import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( '.molecule/ansible_inventory').get_hosts(['parameters-mandatory', 'parameters-optional']) def test_installed_packages(Package): """ Tests if the required packages have been installed. """ assert Package('nginx').is_installed assert Package('virtualenv').is_installed assert Package('virtualenvwrapper').is_installed assert Package('php5-fpm').is_installed def test_nginx_user(User): """ Tests if Nginx user has been set-up correctly to traverse TLS directories. """ assert 'ssl-cert' in User('www-data').groups def test_default_tls_configuration_removed(File): """ Tests if TLS configuration has been removed from the main (default) configuration file. """ assert 'ssl_protocols' not in File('/etc/nginx/nginx.conf').content def test_nginx_configuration_verification_script(File): """ Tests if script used for verifying Nginx configuration is deployed correctly. """ script = File('/usr/local/bin/nginx_verify_site.sh') assert script.is_file assert script.user == 'root' assert script.group == 'root' assert script.mode == 0o755 def test_tls_configuration_file(File): """ Tests permissions of TLS configuration file. """ config = File('/etc/nginx/conf.d/tls.conf') assert config.is_file assert config.user == 'root' assert config.group == 'root' assert config.mode == 0o644 def test_default_vhost_file(File): """ Tests permissions of default vhost configuration file. """ config = File('/etc/nginx/sites-available/default') assert config.is_file assert config.user == 'root' assert config.group == 'root' assert config.mode == 0o640 def test_default_website_enabled(File): """ Tests if default website has been enabled. """ config = File('/etc/nginx/sites-enabled/default') assert config.is_symlink assert config.linked_to == '/etc/nginx/sites-available/default' def test_firewall_configuration_file(File, Sudo): """ Tests if firewall configuration file has been deployed correctly. """ with Sudo(): config = File('/etc/ferm/conf.d/30-web.conf') assert config.is_file assert config.user == 'root' assert config.group == 'root' assert config.mode == 0o640 def test_default_debian_index_removed(File, Sudo): """ Tests if default HTML pages provided by debian are removed. """ with Sudo(): assert not File('/var/www/html').exists def test_default_vhost_root_directory(File, Sudo): """ Tests if the default vhost root directory exists. """ directory = File('/var/www/default') assert directory.is_directory assert directory.user == 'root' assert directory.group == 'www-data' assert directory.mode == 0o750 def test_default_vhost_index_page_file(File, Sudo): """ Tests permissions of default vhost index page. """ with Sudo(): page = File('/var/www/default/index.html') assert page.is_file assert page.user == 'root' assert page.group == 'www-data' assert page.mode == 0o640 def test_services(Service): """ Tests if services are enabled at boot and running. """ service = Service('nginx') assert service.is_enabled assert service.is_running service = Service('php5-fpm') assert service.is_enabled assert service.is_running def test_sockets(Socket): """ Tests if web server is listening on correct ports. """ assert Socket("tcp://80").is_listening assert Socket("tcp://443").is_listening def test_socket_directories(File, Sudo): """ Tests if directories containing sockets for WSGI and PHP apps are created correctly. """ directory = File('/run/wsgi') assert directory.is_directory assert directory.user == 'root' assert directory.group == 'www-data' assert directory.mode == 0o750 directory = File('/run/php5-fpm') assert directory.is_directory assert directory.user == 'root' assert directory.group == 'www-data' assert directory.mode == 0o750 config = File('/etc/tmpfiles.d/wsgi.conf') assert config.is_file assert config.user == 'root' assert config.group == 'root' assert config.mode == 0o644 assert 'd /run/wsgi/ 0750 root www-data - -' in config.content config = File('/etc/tmpfiles.d/php5-fpm.conf') assert config.is_file assert config.user == 'root' assert config.group == 'root' assert config.mode == 0o644 assert 'd /run/php5-fpm/ 0750 root www-data - -' in config.content def test_php5_fpm_service_overrides(File): """ Tests if overrides for php5-fpm service are deployed correctly. """ directory = File('/etc/systemd/system/php5-fpm.service.d') assert directory.is_directory assert directory.user == 'root' assert directory.group == 'root' assert directory.mode == 0o755 config = File('/etc/systemd/system/php5-fpm.service.d/umask.conf') assert config.is_file assert config.user == 'root' assert config.group == 'root' assert config.mode == 0o644 def test_php_timezone_configuration(Command, File): """ Tests if PHP timezone configuration has been set correctly. """ config = File('/etc/php5/cli/conf.d/30-timezone.ini') assert config.is_file assert config.user == 'root' assert config.group == 'root' assert config.mode == 0o644 config = File('/etc/php5/fpm/conf.d/30-timezone.ini') assert config.is_file assert config.user == 'root' assert config.group == 'root' assert config.mode == 0o644 timezone = Command("php --php-ini /etc/php5/cli/php.ini -r 'echo ini_get(\"date.timezone\");'") assert timezone.rc == 0 assert timezone.stdout == "GMT+0" timezone = Command("php --php-ini /etc/php5/fpm/php.ini -r 'echo ini_get(\"date.timezone\");'") assert timezone.rc == 0 assert timezone.stdout == "GMT+0"