-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathkitchen.ec2.yml
78 lines (73 loc) · 2.58 KB
/
kitchen.ec2.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
driver:
name: ec2
# subnet_filter:
# tag: 'Default'
# value: '*public*'
metadata_options:
http_tokens: required
http_put_response_hop_limit: 1
instance_metadata_tags: enabled
instance_type: t2.medium
associate_public_ip: true
interface: public
skip_cost_warning: true
privileged: true
instance_initiated_shutdown_behavior: terminate
provisioner:
name: ansible_playbook
hosts: all
require_chef_for_busser: false
require_ruby_for_busser: false
ansible_binary_path: /usr/local/bin
require_pip3: true
ansible_verbose: true
roles_path: spec/ansible/roles
galaxy_ignore_certs: true
requirements_path: spec/ansible/roles/requirements.yml
requirements_collection_path: spec/ansible/roles/requirements.yml
ansible_extra_flags: <%= ENV['ANSIBLE_EXTRA_FLAGS'] %>
suites:
- name: vanilla
provisioner:
playbook: spec/ansible/ubuntu-stig-vanilla.yml
driver:
tags:
Name: Vanilla-<%= ENV['USER'] %>
CreatedBy: test-kitchen
- name: hardened
provisioner:
playbook: spec/ansible/ubuntu-stig-hardening.yml
driver:
tags:
Name: Hardened-<%= ENV['USER'] %>
CreatedBy: test-kitchen
lifecycle:
pre_converge:
- remote: |
echo "+++ Updating APT Packages +++"
sudo apt-get update
echo ""
echo "Download the Microsoft repository keys"
wget -q https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb
echo "Register the Microsoft repository keys"
sudo dpkg -i packages-microsoft-prod.deb
echo "Delete the Microsoft repository keys file"
rm packages-microsoft-prod.deb
echo "Refresh Package Lists"
sudo apt-get update
sudo apt -y upgrade
echo "+++ Installing needed packages for test-kitchen workflow and other utilities +++\n\n"
sudo apt -y install python3 python3-pip libxml2 libxml2-dev libxslt-dev python-dev wget apt-transport-https software-properties-common powershell
# sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.6 1
sudo -H python3 -m pip install --user --upgrade pip
echo ""
echo "+++ Updating the ubuntu to keep sudo working after hardening phase +++\n\n"
sudo chage -d $(( $( date +%s ) / 86400 )) ubuntu
echo ""
echo "+++ updating ubuntu sudo config for hardening phase +++\n\n"
sudo chmod 600 /etc/sudoers && sudo sed -i'' "/ubuntu/d" /etc/sudoers && sudo chmod 400 /etc/sudoers
# echo "Add Evaluate STIG to the Workflow Post Converge"
transport:
name: ssh
#https://github.com/neillturner/kitchen-ansible/issues/295
max_ssh_sessions: 2