
Gemfile
|
@ -1,8 +0,0 @@
|
|||
source 'https://rubygems.org'
|
||||
|
||||
group :development do
|
||||
gem 'kitchen-ansible'
|
||||
gem 'kitchen-docker_cli'
|
||||
gem 'rubocop', '0.50.0'
|
||||
gem 'test-kitchen'
|
||||
end
|
131
Gemfile.lock
131
Gemfile.lock
|
@ -1,131 +0,0 @@
|
|||
GEM
|
||||
remote: https://rubygems.org/
|
||||
specs:
|
||||
ast (2.4.0)
|
||||
bcrypt_pbkdf (1.0.1)
|
||||
builder (3.2.4)
|
||||
ed25519 (1.2.4)
|
||||
equatable (0.6.1)
|
||||
erubi (1.9.0)
|
||||
ffi (1.12.2)
|
||||
gssapi (1.3.0)
|
||||
ffi (>= 1.0.1)
|
||||
gyoku (1.3.1)
|
||||
builder (>= 2.1.2)
|
||||
httpclient (2.8.3)
|
||||
kitchen-ansible (0.50.1)
|
||||
net-ssh (>= 3)
|
||||
test-kitchen (>= 1.4)
|
||||
kitchen-docker_cli (0.19.0)
|
||||
test-kitchen (>= 1.3)
|
||||
license-acceptance (1.0.13)
|
||||
pastel (~> 0.7)
|
||||
tomlrb (~> 1.2)
|
||||
tty-box (~> 0.3)
|
||||
tty-prompt (~> 0.18)
|
||||
little-plugger (1.1.4)
|
||||
logging (2.2.2)
|
||||
little-plugger (~> 1.1)
|
||||
multi_json (~> 1.10)
|
||||
mixlib-install (3.11.26)
|
||||
mixlib-shellout
|
||||
mixlib-versioning
|
||||
thor
|
||||
mixlib-shellout (3.0.9)
|
||||
mixlib-versioning (1.2.12)
|
||||
multi_json (1.14.1)
|
||||
necromancer (0.5.1)
|
||||
net-scp (2.0.0)
|
||||
net-ssh (>= 2.6.5, < 6.0.0)
|
||||
net-ssh (5.2.0)
|
||||
net-ssh-gateway (2.0.0)
|
||||
net-ssh (>= 4.0.0)
|
||||
nori (2.6.0)
|
||||
parallel (1.19.1)
|
||||
parser (2.7.0.2)
|
||||
ast (~> 2.4.0)
|
||||
pastel (0.7.3)
|
||||
equatable (~> 0.6)
|
||||
tty-color (~> 0.5)
|
||||
powerpack (0.1.2)
|
||||
rainbow (2.2.2)
|
||||
rake
|
||||
rake (13.0.1)
|
||||
rubocop (0.50.0)
|
||||
parallel (~> 1.10)
|
||||
parser (>= 2.3.3.1, < 3.0)
|
||||
powerpack (~> 0.1)
|
||||
rainbow (>= 2.2.2, < 3.0)
|
||||
ruby-progressbar (~> 1.7)
|
||||
unicode-display_width (~> 1.0, >= 1.0.1)
|
||||
ruby-progressbar (1.10.1)
|
||||
rubyntlm (0.6.2)
|
||||
rubyzip (2.2.0)
|
||||
strings (0.1.8)
|
||||
strings-ansi (~> 0.1)
|
||||
unicode-display_width (~> 1.5)
|
||||
unicode_utils (~> 1.4)
|
||||
strings-ansi (0.2.0)
|
||||
test-kitchen (2.3.4)
|
||||
bcrypt_pbkdf (~> 1.0)
|
||||
ed25519 (~> 1.2)
|
||||
license-acceptance (~> 1.0, >= 1.0.11)
|
||||
mixlib-install (~> 3.6)
|
||||
mixlib-shellout (>= 1.2, < 4.0)
|
||||
net-scp (>= 1.1, < 3.0)
|
||||
net-ssh (>= 2.9, < 6.0)
|
||||
net-ssh-gateway (>= 1.2, < 3.0)
|
||||
thor (~> 0.19)
|
||||
winrm (~> 2.0)
|
||||
winrm-elevated (~> 1.0)
|
||||
winrm-fs (~> 1.1)
|
||||
thor (0.20.3)
|
||||
tomlrb (1.2.9)
|
||||
tty-box (0.5.0)
|
||||
pastel (~> 0.7.2)
|
||||
strings (~> 0.1.6)
|
||||
tty-cursor (~> 0.7)
|
||||
tty-color (0.5.1)
|
||||
tty-cursor (0.7.1)
|
||||
tty-prompt (0.20.0)
|
||||
necromancer (~> 0.5.0)
|
||||
pastel (~> 0.7.0)
|
||||
tty-reader (~> 0.7.0)
|
||||
tty-reader (0.7.0)
|
||||
tty-cursor (~> 0.7)
|
||||
tty-screen (~> 0.7)
|
||||
wisper (~> 2.0.0)
|
||||
tty-screen (0.7.1)
|
||||
unicode-display_width (1.6.1)
|
||||
unicode_utils (1.4.0)
|
||||
winrm (2.3.4)
|
||||
builder (>= 2.1.2)
|
||||
erubi (~> 1.8)
|
||||
gssapi (~> 1.2)
|
||||
gyoku (~> 1.0)
|
||||
httpclient (~> 2.2, >= 2.2.0.2)
|
||||
logging (>= 1.6.1, < 3.0)
|
||||
nori (~> 2.0)
|
||||
rubyntlm (~> 0.6.0, >= 0.6.1)
|
||||
winrm-elevated (1.2.1)
|
||||
erubi (~> 1.8)
|
||||
winrm (~> 2.0)
|
||||
winrm-fs (~> 1.0)
|
||||
winrm-fs (1.3.4)
|
||||
erubi (~> 1.8)
|
||||
logging (>= 1.6.1, < 3.0)
|
||||
rubyzip (~> 2.0)
|
||||
winrm (~> 2.0)
|
||||
wisper (2.0.1)
|
||||
|
||||
PLATFORMS
|
||||
ruby
|
||||
|
||||
DEPENDENCIES
|
||||
kitchen-ansible
|
||||
kitchen-docker_cli
|
||||
rubocop (= 0.50.0)
|
||||
test-kitchen
|
||||
|
||||
BUNDLED WITH
|
||||
1.17.3
|
10
README.md
10
README.md
|
@ -91,13 +91,13 @@ bind_dnssec:
|
|||
```
|
||||
|
||||
## Development
|
||||
### Tests with docker
|
||||
|
||||
### Test with molecule and docker
|
||||
|
||||
* install [docker](https://docs.docker.com/engine/installation/)
|
||||
* install ruby
|
||||
* install bundler `gem install bundler`
|
||||
* install dependencies `bundle install`
|
||||
* run the tests `kitchen test`
|
||||
* install `python3` and `python3-pip`
|
||||
* install molecule and dependencies `pip3 install molecule 'molecule[docker]' docker ansible-lint testinfra yamllint`
|
||||
* run `molecule test`
|
||||
|
||||
## License
|
||||
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
---
|
||||
- hosts: localhost
|
||||
connection: local
|
||||
- name: Converge
|
||||
hosts: all
|
||||
roles:
|
||||
- ansible-role-bind
|
||||
vars:
|
||||
bind_listen_ipv6: false
|
||||
bind_role: master
|
||||
|
@ -111,38 +113,71 @@
|
|||
inline-signing: yes
|
||||
key-directory: '"/etc/bind/keys"'
|
||||
records:
|
||||
- { name: '@', type: mx, priority: 20, value: mail.test.local. }
|
||||
- { name: '@', type: ns, value: localhost. }
|
||||
- { name: hello, type: a, ttl: 5m, value: 1.2.3.4 }
|
||||
- { name: hello, type: caa, flag: 0, tag: issue, value: letsencrypt.org }
|
||||
- { name: hello, type: caa, flag: 0, tag: iodef, value: 'mailto:root@test.local' }
|
||||
- { name: hello, type: srv, priority: 0, weight: 5, port: 80, value: www }
|
||||
- name: '@'
|
||||
type: mx
|
||||
priority: 20
|
||||
value: mail.test.local.
|
||||
- name: '@'
|
||||
type: ns
|
||||
value: localhost.
|
||||
- name: hello
|
||||
type: a
|
||||
ttl: 5m
|
||||
value: 1.2.3.4
|
||||
- name: hello
|
||||
type: caa
|
||||
flag: 0
|
||||
tag: issue
|
||||
value: letsencrypt.org
|
||||
- name: hello
|
||||
type: caa
|
||||
flag: 0
|
||||
tag: iodef
|
||||
value: 'mailto:root@test.local'
|
||||
- name: hello
|
||||
type: srv
|
||||
priority: 0
|
||||
weight: 5
|
||||
port: 80
|
||||
value: www
|
||||
hello.local:
|
||||
ns_primary: ns1.hello.local
|
||||
mail: root@hello.local
|
||||
serial: 2017092201
|
||||
records:
|
||||
- { name: '@', type: mx, priority: 20, value: mail.test.local. }
|
||||
- { name: '@', type: ns, value: localhost. }
|
||||
- { name: '@', type: txt, value: RFufr9qzCi9vnJeWUB2FMNDCtu8ZtP6WE2jl2OFvIiz6pv2dwfzEXBgTC8SI1UzsmlkFYS7vxkHeYuOCLQ95BkOl0YP85ejQQlz8DNbcMcUdAoDtmlaZ9jeXnU7RgCXs5F9ggsmM9B6mFMhZWo1lzwsX86UAR5nw7rIO3cbGo9oUcMTShVFDkTPnoNhP7MTE0L4M99yv8ZLptmS2GP6goHXZgTdFIyYCdfziQgoENcloUI3KshDscsoh6H6I2LA }
|
||||
- { name: hello, type: a, value: 4.3.2.1 }
|
||||
- name: '@'
|
||||
type: mx
|
||||
priority: 20
|
||||
value: mail.test.local.
|
||||
- name: '@'
|
||||
type: ns
|
||||
value: localhost.
|
||||
- name: '@'
|
||||
type: txt
|
||||
value: RFufr9qzCi9vnJeWUB2FMNDCtu8ZtP6WE2jl2OFvIiz6pv2dwfzEXBgTC8SI1UzsmlkFYS7vxkHeYuOCLQ95BkOl0YP85ejQQlz8DNbcMcUdAoDtmlaZ9jeXnU7RgCXs5F9ggsmM9B6mFMhZWo1lzwsX86UAR5nw7rIO3cbGo9oUcMTShVFDkTPnoNhP7MTE0L4M99yv8ZLptmS2GP6goHXZgTdFIyYCdfziQgoENcloUI3KshDscsoh6H6I2LA
|
||||
- name: hello
|
||||
type: a
|
||||
value: 4.3.2.1
|
||||
disabled.local:
|
||||
ns_primary: ns1.disabled.local
|
||||
mail: root@disabled.local
|
||||
serial: 2017092201
|
||||
state: disabled
|
||||
records:
|
||||
- { name: '@', type: mx, priority: 20, value: mail.test.local. }
|
||||
- name: '@'
|
||||
type: mx
|
||||
priority: 20
|
||||
value: mail.test.local.
|
||||
absent.local:
|
||||
ns_primary: ns1.absent.local
|
||||
mail: root@absent.local
|
||||
serial: 2017092201
|
||||
state: absent
|
||||
records:
|
||||
- { name: '@', type: mx, priority: 20, value: mail.test.local. }
|
||||
|
||||
roles:
|
||||
- ansible-role-bind
|
||||
- name: '@'
|
||||
type: mx
|
||||
priority: 20
|
||||
value: mail.test.local.
|
||||
|
||||
tasks:
|
||||
- apt:
|
17
molecule/default/molecule.yml
Normal file
17
molecule/default/molecule.yml
Normal file
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
driver:
|
||||
name: docker
|
||||
platforms:
|
||||
- name: debian10
|
||||
image: nishiki/debian10:molecule
|
||||
privileged: true
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
command: /bin/systemd
|
||||
capabilities:
|
||||
- SYS_ADMIN
|
||||
verifier:
|
||||
name: testinfra
|
||||
provisioner:
|
||||
options:
|
||||
vault-password-file: vault
|
99
molecule/default/tests/test_default.py
Normal file
99
molecule/default/tests/test_default.py
Normal file
|
@ -0,0 +1,99 @@
|
|||
import os, re
|
||||
import testinfra.utils.ansible_runner
|
||||
|
||||
def test_packages(host):
|
||||
for package_name in ['bind9', 'cron']:
|
||||
package = host.package(package_name)
|
||||
assert package.is_installed
|
||||
|
||||
def test_cron_file(host):
|
||||
config = host.file('/etc/cron.weekly/dnssec')
|
||||
assert config.exists
|
||||
assert config.is_file
|
||||
assert config.user == 'root'
|
||||
assert config.group == 'root'
|
||||
assert config.mode == 0o700
|
||||
assert config.contains('test.local')
|
||||
|
||||
def test_local_file(host):
|
||||
config = host.file('/etc/bind/named.conf.local')
|
||||
assert config.exists
|
||||
assert config.is_file
|
||||
assert config.user == 'root'
|
||||
assert config.group == 'root'
|
||||
assert config.mode == 0o644
|
||||
assert config.contains('4.2.2.4')
|
||||
assert config.contains('inline-signing yes;')
|
||||
|
||||
def test_options_file(host):
|
||||
config = host.file('/etc/bind/named.conf.options')
|
||||
assert config.exists
|
||||
assert config.is_file
|
||||
assert config.user == 'root'
|
||||
assert config.group == 'root'
|
||||
assert config.mode == 0o644
|
||||
assert config.contains('listen-on { any; };')
|
||||
assert config.contains('listen-on-v6 { none; };')
|
||||
assert config.contains('server-id "1";')
|
||||
|
||||
def test_db_file(host):
|
||||
for zone in ['test.local', 'hello.local', 'disabled.local']:
|
||||
directory = host.file('/etc/bind/zones/%s' % (zone))
|
||||
assert directory.exists
|
||||
assert directory.is_directory
|
||||
assert directory.user == 'bind'
|
||||
assert directory.group == 'bind'
|
||||
assert directory.mode == 0o755
|
||||
|
||||
config = host.file('/etc/bind/zones/%s/db' % (zone))
|
||||
assert config.exists
|
||||
assert config.is_file
|
||||
assert config.user == 'root'
|
||||
assert config.group == 'root'
|
||||
assert config.mode == 0o644
|
||||
|
||||
def test_db_signed_file(host):
|
||||
config = host.file('/etc/bind/zones/test.local/db.signed')
|
||||
assert config.exists
|
||||
assert config.is_file
|
||||
assert config.user == 'root'
|
||||
assert config.group == 'root'
|
||||
assert config.mode == 0o644
|
||||
|
||||
def test_service(host):
|
||||
service = host.service('bind9')
|
||||
assert service.is_running
|
||||
assert service.is_enabled
|
||||
|
||||
def test_socket(host):
|
||||
socket = host.socket('tcp://127.0.0.1:53')
|
||||
assert socket.is_listening
|
||||
|
||||
socket = host.socket('udp://127.0.0.1:53')
|
||||
assert socket.is_listening
|
||||
|
||||
def test_dns_a(host):
|
||||
result = host.check_output('dig +nocmd +noall +answer hello.hello.local @127.0.0.1')
|
||||
assert re.search(r'hello\.hello\.local\.\s+3600\s+IN\s+A\s+4\.3\.2\.1', result)
|
||||
|
||||
def test_dns_a_signed(host):
|
||||
result = host.check_output('dig +nocmd +noall +answer +dnssec hello.test.local @127.0.0.1')
|
||||
assert re.search(r'hello\.test\.local\.\s+300\s+IN\s+A\s+1\.2\.3\.4', result)
|
||||
assert re.search(r'hello\.test\.local\.\s+300\s+IN\s+RRSIG\s+A ', result)
|
||||
|
||||
def test_dns_mx(host):
|
||||
result = host.check_output('dig +nocmd +noall +answer -t mx test.local @127.0.0.1')
|
||||
assert re.search(r'test\.local\.\s+3600\s+IN\s+MX\s+20 mail\.test\.local\.', result)
|
||||
|
||||
def test_dns_srv(host):
|
||||
result = host.check_output('dig +nocmd +noall +answer -t srv hello.test.local @127.0.0.1')
|
||||
assert re.search(r'hello\.test\.local\.\s+3600\s+IN\s+SRV\s+0\s+5\s+80\s+www\.test\.local\.$', result)
|
||||
|
||||
def test_dns_caa(host):
|
||||
result = host.check_output('dig +nocmd +noall +answer -t caa hello.test.local @127.0.0.1')
|
||||
assert re.search(r'hello\.test\.local\.\s+3600\s+IN\s+CAA\s+0 issue "letsencrypt\.org', result)
|
||||
assert re.search(r'hello\.test\.local\.\s+3600\s+IN\s+CAA\s+0 iodef "mailto:root@test\.local"', result)
|
||||
|
||||
def test_dns_dnssec(host):
|
||||
result = host.check_output('dig +nocmd +noall +answer -t txt hello.local @127.0.0.1')
|
||||
assert re.search(r'"0L4M99yv8ZLptmS2GP6goHXZgTdFIyYCdfziQgoENcloUI3KshDscsoh6H6I2LA"', result)
|
|
@ -1 +0,0 @@
|
|||
../bind/default.yml
|
|
@ -1,99 +0,0 @@
|
|||
require 'serverspec'
|
||||
|
||||
set :backend, :exec
|
||||
|
||||
puts
|
||||
puts '================================'
|
||||
puts %x(ansible --version)
|
||||
puts '================================'
|
||||
|
||||
%w[
|
||||
bind9
|
||||
cron
|
||||
].each do |package|
|
||||
describe package(package) do
|
||||
it { should be_installed }
|
||||
end
|
||||
end
|
||||
|
||||
describe file('/etc/bind/zones/test.local') do
|
||||
it { should be_directory }
|
||||
it { should be_mode 755 }
|
||||
it { should be_owned_by 'bind' }
|
||||
it { should be_grouped_into 'bind' }
|
||||
end
|
||||
|
||||
describe file('/etc/bind/zones/test.local/db') do
|
||||
it { should be_file }
|
||||
it { should be_mode 644 }
|
||||
it { should be_owned_by 'root' }
|
||||
it { should be_grouped_into 'root' }
|
||||
end
|
||||
|
||||
describe file('/etc/bind/zones/test.local/db.signed') do
|
||||
it { should be_file }
|
||||
it { should be_mode 644 }
|
||||
it { should be_owned_by 'root' }
|
||||
it { should be_grouped_into 'root' }
|
||||
end
|
||||
|
||||
%w[
|
||||
absent.local
|
||||
hello.local
|
||||
disabled.local
|
||||
].each do |zone|
|
||||
describe file("/etc/bind/zones/#{zone}") do
|
||||
it { should_not exist }
|
||||
end
|
||||
end
|
||||
|
||||
describe file('/etc/bind/named.conf.local') do
|
||||
it { should be_file }
|
||||
it { should be_mode 644 }
|
||||
it { should be_owned_by 'root' }
|
||||
it { should be_grouped_into 'root' }
|
||||
it { should contain '4.2.2.4' }
|
||||
it { should contain 'inline-signing yes;' }
|
||||
end
|
||||
|
||||
describe file('/etc/bind/named.conf.options') do
|
||||
it { should be_file }
|
||||
it { should be_mode 644 }
|
||||
it { should be_owned_by 'root' }
|
||||
it { should be_grouped_into 'root' }
|
||||
it { should contain 'listen-on { any; };' }
|
||||
it { should contain 'listen-on-v6 { none; };' }
|
||||
it { should contain 'server-id "1";' }
|
||||
end
|
||||
|
||||
describe service('bind9') do
|
||||
it { should be_enabled }
|
||||
it { should be_running.under('systemd') }
|
||||
end
|
||||
|
||||
describe port(53) do
|
||||
it { should be_listening.with('tcp') }
|
||||
it { should be_listening.with('udp') }
|
||||
end
|
||||
|
||||
describe command('dig +nocmd +noall +answer +dnssec hello.test.local @127.0.0.1') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
its(:stdout) { should contain(/hello\.test\.local\.\s+300\s+IN\s+A\s+1\.2\.3\.4/) }
|
||||
its(:stdout) { should contain(/hello\.test\.local\.\s+300\s+IN\s+RRSIG\s+A /) }
|
||||
end
|
||||
|
||||
describe command('dig +nocmd +noall +answer -t mx test.local @127.0.0.1') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
its(:stdout) { should contain(/test\.local\.\s+3600\s+IN\s+MX\s+20 mail\.test\.local\./) }
|
||||
end
|
||||
|
||||
describe command('dig +nocmd +noall +answer -t srv hello.test.local @127.0.0.1') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
its(:stdout) { should contain(/hello\.test\.local\.\s+3600\s+IN\s+SRV\s+0\s+5\s+80\s+www\.test\.local\.$/) }
|
||||
end
|
||||
|
||||
describe command('dig +nocmd +noall +answer -t caa hello.test.local @127.0.0.1') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
its(:stdout) { should contain(/hello\.test\.local\.\s+3600\s+IN\s+CAA\s+0 issue "letsencrypt\.org"/) }
|
||||
its(:stdout) { should contain(/hello\.test\.local\.\s+3600\s+IN\s+CAA\s+0 iodef "mailto:root@test\.local"/) }
|
||||
end
|
|
@ -1,122 +0,0 @@
|
|||
require 'serverspec'
|
||||
|
||||
set :backend, :exec
|
||||
|
||||
puts
|
||||
puts '================================'
|
||||
puts %x(ansible --version)
|
||||
puts '================================'
|
||||
|
||||
%w[
|
||||
bind9
|
||||
cron
|
||||
].each do |package|
|
||||
describe package(package) do
|
||||
it { should be_installed }
|
||||
end
|
||||
end
|
||||
|
||||
describe file('/etc/cron.weekly/dnssec') do
|
||||
it { should be_file }
|
||||
it { should be_mode 700 }
|
||||
it { should be_owned_by 'root' }
|
||||
it { should be_grouped_into 'root' }
|
||||
it { should contain 'test.local' }
|
||||
end
|
||||
|
||||
%w[
|
||||
test.local
|
||||
hello.local
|
||||
disabled.local
|
||||
].each do |zone|
|
||||
describe file("/etc/bind/zones/#{zone}") do
|
||||
it { should be_directory }
|
||||
it { should be_mode 755 }
|
||||
it { should be_owned_by 'bind' }
|
||||
it { should be_grouped_into 'bind' }
|
||||
end
|
||||
|
||||
describe file("/etc/bind/zones/#{zone}/db") do
|
||||
it { should be_file }
|
||||
it { should be_mode 644 }
|
||||
it { should be_owned_by 'root' }
|
||||
it { should be_grouped_into 'root' }
|
||||
end
|
||||
end
|
||||
|
||||
describe file('/etc/bind/zones/test.local/db.signed') do
|
||||
it { should be_file }
|
||||
it { should be_mode 644 }
|
||||
it { should be_owned_by 'root' }
|
||||
it { should be_grouped_into 'root' }
|
||||
end
|
||||
|
||||
describe file('/etc/bind/zones/absent.local') do
|
||||
it { should_not exist }
|
||||
end
|
||||
|
||||
describe file('/etc/bind/named.conf.local') do
|
||||
it { should be_file }
|
||||
it { should be_mode 644 }
|
||||
it { should be_owned_by 'root' }
|
||||
it { should be_grouped_into 'root' }
|
||||
it { should contain '4.2.2.4' }
|
||||
it { should contain 'inline-signing yes;' }
|
||||
end
|
||||
|
||||
describe file('/etc/bind/named.conf.options') do
|
||||
it { should be_file }
|
||||
it { should be_mode 644 }
|
||||
it { should be_owned_by 'root' }
|
||||
it { should be_grouped_into 'root' }
|
||||
it { should contain 'listen-on { any; };' }
|
||||
it { should contain 'listen-on-v6 { none; };' }
|
||||
it { should contain 'server-id "1";' }
|
||||
end
|
||||
|
||||
describe service('bind9') do
|
||||
it { should be_enabled }
|
||||
it { should be_running.under('systemd') }
|
||||
end
|
||||
|
||||
describe port(53) do
|
||||
it { should be_listening.with('tcp') }
|
||||
it { should be_listening.with('udp') }
|
||||
end
|
||||
|
||||
describe command('dig +nocmd +noall +answer +dnssec hello.test.local @127.0.0.1') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
its(:stdout) { should contain(/hello\.test\.local\.\s+300\s+IN\s+A\s+1\.2\.3\.4/) }
|
||||
its(:stdout) { should contain(/hello\.test\.local\.\s+300\s+IN\s+RRSIG\s+A /) }
|
||||
end
|
||||
|
||||
describe command('dig +nocmd +noall +answer -t mx test.local @127.0.0.1') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
its(:stdout) { should contain(/test\.local\.\s+3600\s+IN\s+MX\s+20 mail\.test\.local\./) }
|
||||
end
|
||||
|
||||
describe command('dig +nocmd +noall +answer -t srv hello.test.local @127.0.0.1') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
its(:stdout) { should contain(/hello\.test\.local\.\s+3600\s+IN\s+SRV\s+0\s+5\s+80\s+www\.test\.local\.$/) }
|
||||
end
|
||||
|
||||
describe command('dig +nocmd +noall +answer -t caa hello.test.local @127.0.0.1') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
its(:stdout) { should contain(/hello\.test\.local\.\s+3600\s+IN\s+CAA\s+0 issue "letsencrypt\.org"/) }
|
||||
its(:stdout) { should contain(/hello\.test\.local\.\s+3600\s+IN\s+CAA\s+0 iodef "mailto:root@test\.local"/) }
|
||||
end
|
||||
|
||||
describe command('dig +nocmd +noall +answer hello.hello.local @127.0.0.1') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
its(:stdout) { should contain(/hello\.hello\.local\.\s+3600\s+IN\s+A\s+4\.3\.2\.1/) }
|
||||
end
|
||||
|
||||
describe command('dig +nocmd +noall +answer -t txt hello.local @127.0.0.1') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
its(:stdout) { should contain('"0L4M99yv8ZLptmS2GP6goHXZgTdFIyYCdfziQgoENcloUI3KshDscsoh6H6I2LA"') }
|
||||
end
|
||||
|
||||
describe command('/etc/cron.weekly/dnssec') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
its(:stderr) { should_not contain('dnssec-signzone: fatal') }
|
||||
end
|
|
@ -1 +0,0 @@
|
|||
localhost
|
Loading…
Reference in a new issue