Merge pull request #36 from hardening-io/update_kitchen-ansible

Update kitchen-ansible, remove separate debian install
dev-sec · Aug 31, 2015 · b069a12 · b069a12
2 parents b6f2229 + be279bd
commit b069a12
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 42 deletions.
diff --git a/.kitchen.yml b/.kitchen.yml
@@ -5,6 +5,8 @@ provisioner:
   name: ansible_playbook
   test_repo_uri: https://github.com/TelekomLabs/tests-ssh-hardening.git
   hosts: all
+  require_ansible_repo: false
+  require_ansible_omnibus: true
 platforms:
 - name: ubuntu-12.04
   driver_config:
@@ -30,11 +32,23 @@ platforms:
   driver_config:
     box: oracle-6.5
     box_url: https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel65-64.box
+- name: debian-6
+  driver_config:
+    box: debian-6
+    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-6.0.10_chef-provisionerless.box
+- name: debian-7
+  driver_config:
+    box: debian-7
+    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-7.8_chef-provisionerless.box
+- name: debian-8
+  driver_config:
+    box: debian-8
+    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-8.1_chef-provisionerless.box
+
 suites:
 - name: default
   roles_path: roles
   hosts: all
-  require_ansible_repo: true
   ansible_verbose: true
   ansible_version: 1.9.2
   provisioner:

diff --git a/.kitchen_debian.yml b/.kitchen_debian.yml
diff --git a/README.md b/README.md
@@ -61,12 +61,9 @@ bundle exec thor kitchen:fetch-remote-tests
 # fast test on one machine
 bundle exec kitchen test default-ubuntu-1204
 
-# test on all machines except Debian-based machines
+# test on all machines
 bundle exec kitchen test
 
-# test on Debian-based machines
-KITCHEN_YAML=".kitchen_debian.yml" bundle exec kitchen test
-
 # for development
 bundle exec kitchen create default-ubuntu-1204
 bundle exec kitchen converge default-ubuntu-1204

diff --git a/ansible-install.sh b/ansible-install.sh
diff --git a/roles/ansible-ssh-hardening/templates/opensshd.conf.j2 b/roles/ansible-ssh-hardening/templates/opensshd.conf.j2
@@ -134,7 +134,7 @@ IgnoreUserKnownHosts yes
 HostbasedAuthentication no
 
 # Enable PAM to enforce system wide rules
-UsePAM {{ 'yes' if ssh_use_pam else 'no' }} 
+UsePAM {{ 'yes' if ssh_use_pam else 'no' }}
 
 # Disable password-based authentication, it can allow for potentially easier brute-force attacks.
 PasswordAuthentication no