Initial commit

2021-09-27 17:00:36 +02:00
commit b95595ef6e
23 changed files with 1205 additions and 0 deletions
--- a/molecule/default/Dockerfile.j2
+++ b/molecule/default/Dockerfile.j2
@ -0,0 +1,21 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+{% if item.env is defined %}
+{% for var, value in item.env.items() %}
+{% if value %}
+ENV {{ var }} {{ value }}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python3 sudo bash ca-certificates iproute2 systemd && apt-get clean; \
+    elif [ $(command -v yum) ]; then yum install -y python3 sudo bash iproute systemd firewalld initscripts; \
+    elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \
+    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
+    elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@ -0,0 +1,17 @@
+---
+- name: Converge
+  hosts: all
+  roles:
+    - role: claranet.motd
+      motd_banner_template: null
+
+  pre_tasks:
+    - name: "Update APT cache"
+      apt:
+        update_cache: true
+      when:
+        - ansible_pkg_mgr == "apt"
+
+    - name: Install sshd
+      package:
+        name: openssh-server
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@ -0,0 +1,41 @@
+---
+dependency:
+  name: galaxy
+
+driver:
+  name: docker
+
+platforms:
+  - name: claranet_motd_${image:-debian}-${tag:-latest}
+    image: ${image:-debian}:${tag:-latest}
+    privileged: true
+    tty: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+    stop_signal: "SIGRTMIN+3"
+    capabilities:
+      - SYS_ADMIN
+      - SYS_TIME
+      - LINUX_IMMUTABLE
+    command: "/lib/systemd/systemd"
+
+provisioner:
+  name: ansible
+  env:
+    ANSIBLE_FORCE_COLOR: "true"
+  options:
+    v: true
+
+verifier:
+  name: testinfra
+  lint:
+    name: flake8
+  options:
+    verbose: true
+    s: true
+
+lint: |
+  set -e
+  yamllint .
+  ansible-lint
--- a/molecule/default/tests/test_default.py
+++ b/molecule/default/tests/test_default.py
@ -0,0 +1,45 @@
+#!/usr/bin/env python
+
+import os
+import stat
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ["MOLECULE_INVENTORY_FILE"]
+).get_hosts("all")
+
+motd_file_path = "/usr/local/bin/dynmotd"
+pam_line = f"session optional pam_exec.so type=open_session stdout {motd_file_path}"
+
+
+def test_banner_file(host):
+    file = host.file("/etc/banner")
+    assert not file.exists
+
+
+def test_motd_file(host):
+    file = host.file(motd_file_path)
+    assert file.exists
+    assert file.is_file
+    assert file.user == "root"
+    assert file.group == "root"
+    assert file.mode == 0o755
+
+
+def test_motd_output(host):
+    command = host.run(motd_file_path)
+    assert command.succeeded
+    assert command.stderr == ""
+    print(f"\n{command.stdout}")
+
+
+def test_pam_login_file(host):
+    file = host.file("/etc/pam.d/login")
+    assert file.exists
+    assert file.contains(pam_line)
+
+
+def test_pam_sshd_file(host):
+    file = host.file("/etc/pam.d/sshd")
+    assert file.exists
+    assert file.contains(pam_line)