Prepare vagrant centos/7 box for role testing

This will fix the follwing issues when using the centos/7 box for role testing: * TASK [../../../openstack-ansible-security : V-38476 ... fatal: [centos7]: FAILED! => {"changed": false, "failed": true, "msg": "Missing CentOS 7 GPG keys"} The required gpg-pubkey packages are created after the import of the provided signing keys in /etc/pki/rpm-gpg. * TASK [../../../openstack-ansible-security : V-38574 ... fatal: [centos7]: FAILED! => {"changed": false, "failed": true, "msg": "Must use SHA512 for password hashing (via PAM)"} sha512 instead of md5 has to be used in /etc/pam.d/password-auth * TASK [../../../openstack-ansible-security : Check password hashing algorithm used in login.defs (for V-38576)] *** fatal: [centos7]: FAILED! => {"changed": true, "cmd": "grep '^ENCRYPT_METHOD.*SHA512' /etc/login.defs", ... sha512 instead of md5 has to be used in /etc/login.defs Change-Id: Ia40119dbf933b8102001cfe914312b17632bcf65 Co-authored-by: David Rabel <rabel@b1-systems.de>
6 years ago · dd52e48925
parent 83e3c206e8
commit dd52e48925
2 changed files with 18 additions and 0 deletions
--- a/9
+++ b/9
@ -15,6 +15,9 @@ Vagrant.configure("2") do |config|
      ansible.skip_tags = ['V-38496']
      # we need to run as sudo for a lot of the checks ansible-security runs
      ansible.raw_arguments = ['-s']
+      ansible.groups = {
+        "ubuntu" => ["ubuntu1404"]
+      }
    end
  end

@ -30,6 +33,9 @@ Vagrant.configure("2") do |config|
      ansible.skip_tags = ['V-38496']
      # we need to run as sudo for a lot of the checks ansible-security runs
      ansible.raw_arguments = ['-s']
+      ansible.groups = {
+        "ubuntu" => ["ubuntu1604"]
+      }
    end
  end

@ -45,6 +51,9 @@ Vagrant.configure("2") do |config|
      ansible.skip_tags = ['V-38496']
      # we need to run as sudo for a lot of the checks ansible-security runs
      ansible.raw_arguments = ['-s']
+      ansible.groups = {
+        "centos" => ["centos7"]
+      }
    end
  end
 end
--- a/tests/vagrant.yml
+++ b/tests/vagrant.yml
@ -13,6 +13,15 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+- name: Prepare centos/7 box for role testing
+  hosts: centos
+  tasks:
+  - name: Import all archive signing keys from /etc/pki/rpm-gpg
+    shell: rpm --import /etc/pki/rpm-gpg/*
+
+  - name: Use sha512 instead of md5 as password hashing algorithm
+    shell: authconfig --passalgo=sha512 --update
+
 - name: Playbook for role testing
  hosts: all
  roles: