.kitchen.dokken.yml

driver:
  name: dokken
  privileged: true # because Docker and SystemD/Upstart
  chef_version: <%= ENV['CHEF_VERSION'] || 'current' %>

transport:
  name: dokken

provisioner:
  name: dokken

platforms:
- name: debian-8
  driver:
    image: dokken/debian-8
    pid_one_command: /bin/systemd
    intermediate_instructions:
      - RUN /usr/bin/apt-get update
      - RUN touch /var/log/auth.log

- name: debian-9
  driver:
    image: dokken/debian-9
    pid_one_command: /bin/systemd
    intermediate_instructions:
      - RUN /usr/bin/apt-get update
      - RUN touch /var/log/auth.log

.kitchen.yml

---
driver:
  name: vagrant
  network: 
    # - ["forwarded_port", {guest: 2223, host: 2223}]
    # - ["public_network", {bridge: "enp0s31f6"}]
    # - ["public_network", {bridge: "wlp2s0"}]
  customize:
    memory: 1024
    cpus: 2

provisioner:
  name: chef_zero
  always_update_cookbooks:  <%= !ENV['CI'] %>
  roles_path: ../../roles

verifier:
  name: inspec

platforms:
  - name: debian-8
  - name: debian-9

transport:
  name: sftp
  ruby_path: /usr/bin/ruby

suites:
  # Base machine without firewall
  - name: base-wo-fw
    data_bags_path: "../../data_bags"
    run_list:
      - role[base]
    verifier:
      inspec_tests:
        - test/integration/base/default
        - test/integration/base/default_disabled_firewall
    attributes:
      ssh-hardening:
        ssh:
          ports: ['22']
      base:
        firewall:
          enable: false
  - name: base-with-fw
    data_bags_path: "../../data_bags"
    run_list:
      - role[base]
    verifier:
      inspec_tests:
        - test/integration/base/default
        - test/integration/base/default_enabled_firewall
    attributes:
      ssh-hardening:
        ssh:
          ports: ['22']
      base:
        firewall:
          open_ports: [
            { protocol: 'tcp', port: 22}
          ]

gitlab.log

Running handlers:
Running handlers complete

Deprecated features used!
  Resource sysctl_param from a cookbook is overriding the resource from the client. Please upgrade your cookbook or remove the cookbook from your run_list before the next major release of Chef. at 1 location:
    - /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-15.0.109/lib/chef/log.rb:51:in `caller_location'
   See https://docs.chef.io/deprecations_map_collision.html for further details.
  Resource cron_d from a cookbook is overriding the resource from the client. Please upgrade your cookbook or remove the cookbook from your run_list before the next major release of Chef. at 1 location:
    - /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-15.0.109/lib/chef/log.rb:51:in `caller_location'
   See https://docs.chef.io/deprecations_map_collision.html for further details.

Chef Client finished, 83/157 resources updated in 02 minutes 46 seconds
       Finished converging <base-wo-fw-debian-9> (2m48.79s).
-----> Setting up <base-wo-fw-debian-9>...
       Finished setting up <base-wo-fw-debian-9> (0m0.00s).
-----> Verifying <base-wo-fw-debian-9>...
       Loaded tests from {:path=>".builds.DevOps.clinigrid-chef.site-cookbooks.base.test.integration.base.default"} 
       Loaded tests from {:path=>".builds.DevOps.clinigrid-chef.site-cookbooks.base.test.integration.base.default_disabled_firewall"} 
[DEPRECATION] `processes.list` is deprecated. Please use `processes.entries` instead. It will be removed in version 4.0.

Profile: tests from {:path=>"/builds/DevOps/clinigrid-chef/site-cookbooks/base/test/integration/base/default"} (tests from {:path=>".builds.DevOps.clinigrid-chef.site-cookbooks.base.test.integration.base.default"})
Version: (not specified)
Target:  docker://60f6f5c73b8496c3437fa291fa102988995279cd0ea2ab88bcd50f7bf2109c65

  User root
     ↺  
  Port 22
     ↺  
  System Package htop
     ✔  should be installed
  System Package iftop
     ✔  should be installed
  System Package netcat
     ✔  should be installed
  System Package zsh
     ✔  should be installed
  System Package glances
     ✔  should be installed
  System Package dnsutils
     ✔  should be installed
  System Package traceroute
     ✔  should be installed
  Group devops
     ✔  should exist
  Group regular
     ✔  should exist
  Processes ntpd
     ✔  list.length should eq 1

Profile: tests from {:path=>"/builds/DevOps/clinigrid-chef/site-cookbooks/base/test/integration/base/default_disabled_firewall"} (tests from {:path=>".builds.DevOps.clinigrid-chef.site-cookbooks.base.test.integration.base.default_disabled_firewall"})
Version: (not specified)
Target:  docker://60f6f5c73b8496c3437fa291fa102988995279cd0ea2ab88bcd50f7bf2109c65

  Iptables
     ✔  should have rule "-P INPUT ACCEPT"
     ✔  should have rule "-P OUTPUT ACCEPT"
  Command: `ufw status`
     ✔  should not exist

Test Summary: 13 successful, 0 failures, 2 skipped
       Finished verifying <base-wo-fw-debian-9> (0m1.35s).
-----> Destroying <base-wo-fw-debian-9>...
       Deleting kitchen sandbox at /root/.dokken/kitchen_sandbox/9ccac8b2f0-base-wo-fw-debian-9
       Deleting verifier sandbox at /root/.dokken/verifier_sandbox/9ccac8b2f0-base-wo-fw-debian-9
       Finished destroying <base-wo-fw-debian-9> (0m10.89s).
       Finished testing <base-wo-fw-debian-9> (3m3.49s).
-----> Cleaning up any prior instances of <base-with-fw-debian-8>
-----> Destroying <base-with-fw-debian-8>...
       Deleting kitchen sandbox at /root/.dokken/kitchen_sandbox/9ccac8b2f0-base-with-fw-debian-8
       Deleting verifier sandbox at /root/.dokken/verifier_sandbox/9ccac8b2f0-base-with-fw-debian-8
       Finished destroying <base-with-fw-debian-8> (0m10.43s).
-----> Testing <base-with-fw-debian-8>
-----> Creating <base-with-fw-debian-8>...
       Creating kitchen sandbox at /root/.dokken/kitchen_sandbox/9ccac8b2f0-base-with-fw-debian-8
       Creating verifier sandbox at /root/.dokken/verifier_sandbox/9ccac8b2f0-base-with-fw-debian-8
       Building work image..
       Creating container 9ccac8b2f0-base-with-fw-debian-8
       Finished creating <base-with-fw-debian-8> (0m2.07s).
-----> Converging <base-with-fw-debian-8>...
       Creating kitchen sandbox in /root/.dokken/kitchen_sandbox/9ccac8b2f0-base-with-fw-debian-8
       Preparing dna.json
       Resolving cookbook dependencies with Berkshelf 7.0.7...
       Removing non-cookbook files before transfer
       Preparing data_bags
       Preparing roles
       Preparing validation.pem
       Preparing client.rb
[2019-01-03T14:12:39+00:00] WARN: *****************************************
[2019-01-03T14:12:39+00:00] WARN: Did not find config file: /opt/kitchen/client.rb, using command line options.
[2019-01-03T14:12:39+00:00] WARN: *****************************************
[2019-01-03T14:12:39+00:00] WARN: No cookbooks directory found at or above current directory.  Assuming /.
[2019-01-03T14:12:39+00:00] FATAL: Cannot load configuration from /opt/kitchen/dna.json
-----> Cleaning up any prior instances of <base-with-fw-debian-9>
-----> Destroying <base-with-fw-debian-9>...
       Deleting kitchen sandbox at /root/.dokken/kitchen_sandbox/9ccac8b2f0-base-with-fw-debian-9
       Deleting verifier sandbox at /root/.dokken/verifier_sandbox/9ccac8b2f0-base-with-fw-debian-9
       Finished destroying <base-with-fw-debian-9> (0m10.45s).
-----> Testing <base-with-fw-debian-9>
-----> Creating <base-with-fw-debian-9>...
       Creating kitchen sandbox at /root/.dokken/kitchen_sandbox/9ccac8b2f0-base-with-fw-debian-9
       Creating verifier sandbox at /root/.dokken/verifier_sandbox/9ccac8b2f0-base-with-fw-debian-9
       Building work image..
       Creating container 9ccac8b2f0-base-with-fw-debian-9
       Finished creating <base-with-fw-debian-9> (0m5.90s).
-----> Converging <base-with-fw-debian-9>...
       Creating kitchen sandbox in /root/.dokken/kitchen_sandbox/9ccac8b2f0-base-with-fw-debian-9
       Preparing dna.json
       Resolving cookbook dependencies with Berkshelf 7.0.7...
       Removing non-cookbook files before transfer
       Preparing data_bags
       Preparing roles
       Preparing validation.pem
       Preparing client.rb
[2019-01-03T14:12:57+00:00] WARN: *****************************************
[2019-01-03T14:12:57+00:00] WARN: Did not find config file: /opt/kitchen/client.rb, using command line options.
[2019-01-03T14:12:57+00:00] WARN: *****************************************
[2019-01-03T14:12:57+00:00] WARN: No cookbooks directory found at or above current directory.  Assuming /.
[2019-01-03T14:12:57+00:00] FATAL: Cannot load configuration from /opt/kitchen/dna.json
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: 3 actions failed.
>>>>>>     Converge failed on instance <base-wo-fw-debian-8>.  Please see .kitchen/logs/base-wo-fw-debian-8.log for more details
>>>>>>     Converge failed on instance <base-with-fw-debian-8>.  Please see .kitchen/logs/base-with-fw-debian-8.log for more details
>>>>>>     Converge failed on instance <base-with-fw-debian-9>.  Please see .kitchen/logs/base-with-fw-debian-9.log for more details
>>>>>> ----------------------
>>>>>> Please see .kitchen/logs/kitchen.log for more details
>>>>>> Also try running `kitchen diagnose --all` for configuration
section_end:1546524778:build_script
section_start:1546524778:after_script
section_end:1546524779:after_script
section_start:1546524779:upload_artifacts_on_failure
section_end:1546524780:upload_artifacts_on_failure
ERROR: Job failed: exit code 20