-
Notifications
You must be signed in to change notification settings - Fork 121
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
test(inspec): add tests for packages, config files & services
- Loading branch information
Showing
3 changed files
with
174 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,95 @@ | ||
# frozen_string_literal: true | ||
|
||
control 'zabbix agent configuration' do | ||
title 'should match desired lines' | ||
|
||
describe file('/etc/zabbix/zabbix_agentd.conf') do | ||
it { should be_file } | ||
it { should be_owned_by 'root' } | ||
it { should be_grouped_into 'root' } | ||
its('mode') { should cmp '0644' } | ||
its('content') { should include 'Server=localhost' } | ||
its('content') { should include 'ListenPort=10050' } | ||
its('content') { should include 'ListenIP=0.0.0.0' } | ||
its('content') { should include 'ServerActive=localhost' } | ||
its('content') do | ||
should include( | ||
'HostMetadata=c9767034-22c6-4d3d-a886-5fcaf1386b77' | ||
) | ||
end | ||
its('content') { should include 'Include=/etc/zabbix/zabbix_agentd.d/' } | ||
its('content') do | ||
should include( | ||
'UserParameter=net.ping[*],/usr/bin/fping -q -c3 $1 2>&1 | '\ | ||
'sed \'s,.*/\([0-9.]*\)/.*,\1,\'' | ||
) | ||
end | ||
its('content') do | ||
should include( | ||
'UserParameter=custom.vfs.dev.discovery,/usr/local/bin/dev-discovery.sh' | ||
) | ||
end | ||
end | ||
end | ||
|
||
control 'zabbix server configuration' do | ||
title 'should match desired lines' | ||
|
||
server_file_group = 'zabbix' | ||
server_file_mode = '0640' | ||
setting_dbsocket = '/var/lib/mysql/mysql.sock' | ||
case platform[:family] | ||
when 'debian' | ||
server_file_group = 'root' | ||
server_file_mode = '0644' | ||
setting_dbsocket = '/var/run/mysqld/mysqld.sock' | ||
when 'fedora' | ||
server_file_group = 'zabbixsrv' | ||
end | ||
|
||
# TODO: Conditional content to consider for inclusion below | ||
# 'ExternalScripts=/usr/lib/zabbix/externalscripts' (fedora only) | ||
# 'FpingLocation=/usr/sbin/fping' (not debian) | ||
# 'Fping6Location=/usr/sbin/fping6' (not debian) | ||
|
||
# Note: The file below is a symlink to `/etc/zabbix_server.conf` on Fedora | ||
describe file('/etc/zabbix/zabbix_server.conf') do | ||
it { should be_file } | ||
it { should be_owned_by 'root' } | ||
it { should be_grouped_into server_file_group } | ||
its('mode') { should cmp server_file_mode } | ||
its('content') { should include 'ListenPort=10051' } | ||
its('content') { should include '# Mandatory: no' } | ||
its('content') { should include 'DBHost=localhost' } | ||
its('content') { should include '# Database user. Ignored for SQLite.' } | ||
its('content') { should include 'DBUser=zabbixuser' } | ||
its('content') { should include 'DBPassword=zabbixpass' } | ||
its('content') { should include setting_dbsocket } | ||
its('content') { should include 'ListenIP=0.0.0.0' } | ||
end | ||
end | ||
|
||
control 'zabbix web configuration' do | ||
title 'should match desired lines' | ||
|
||
describe file('/etc/zabbix/web/zabbix.conf.php') do | ||
it { should be_file } | ||
it { should be_owned_by 'root' } | ||
it { should be_grouped_into 'root' } | ||
its('mode') { should cmp '0644' } | ||
its('content') { should include 'global $DB;' } | ||
its('content') { should match(/\$DB\["TYPE"\].*=.*\'MYSQL\';/) } | ||
its('content') { should match(/\$DB\["SERVER"\].*=.*\'localhost';/) } | ||
its('content') { should match(/\$DB\["PORT"\].*=.*\'0\';/) } | ||
its('content') { should match(/\$DB\["DATABASE"\].*=.*\'zabbix\';/) } | ||
its('content') { should match(/\$DB\["USER"\].*=.*\'zabbixuser\';/) } | ||
its('content') { should match(/\$DB\["PASSWORD"\].*=.*\'zabbixpass\';/) } | ||
its('content') { should match(/\$DB\["SCHEMA"\].*=.*\'\';/) } | ||
its('content') { should match(/\$ZBX_SERVER.*=.*\'localhost\';/) } | ||
its('content') { should match(/\$ZBX_SERVER_PORT.*=.*\'10051\';/) } | ||
its('content') do | ||
should match(/\$ZBX_SERVER_NAME.*=.*\'Zabbix installed with saltstack\';/) | ||
end | ||
its('content') { should match(/\$IMAGE_FORMAT_DEFAULT.*=.*IMAGE_FORMAT_PNG;/) } | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
# frozen_string_literal: true | ||
|
||
pkg_agent = 'zabbix-agent' | ||
pkg_server = 'zabbix-server-mysql' | ||
pkg_web = | ||
case platform[:family] | ||
when 'debian' | ||
'zabbix-frontend-php' | ||
else | ||
'zabbix-web-mysql' | ||
end | ||
version = | ||
case platform[:name] | ||
when 'debian' | ||
if os[:release].start_with?('10') | ||
'1:4.4.0-1+buster' | ||
elsif os[:release].start_with?('9') | ||
'1:4.4.0-1+stretch' | ||
elsif os[:release].start_with?('8') | ||
'1:4.4.0-1+jessie' | ||
end | ||
when 'ubuntu' | ||
if os[:release].start_with?('18') | ||
'1:4.4.0-1+bionic' | ||
elsif os[:release].start_with?('16') | ||
'1:4.4.0-1+xenial' | ||
end | ||
when 'centos' | ||
if os[:release].start_with?('8') | ||
'4.4.0-1.el8' | ||
elsif os[:release].start_with?('7') | ||
'4.4.0-1.el7' | ||
elsif os[:release].start_with?('6') | ||
'4.4.0-1.el6' | ||
end | ||
when 'fedora' | ||
if os[:release].start_with?('30') | ||
'4.0.11-1.fc30' | ||
elsif os[:release].start_with?('29') | ||
'3.0.28-1.fc29' | ||
end | ||
end | ||
|
||
control 'zabbix packages' do | ||
title 'should be installed' | ||
|
||
[ | ||
pkg_agent, | ||
pkg_server, | ||
pkg_web | ||
].each do |p| | ||
describe package(p) do | ||
it { should be_installed } | ||
its('version') { should eq version } | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# frozen_string_literal: true | ||
|
||
control 'zabbix service' do | ||
impact 0.5 | ||
title 'should be running and enabled' | ||
|
||
# Note: Checking the service for `zabbix-server` is not working yet on Fedora | ||
services = | ||
case platform[:name] | ||
when 'fedora' | ||
%w[zabbix-agent] | ||
else | ||
%w[zabbix-agent zabbix-server] | ||
end | ||
|
||
services.each do |s| | ||
describe service(s) do | ||
it { should be_enabled } | ||
it { should be_running } | ||
end | ||
end | ||
end |