Docker Testing Suite
January 5, 2024About 2 min
Docker Suite Setup
- Make sure Docker or Podman is running
- Login to your docker registry
- Clone the repository
- Go into the profile repository root dir
bundle install
export KITCHEN_LOCAL_YAML=kitchen.container.yml
(uses the kitchen-dokken driver)export VANILLA_CONTAINER_IMAGE=registry.access.redhat.com/ubi8/ubi:8.9-1028
export HARDENED_CONTAINER_IMAGE=registry1.dso.mil/ironbank/redhat/ubi/ubi8
- (optional)
export INSPEC_CONTROL='SV-230222'
Running Through the Docker Test Suite
- List the kitchen instances with:
bundle exec kitchen list
➜ redhat-enterprise-linux-8-stig-baseline git:(main*)bundle exec kitchen list
Instance Driver Provisioner Verifier Transport Last Action Last Error
vanilla-ubi8 Dokken Dummy Inspec Dokken <Not Created> <None>
hardened-ubi8 Dokken Dummy Inspec Dokken <Not Created> <None>
- Create the kitchen instance:
bundle exec kitchen create vanilla
-----> Starting Test Kitchen (v3.5.1)
-----> Creating <vanilla-ubi8>...
Creating kitchen sandbox at /Users/alippold/.dokken/kitchen_sandbox/de2da32d73-vanilla-ubi8
Creating verifier sandbox at /Users/alippold/.dokken/verifier_sandbox/de2da32d73-vanilla-ubi8
Building work image..
Creating container de2da32d73-vanilla-ubi8
Finished creating <vanilla-ubi8> (0m0.88s).
-----> Test Kitchen is finished. (0m1.77s)
- Converge the kitchen instance:
bundle exec kitchen converge vanilla
➜ redhat-enterprise-linux-8-stig-baseline git:(main*)bundle exec kitchen converge vanilla
-----> Starting Test Kitchen (v3.5.1)
-----> Converging <vanilla-ubi8>...
...
Finished converging <vanilla-ubi8> (0m0.00s).
-----> Test Kitchen is finished. (0m0.88s)
- Run InSpec on the kitchen instance:
bundle exec kitchen verify vanilla
-----> Starting Test Kitchen (v3.5.1)
-----> Verifying <vanilla-ubi8>...
Loaded redhat-enterprise-linux-8-stig-baseline
Profile: redhat-enterprise-linux-8-stig-baseline (redhat-enterprise-linux-8-stig-baseline)
Version: 1.12.0
Target: docker://c4e89b7406dc0ebf8658fe90d6384d69885a7f07ab9bfbc91c85c64483868c44
Target ID: da39a3ee-5e6b-5b0d-b255-bfef95601890
× SV-230222: RHEL 8 vendor packaged system security patches and updates must be installed and up to date. (4 failed)
...
Profile Summary: 0 successful controls, 1 control failure, 0 controls skipped
Test Summary: 0 successful, 4 failures, 0 skipped
This is not the Error Your Looking For, move along...
The error below is just Test Kitchen telling you that not all of the Contrls in the profile passed.
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: 1 actions failed.
>>>>>> Verify failed on instance <vanilla-ubi8>. Please see .kitchen/logs/vanilla-ubi8.log for more details
>>>>>> ----------------------
>>>>>> Please see .kitchen/logs/kitchen.log for more details
>>>>>> Also try running `kitchen diagnose --all` for configuration
- For steps that apply to making updates, patches, and updates to the profile, see the next section, Updating the Profile.
- Your InSpec scan results are located in the
./spec/results/
directory, named./spec/results/ubi-8_*.
- Use Heimdall Lite to load both the
hardened
andvanilla
results to ensure your changes and updates, "failed as expected and passed as expected and covered your corner cases."