serverspec 1.4.2 → 1.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -0
- data/Rakefile +1 -1
- data/lib/serverspec/helper/os.rb +2 -0
- data/lib/serverspec/setup.rb +11 -12
- data/lib/serverspec/version.rb +1 -1
- data/serverspec.gemspec +1 -1
- data/spec/fedora/cgroup_spec.rb +14 -0
- data/spec/fedora/command_spec.rb +67 -0
- data/spec/fedora/cron_spec.rb +21 -0
- data/spec/fedora/default_gateway_spec.rb +16 -0
- data/spec/fedora/file_spec.rb +413 -0
- data/spec/fedora/group_spec.rb +21 -0
- data/spec/fedora/host_spec.rb +58 -0
- data/spec/fedora/interface_spec.rb +24 -0
- data/spec/fedora/iptables_spec.rb +21 -0
- data/spec/fedora/kernel_module_spec.rb +12 -0
- data/spec/fedora/linux_kernel_parameter_spec.rb +36 -0
- data/spec/fedora/lxc_spec.rb +22 -0
- data/spec/fedora/mail_alias_spec.rb +12 -0
- data/spec/fedora/package_spec.rb +118 -0
- data/spec/fedora/php_config_spec.rb +36 -0
- data/spec/fedora/port_spec.rb +30 -0
- data/spec/fedora/process_spec.rb +41 -0
- data/spec/fedora/routing_table_spec.rb +120 -0
- data/spec/fedora/selinux_spec.rb +18 -0
- data/spec/fedora/service_spec.rb +188 -0
- data/spec/fedora/user_spec.rb +57 -0
- data/spec/fedora/yumrepo_spec.rb +25 -0
- data/spec/fedora/zfs_spec.rb +18 -0
- data/spec/redhat7/service_spec.rb +21 -0
- metadata +52 -4
@@ -0,0 +1,120 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
include SpecInfra::Helper::Fedora
|
4
|
+
|
5
|
+
describe routing_table do
|
6
|
+
let(:stdout) { "192.168.100.0/24 dev eth1 proto kernel scope link src 192.168.100.10 \r\ndefault via 192.168.100.1 dev eth0 \r\n" }
|
7
|
+
it { should have_entry( :destination => '192.168.100.0/24' ) }
|
8
|
+
its(:command) { should eq "ip route | grep -E '^192.168.100.0/24 |^default '" }
|
9
|
+
end
|
10
|
+
|
11
|
+
describe routing_table do
|
12
|
+
let(:stdout) { "192.168.100.0/24 dev eth1 proto kernel scope link src 192.168.100.10 \r\ndefault via 192.168.100.1 dev eth0 \r\n" }
|
13
|
+
it { should_not have_entry( :destination => '192.168.100.100/24' ) }
|
14
|
+
its(:command) { should eq "ip route | grep -E '^192.168.100.100/24 |^default '" }
|
15
|
+
end
|
16
|
+
|
17
|
+
describe routing_table do
|
18
|
+
let(:stdout) { "192.168.100.0/24 dev eth1 proto kernel scope link src 192.168.100.10 \r\ndefault via 192.168.100.1 dev eth0 \r\n" }
|
19
|
+
it do
|
20
|
+
should have_entry(
|
21
|
+
:destination => '192.168.100.0/24',
|
22
|
+
:gateway => '192.168.100.1'
|
23
|
+
)
|
24
|
+
end
|
25
|
+
|
26
|
+
it do
|
27
|
+
should have_entry(
|
28
|
+
:destination => '192.168.100.0/24',
|
29
|
+
:gateway => '192.168.100.1',
|
30
|
+
:interface => 'eth1'
|
31
|
+
)
|
32
|
+
end
|
33
|
+
|
34
|
+
it do
|
35
|
+
should_not have_entry(
|
36
|
+
:gateway => '192.168.100.1',
|
37
|
+
:interface => 'eth1'
|
38
|
+
)
|
39
|
+
end
|
40
|
+
|
41
|
+
it do
|
42
|
+
should_not have_entry(
|
43
|
+
:destination => '192.168.100.0/32',
|
44
|
+
:gateway => '192.168.100.1',
|
45
|
+
:interface => 'eth1'
|
46
|
+
)
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
describe routing_table do
|
51
|
+
let(:stdout) { "192.168.200.0/24 via 192.168.200.1 dev eth0 \r\ndefault via 192.168.100.1 dev eth0 \r\n" }
|
52
|
+
it { should have_entry( :destination => '192.168.200.0/24' ) }
|
53
|
+
it { should_not have_entry( :destination => '192.168.200.200/24' ) }
|
54
|
+
|
55
|
+
it do
|
56
|
+
should have_entry(
|
57
|
+
:destination => '192.168.200.0/24',
|
58
|
+
:gateway => '192.168.200.1'
|
59
|
+
)
|
60
|
+
end
|
61
|
+
|
62
|
+
it do
|
63
|
+
should have_entry(
|
64
|
+
:destination => '192.168.200.0/24',
|
65
|
+
:gateway => '192.168.200.1',
|
66
|
+
:interface => 'eth0'
|
67
|
+
)
|
68
|
+
end
|
69
|
+
|
70
|
+
it do
|
71
|
+
should_not have_entry(
|
72
|
+
:gateway => '192.168.200.1',
|
73
|
+
:interface => 'eth0'
|
74
|
+
)
|
75
|
+
end
|
76
|
+
|
77
|
+
it do
|
78
|
+
should_not have_entry(
|
79
|
+
:destination => '192.168.200.0/32',
|
80
|
+
:gateway => '192.168.200.1',
|
81
|
+
:interface => 'eth0'
|
82
|
+
)
|
83
|
+
end
|
84
|
+
end
|
85
|
+
|
86
|
+
describe routing_table do
|
87
|
+
let(:stdout) { "default via 10.0.2.2 dev eth0 \r\n" }
|
88
|
+
it { should have_entry( :destination => 'default' ) }
|
89
|
+
it { should_not have_entry( :destination => 'defaulth' ) }
|
90
|
+
|
91
|
+
it do
|
92
|
+
should have_entry(
|
93
|
+
:destination => 'default',
|
94
|
+
:gateway => '10.0.2.2'
|
95
|
+
)
|
96
|
+
end
|
97
|
+
|
98
|
+
it do
|
99
|
+
should have_entry(
|
100
|
+
:destination => 'default',
|
101
|
+
:gateway => '10.0.2.2',
|
102
|
+
:interface => 'eth0'
|
103
|
+
)
|
104
|
+
end
|
105
|
+
|
106
|
+
it do
|
107
|
+
should_not have_entry(
|
108
|
+
:gateway => '10.0.2.2',
|
109
|
+
:interface => 'eth0'
|
110
|
+
)
|
111
|
+
end
|
112
|
+
|
113
|
+
it do
|
114
|
+
should_not have_entry(
|
115
|
+
:destination => 'default',
|
116
|
+
:gateway => '10.0.2.1',
|
117
|
+
:interface => 'eth0'
|
118
|
+
)
|
119
|
+
end
|
120
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
include SpecInfra::Helper::Fedora
|
4
|
+
|
5
|
+
describe selinux do
|
6
|
+
it { should be_enforcing }
|
7
|
+
its(:command) { should eq "getenforce | grep -i -- enforcing && grep -i -- ^SELINUX=enforcing$ /etc/selinux/config" }
|
8
|
+
end
|
9
|
+
|
10
|
+
describe selinux do
|
11
|
+
it { should be_permissive }
|
12
|
+
its(:command) { should eq "getenforce | grep -i -- permissive && grep -i -- ^SELINUX=permissive$ /etc/selinux/config" }
|
13
|
+
end
|
14
|
+
|
15
|
+
describe selinux do
|
16
|
+
it { should be_disabled }
|
17
|
+
its(:command) { should eq "test ! -f /etc/selinux/config || (getenforce | grep -i -- disabled && grep -i -- ^SELINUX=disabled$ /etc/selinux/config)" }
|
18
|
+
end
|
@@ -0,0 +1,188 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
include SpecInfra::Helper::Fedora
|
4
|
+
|
5
|
+
# Fedora 15+
|
6
|
+
|
7
|
+
describe service('sshd') do
|
8
|
+
it { should be_enabled }
|
9
|
+
# TODO Find a way to make this default to multiuser.target instead
|
10
|
+
its(:command) { should eq "systemctl --plain list-dependencies runlevel3.target | grep '^sshd.service$'" }
|
11
|
+
end
|
12
|
+
|
13
|
+
describe service('invalid-service') do
|
14
|
+
it { should_not be_enabled }
|
15
|
+
end
|
16
|
+
|
17
|
+
describe service('sshd') do
|
18
|
+
it { should be_enabled.with_level(4) }
|
19
|
+
its(:command) { should eq "systemctl --plain list-dependencies runlevel4.target | grep '^sshd.service$'" }
|
20
|
+
end
|
21
|
+
|
22
|
+
describe service('sshd') do
|
23
|
+
it { should be_enabled.with_level("graphical.target") }
|
24
|
+
its(:command) { should eq "systemctl --plain list-dependencies graphical.target | grep '^sshd.service$'" }
|
25
|
+
end
|
26
|
+
|
27
|
+
describe service('invalid-service') do
|
28
|
+
it { should_not be_enabled.with_level(4) }
|
29
|
+
end
|
30
|
+
|
31
|
+
describe service('sshd') do
|
32
|
+
it { should be_running }
|
33
|
+
its(:command) { should eq "systemctl is-active sshd.service" }
|
34
|
+
end
|
35
|
+
|
36
|
+
describe service('invalid-daemon') do
|
37
|
+
it { should_not be_running }
|
38
|
+
end
|
39
|
+
|
40
|
+
describe service('sshd') do
|
41
|
+
let(:stdout) { "sshd is stopped\r\n" }
|
42
|
+
it { should be_running }
|
43
|
+
end
|
44
|
+
|
45
|
+
# Fedora 14-
|
46
|
+
|
47
|
+
host = SpecInfra.configuration.ssh ? SpecInfra.configuration.ssh.host : 'localhost'
|
48
|
+
|
49
|
+
describe service('sshd') do
|
50
|
+
before :each do
|
51
|
+
set_property :os_by_host => { host => { :family => 'fedora', :release => '14' } }
|
52
|
+
end
|
53
|
+
after :each do
|
54
|
+
property.delete :os_by_host
|
55
|
+
end
|
56
|
+
|
57
|
+
it { should be_enabled }
|
58
|
+
its(:command) { should eq "chkconfig --list sshd | grep 3:on" }
|
59
|
+
end
|
60
|
+
|
61
|
+
describe service('invalid-service') do
|
62
|
+
before :each do
|
63
|
+
set_property :os_by_host => { host => { :family => 'fedora', :release => '14' } }
|
64
|
+
end
|
65
|
+
after :each do
|
66
|
+
property.delete :os_by_host
|
67
|
+
end
|
68
|
+
|
69
|
+
it { should_not be_enabled }
|
70
|
+
end
|
71
|
+
|
72
|
+
describe service('sshd') do
|
73
|
+
before :each do
|
74
|
+
set_property :os_by_host => { host => { :family => 'fedora', :release => '14' } }
|
75
|
+
end
|
76
|
+
after :each do
|
77
|
+
property.delete :os_by_host
|
78
|
+
end
|
79
|
+
|
80
|
+
it { should be_enabled.with_level(4) }
|
81
|
+
its(:command) { should eq "chkconfig --list sshd | grep 4:on" }
|
82
|
+
end
|
83
|
+
|
84
|
+
describe service('invalid-service') do
|
85
|
+
before :each do
|
86
|
+
set_property :os_by_host => { host => { :family => 'fedora', :release => '14' } }
|
87
|
+
end
|
88
|
+
after :each do
|
89
|
+
property.delete :os_by_host
|
90
|
+
end
|
91
|
+
|
92
|
+
it { should_not be_enabled.with_level(4) }
|
93
|
+
end
|
94
|
+
|
95
|
+
describe service('sshd') do
|
96
|
+
before :each do
|
97
|
+
set_property :os_by_host => { host => { :family => 'fedora', :release => '14' } }
|
98
|
+
end
|
99
|
+
after :each do
|
100
|
+
property.delete :os_by_host
|
101
|
+
end
|
102
|
+
|
103
|
+
it { should be_running }
|
104
|
+
its(:command) { should eq "service sshd status" }
|
105
|
+
end
|
106
|
+
|
107
|
+
describe service('invalid-daemon') do
|
108
|
+
before :each do
|
109
|
+
set_property :os_by_host => { host => { :family => 'fedora', :release => '14' } }
|
110
|
+
end
|
111
|
+
after :each do
|
112
|
+
property.delete :os_by_host
|
113
|
+
end
|
114
|
+
|
115
|
+
it { should_not be_running }
|
116
|
+
end
|
117
|
+
|
118
|
+
describe service('sshd') do
|
119
|
+
before :each do
|
120
|
+
set_property :os_by_host => { host => { :family => 'fedora', :release => '14' } }
|
121
|
+
end
|
122
|
+
after :each do
|
123
|
+
property.delete :os_by_host
|
124
|
+
end
|
125
|
+
|
126
|
+
let(:stdout) { "sshd is stopped\r\n" }
|
127
|
+
it { should be_running }
|
128
|
+
end
|
129
|
+
|
130
|
+
# All versions of Fedora
|
131
|
+
|
132
|
+
describe service('sshd') do
|
133
|
+
it { should be_running.under('supervisor') }
|
134
|
+
its(:command) { should eq "supervisorctl status sshd | grep RUNNING" }
|
135
|
+
end
|
136
|
+
|
137
|
+
describe service('invalid-daemon') do
|
138
|
+
it { should_not be_running.under('supervisor') }
|
139
|
+
end
|
140
|
+
|
141
|
+
describe service('sshd') do
|
142
|
+
it { should be_running.under('upstart') }
|
143
|
+
its(:command) { should eq "initctl status sshd | grep running" }
|
144
|
+
end
|
145
|
+
|
146
|
+
describe service('invalid-daemon') do
|
147
|
+
it { should_not be_running.under('upstart') }
|
148
|
+
end
|
149
|
+
|
150
|
+
describe service('sshd') do
|
151
|
+
it {
|
152
|
+
expect {
|
153
|
+
should be_running.under('not implemented')
|
154
|
+
}.to raise_error(ArgumentError, %r/\A`be_running` matcher doesn\'t support/)
|
155
|
+
}
|
156
|
+
end
|
157
|
+
|
158
|
+
describe service('sshd') do
|
159
|
+
let(:stdout) { "Process 'sshd'\r\n status running\r\n monitoring status monitored" }
|
160
|
+
it { should be_monitored_by('monit') }
|
161
|
+
its(:command) { should eq "monit status" }
|
162
|
+
end
|
163
|
+
|
164
|
+
describe service('sshd') do
|
165
|
+
let(:stdout) { "Process 'sshd'\r\n status not monitored\r\n monitoring status not monitored" }
|
166
|
+
it { should_not be_monitored_by('monit') }
|
167
|
+
end
|
168
|
+
|
169
|
+
describe service('invalid-daemon') do
|
170
|
+
it { should_not be_monitored_by('monit') }
|
171
|
+
end
|
172
|
+
|
173
|
+
describe service('unicorn') do
|
174
|
+
it { should be_monitored_by('god') }
|
175
|
+
its(:command) { should eq "god status unicorn" }
|
176
|
+
end
|
177
|
+
|
178
|
+
describe service('invalid-daemon') do
|
179
|
+
it { should_not be_monitored_by('god') }
|
180
|
+
end
|
181
|
+
|
182
|
+
describe service('sshd') do
|
183
|
+
it {
|
184
|
+
expect {
|
185
|
+
should be_monitored_by('not implemented')
|
186
|
+
}.to raise_error(ArgumentError, %r/\A`be_monitored_by` matcher doesn\'t support/)
|
187
|
+
}
|
188
|
+
end
|
@@ -0,0 +1,57 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
include SpecInfra::Helper::Fedora
|
4
|
+
|
5
|
+
describe user('root') do
|
6
|
+
it { should exist }
|
7
|
+
its(:command) { should eq "id root" }
|
8
|
+
end
|
9
|
+
|
10
|
+
describe user('invalid-user') do
|
11
|
+
it { should_not exist }
|
12
|
+
end
|
13
|
+
|
14
|
+
describe user('root') do
|
15
|
+
it { should belong_to_group 'root' }
|
16
|
+
its(:command) { should eq "id root | awk '{print $3}' | grep -- root" }
|
17
|
+
end
|
18
|
+
|
19
|
+
describe user('root') do
|
20
|
+
it { should_not belong_to_group 'invalid-group' }
|
21
|
+
end
|
22
|
+
|
23
|
+
describe user('root') do
|
24
|
+
it { should have_uid 0 }
|
25
|
+
its(:command) { should eq "id root | grep -- \\^uid\\=0\\(" }
|
26
|
+
end
|
27
|
+
|
28
|
+
describe user('root') do
|
29
|
+
it { should_not have_uid 'invalid-uid' }
|
30
|
+
end
|
31
|
+
|
32
|
+
describe user('root') do
|
33
|
+
it { should have_login_shell '/bin/bash' }
|
34
|
+
its(:command) { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
|
35
|
+
end
|
36
|
+
|
37
|
+
describe user('root') do
|
38
|
+
it { should_not have_login_shell 'invalid-login-shell' }
|
39
|
+
end
|
40
|
+
|
41
|
+
describe user('root') do
|
42
|
+
it { should have_home_directory '/root' }
|
43
|
+
its(:command) { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
|
44
|
+
end
|
45
|
+
|
46
|
+
describe user('root') do
|
47
|
+
it { should_not have_home_directory 'invalid-home-directory' }
|
48
|
+
end
|
49
|
+
|
50
|
+
describe user('root') do
|
51
|
+
it { should have_authorized_key 'ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH foo@bar.local' }
|
52
|
+
its(:command) { should eq "grep -w -- ssh-rsa\\ ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH ~root/.ssh/authorized_keys" }
|
53
|
+
end
|
54
|
+
|
55
|
+
describe user('root') do
|
56
|
+
it { should_not have_authorized_key 'invalid-key' }
|
57
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
include SpecInfra::Helper::Fedora
|
4
|
+
|
5
|
+
describe 'Serverspec yumrepo matchers of Red Hat family' do
|
6
|
+
describe 'exist' do
|
7
|
+
describe yumrepo('epel') do
|
8
|
+
it { should exist }
|
9
|
+
end
|
10
|
+
|
11
|
+
describe yumrepo('invalid-repository') do
|
12
|
+
it { should_not exist }
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
describe 'be_enabled' do
|
17
|
+
describe yumrepo('epel') do
|
18
|
+
it { should be_enabled }
|
19
|
+
end
|
20
|
+
|
21
|
+
describe yumrepo('invalid-repository') do
|
22
|
+
it { should_not be_enabled }
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
include SpecInfra::Helper::Fedora
|
4
|
+
|
5
|
+
describe zfs('rpool') do
|
6
|
+
it { should exist }
|
7
|
+
its(:command) { should eq "zfs list -H rpool" }
|
8
|
+
end
|
9
|
+
|
10
|
+
describe zfs('rpool') do
|
11
|
+
it { should have_property 'mountpoint' => '/rpool' }
|
12
|
+
its(:command) { should eq "zfs list -H -o mountpoint rpool | grep -- \\^/rpool\\$" }
|
13
|
+
end
|
14
|
+
|
15
|
+
describe zfs('rpool') do
|
16
|
+
it { should have_property 'mountpoint' => '/rpool', 'compression' => 'off' }
|
17
|
+
its(:command) { should eq "zfs list -H -o compression rpool | grep -- \\^off\\$ && zfs list -H -o mountpoint rpool | grep -- \\^/rpool\\$" }
|
18
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
include SpecInfra::Helper::RedHat7
|
4
|
+
|
5
|
+
describe service('sshd') do
|
6
|
+
it { should be_enabled }
|
7
|
+
its(:command) { should eq "systemctl --plain list-dependencies runlevel3.target | grep '^sshd.service$'" }
|
8
|
+
end
|
9
|
+
|
10
|
+
describe service('invalid-service') do
|
11
|
+
it { should_not be_enabled }
|
12
|
+
end
|
13
|
+
|
14
|
+
describe service('sshd') do
|
15
|
+
it { should be_enabled.with_level(4) }
|
16
|
+
its(:command) { should eq "systemctl --plain list-dependencies runlevel4.target | grep '^sshd.service$'" }
|
17
|
+
end
|
18
|
+
|
19
|
+
describe service('invalid-service') do
|
20
|
+
it { should_not be_enabled.with_level(4) }
|
21
|
+
end
|