dd52e48925
This will fix the follwing issues when using the centos/7 box for role testing:
* TASK [../../../openstack-ansible-security : V-38476 ...
fatal: [centos7]: FAILED! => {"changed": false, "failed": true, "msg": "Missing CentOS 7 GPG keys"}
The required gpg-pubkey packages are created after the import of the provided signing keys
in /etc/pki/rpm-gpg.
* TASK [../../../openstack-ansible-security : V-38574 ...
fatal: [centos7]: FAILED! => {"changed": false, "failed": true, "msg": "Must use SHA512 for password hashing (via PAM)"}
sha512 instead of md5 has to be used in /etc/pam.d/password-auth
* TASK [../../../openstack-ansible-security : Check password hashing algorithm used in login.defs (for V-38576)] ***
fatal: [centos7]: FAILED! => {"changed": true, "cmd": "grep '^ENCRYPT_METHOD.*SHA512' /etc/login.defs", ...
sha512 instead of md5 has to be used in /etc/login.defs
Change-Id: Ia40119dbf933b8102001cfe914312b17632bcf65
Co-authored-by: David Rabel <rabel@b1-systems.de>
61 lines
1.9 KiB
Ruby
61 lines
1.9 KiB
Ruby
# Runs the role against Ubuntu 14.04, 16.04 and CentOS 7
|
|
# for local testing purposes
|
|
|
|
Vagrant.configure("2") do |config|
|
|
|
|
config.vm.define "ubuntu1404" do |trusty|
|
|
trusty.vm.box = "ubuntu/trusty64"
|
|
trusty.vm.hostname = "sec-ansible-test-ubuntu1404"
|
|
|
|
trusty.vm.provision "ansible" do |ansible|
|
|
# ansible.verbose = "vvv"
|
|
ansible.playbook = "tests/vagrant.yml"
|
|
# we'll skip V-38496 because Vagrant itself creates the user that causes
|
|
# this to fail
|
|
ansible.skip_tags = ['V-38496']
|
|
# we need to run as sudo for a lot of the checks ansible-security runs
|
|
ansible.raw_arguments = ['-s']
|
|
ansible.groups = {
|
|
"ubuntu" => ["ubuntu1404"]
|
|
}
|
|
end
|
|
end
|
|
|
|
config.vm.define "ubuntu1604" do |trusty|
|
|
trusty.vm.box = "ubuntu/xenial64"
|
|
trusty.vm.hostname = "sec-ansible-test-ubuntu1604"
|
|
|
|
trusty.vm.provision "ansible" do |ansible|
|
|
# ansible.verbose = "vvv"
|
|
ansible.playbook = "tests/vagrant.yml"
|
|
# we'll skip V-38496 because Vagrant itself creates the user that causes
|
|
# this to fail
|
|
ansible.skip_tags = ['V-38496']
|
|
# we need to run as sudo for a lot of the checks ansible-security runs
|
|
ansible.raw_arguments = ['-s']
|
|
ansible.groups = {
|
|
"ubuntu" => ["ubuntu1604"]
|
|
}
|
|
end
|
|
end
|
|
|
|
config.vm.define "centos7" do |centos7|
|
|
centos7.vm.box = "centos/7"
|
|
centos7.vm.hostname = "sec-ansible-test-centos-7"
|
|
|
|
centos7.vm.provision "ansible" do |ansible|
|
|
# ansible.verbose = "vvv"
|
|
ansible.playbook = "tests/vagrant.yml"
|
|
# we'll skip V-38496 because Vagrant itself creates the user that causes
|
|
# this to fail
|
|
ansible.skip_tags = ['V-38496']
|
|
# we need to run as sudo for a lot of the checks ansible-security runs
|
|
ansible.raw_arguments = ['-s']
|
|
ansible.groups = {
|
|
"centos" => ["centos7"]
|
|
}
|
|
end
|
|
end
|
|
end
|
|
|