test(inspec): add tests for packages, config files & services

test/integration/default/controls/config_spec.rb

@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+
+control 'zabbix agent configuration' do
+  title 'should match desired lines'
+
+  describe file('/etc/zabbix/zabbix_agentd.conf') do
+    it { should be_file }
+    it { should be_owned_by 'root' }
+    it { should be_grouped_into 'root' }
+    its('mode') { should cmp '0644' }
+    its('content') { should include 'Server=localhost' }
+    its('content') { should include 'ListenPort=10050' }
+    its('content') { should include 'ListenIP=0.0.0.0' }
+    its('content') { should include 'ServerActive=localhost' }
+    its('content') do
+      should include(
+        'HostMetadata=c9767034-22c6-4d3d-a886-5fcaf1386b77'
+      )
+    end
+    its('content') { should include 'Include=/etc/zabbix/zabbix_agentd.d/' }
+    its('content') do
+      should include(
+        'UserParameter=net.ping[*],/usr/bin/fping -q -c3 $1 2>&1 | '\
+        'sed \'s,.*/\([0-9.]*\)/.*,\1,\''
+      )
+    end
+    its('content') do
+      should include(
+        'UserParameter=custom.vfs.dev.discovery,/usr/local/bin/dev-discovery.sh'
+      )
+    end
+  end
+end
+
+control 'zabbix server configuration' do
+  title 'should match desired lines'
+
+  server_file_group = 'zabbix'
+  server_file_mode = '0640'
+  setting_dbsocket = '/var/lib/mysql/mysql.sock'
+  case platform[:family]
+  when 'debian'
+    server_file_group = 'root'
+    server_file_mode = '0644'
+    setting_dbsocket = '/var/run/mysqld/mysqld.sock'
+  when 'fedora'
+    server_file_group = 'zabbixsrv'
+  end
+
+  # TODO: Conditional content to consider for inclusion below
+  # 'ExternalScripts=/usr/lib/zabbix/externalscripts' (fedora only)
+  # 'FpingLocation=/usr/sbin/fping' (not debian)
+  # 'Fping6Location=/usr/sbin/fping6' (not debian)
+
+  # Note: The file below is a symlink to `/etc/zabbix_server.conf` on Fedora
+  describe file('/etc/zabbix/zabbix_server.conf') do
+    it { should be_file }
+    it { should be_owned_by 'root' }
+    it { should be_grouped_into server_file_group }
+    its('mode') { should cmp server_file_mode }
+    its('content') { should include 'ListenPort=10051' }
+    its('content') { should include '# Mandatory: no' }
+    its('content') { should include 'DBHost=localhost' }
+    its('content') { should include '#	Database user. Ignored for SQLite.' }
+    its('content') { should include 'DBUser=zabbixuser' }
+    its('content') { should include 'DBPassword=zabbixpass' }
+    its('content') { should include setting_dbsocket }
+    its('content') { should include 'ListenIP=0.0.0.0' }
+  end
+end
+
+control 'zabbix web configuration' do
+  title 'should match desired lines'
+
+  describe file('/etc/zabbix/web/zabbix.conf.php') do
+    it { should be_file }
+    it { should be_owned_by 'root' }
+    it { should be_grouped_into 'root' }
+    its('mode') { should cmp '0644' }
+    its('content') { should include 'global $DB;' }
+    its('content') { should match(/\$DB\["TYPE"\].*=.*\'MYSQL\';/) }
+    its('content') { should match(/\$DB\["SERVER"\].*=.*\'localhost';/) }
+    its('content') { should match(/\$DB\["PORT"\].*=.*\'0\';/) }
+    its('content') { should match(/\$DB\["DATABASE"\].*=.*\'zabbix\';/) }
+    its('content') { should match(/\$DB\["USER"\].*=.*\'zabbixuser\';/) }
+    its('content') { should match(/\$DB\["PASSWORD"\].*=.*\'zabbixpass\';/) }
+    its('content') { should match(/\$DB\["SCHEMA"\].*=.*\'\';/) }
+    its('content') { should match(/\$ZBX_SERVER.*=.*\'localhost\';/) }
+    its('content') { should match(/\$ZBX_SERVER_PORT.*=.*\'10051\';/) }
+    its('content') do
+      should match(/\$ZBX_SERVER_NAME.*=.*\'Zabbix installed with saltstack\';/)
+    end
+    its('content') { should match(/\$IMAGE_FORMAT_DEFAULT.*=.*IMAGE_FORMAT_PNG;/) }
+  end
+end

test/integration/default/controls/packages_spec.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+pkg_agent = 'zabbix-agent'
+pkg_server = 'zabbix-server-mysql'
+pkg_web =
+  case platform[:family]
+  when 'debian'
+    'zabbix-frontend-php'
+  else
+    'zabbix-web-mysql'
+  end
+version =
+  case platform[:name]
+  when 'debian'
+    if os[:release].start_with?('10')
+      '1:4.4.0-1+buster'
+    elsif os[:release].start_with?('9')
+      '1:4.4.0-1+stretch'
+    elsif os[:release].start_with?('8')
+      '1:4.4.0-1+jessie'
+    end
+  when 'ubuntu'
+    if os[:release].start_with?('18')
+      '1:4.4.0-1+bionic'
+    elsif os[:release].start_with?('16')
+      '1:4.4.0-1+xenial'
+    end
+  when 'centos'
+    if os[:release].start_with?('8')
+      '4.4.0-1.el8'
+    elsif os[:release].start_with?('7')
+      '4.4.0-1.el7'
+    elsif os[:release].start_with?('6')
+      '4.4.0-1.el6'
+    end
+  when 'fedora'
+    if os[:release].start_with?('30')
+      '4.0.11-1.fc30'
+    elsif os[:release].start_with?('29')
+      '3.0.28-1.fc29'
+    end
+  end
+
+control 'zabbix packages' do
+  title 'should be installed'
+
+  [
+    pkg_agent,
+    pkg_server,
+    pkg_web
+  ].each do |p|
+    describe package(p) do
+      it { should be_installed }
+      its('version') { should eq version }
+    end
+  end
+end

test/integration/default/controls/services_spec.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+control 'zabbix service' do
+  impact 0.5
+  title 'should be running and enabled'
+
+  # Note: Checking the service for `zabbix-server` is not working yet on Fedora
+  services =
+    case platform[:name]
+    when 'fedora'
+      %w[zabbix-agent]
+    else
+      %w[zabbix-agent zabbix-server]
+    end
+
+  services.each do |s|
+    describe service(s) do
+      it { should be_enabled }
+      it { should be_running }
+    end
+  end
+end