import os import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ["MOLECULE_INVENTORY_FILE"] ).get_hosts("all") def test_sysctl_file(host): sysctl = host.file("/etc/sysctl.d/local.conf") assert sysctl.exists assert sysctl.user == "root" assert sysctl.group == "root" assert sysctl.mode == 0o644 def test_modprobe_file(host): modprobe = host.file("/etc/modprobe.d/custom.conf") assert modprobe.exists assert modprobe.user == "root" assert modprobe.group == "root" assert modprobe.mode == 0o644 assert modprobe.contains("install usb-storage /bin/true") assert modprobe.contains("blacklist firewire-core") def test_coredump_config(host): assert host.file("/etc/sysctl.d/dump.conf").exists assert host.file("/etc/security/limits.d/dump.conf").exists assert host.file("/etc/profile.d/dump.sh").exists def test_cgroup_config(host): grub = host.file("/boot/grub2/grubenv") proc = host.run("mount -l | grep cgroup") assert grub.contains("systemd.unified_cgroup_hierarchy=1") assert "cgroup2 on /sys/fs/cgroup type cgroup2" in proc.stdout