mirror of
https://github.com/dev-sec/ansible-collection-hardening
synced 2024-11-10 17:24:12 +00:00
3d98cbf67b
* add testing and support for current versions of Fedora and FreeBSD Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * add waivers for FreeBSD Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * use original fedora images Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * also harden /home mount Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * also harden /tmp mount Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * test mock efi directory Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * remove mock Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * umount efi Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * add /tmp to special mountpoints Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * set options for /tmp mount Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * create /tmp mount Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * create /tmp mount and mount it ... Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * make fewer changes to default test run Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * use correct Ansible var Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> --------- Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
63 lines
1.2 KiB
YAML
63 lines
1.2 KiB
YAML
---
|
|
dependency:
|
|
name: galaxy
|
|
options:
|
|
role-file: molecule/os_hardening/requirements.yml
|
|
driver:
|
|
name: vagrant
|
|
provider:
|
|
name: libvirt
|
|
platforms:
|
|
# we need to name every instance differently to start multiple VMs on the same host (parallelization)
|
|
# since we also need to use different OS users to run the tests because of how molecule operates,
|
|
# the VM names must be predictable by OS user (to clean up canceled runs)
|
|
- name: "${USER}"
|
|
box: "${MOLECULE_DISTRO}"
|
|
memory: 1024
|
|
cpus: 2
|
|
provisioner:
|
|
name: ansible
|
|
options:
|
|
diff: true
|
|
env:
|
|
ANSIBLE_PIPELINING: "True"
|
|
config_options:
|
|
defaults:
|
|
interpreter_python: auto_silent
|
|
callbacks_enabled: profile_tasks, timer, yaml
|
|
verifier:
|
|
name: ansible
|
|
env:
|
|
ANSIBLE_PIPELINING: "True"
|
|
|
|
scenario:
|
|
create_sequence:
|
|
- dependency
|
|
- create
|
|
- prepare
|
|
check_sequence:
|
|
- dependency
|
|
- destroy
|
|
- create
|
|
- prepare
|
|
- converge
|
|
- check
|
|
- destroy
|
|
converge_sequence:
|
|
- dependency
|
|
- create
|
|
- prepare
|
|
- converge
|
|
destroy_sequence:
|
|
- destroy
|
|
test_sequence:
|
|
- dependency
|
|
- destroy
|
|
- syntax
|
|
- create
|
|
- prepare
|
|
- check
|
|
- converge
|
|
- idempotence
|
|
- verify
|
|
- destroy
|