configuring travis-ci tests, using Kitchen with Docker, and Inspec

.kitchen.yml

+---
+driver:
+  name: docker
+
+driver_config:
+  use_sudo: false
+  privileged: true
+  provision_command: mkdir -p /run/sshd
+  run_command: /lib/systemd/systemd
+
+platforms:
+  - name: debian-9
+#  - name: ubuntu-18.04
+#  - name: fedora-27
+#  - name: centos-7
+
+provisioner:
+  name: salt_solo
+  log_level: info
+  require_chef: false
+  salt_install: bootstrap
+  salt_version: latest
+  salt_bootstrap_url: https://bootstrap.saltstack.com
+  salt_bootstrap_options: -X -p git -p curl -p sudo
+
+  formula: haproxy
+  dependencies:
+    - name: hosts
+      path: ./test/salt/salt
+
+  pillars_from_files:
+    haproxy.sls: pillar.example
+    hosts.sls: ./test/salt/pillar/hosts.sls
+
+  pillars:
+    top.sls:
+      base:
+        "*":
+          - hosts
+          - haproxy
+
+  state_top:
+    base:
+      '*':
+        - hosts
+        - haproxy
+
+verifier:
+  name: inspec
+  reporter: 
+    - cli
+  inspec_tests:
+    - path: test/integration/default
+
+suites:
+  - name: default
+

.travis.yml

+sudo: required
+cache: bundler
+language: ruby
+
+services:
+  - docker
+
+before_install:
+  - bundle install
+
+env:
+  matrix:
+    - INSTANCE: default-debian-9
+#    - INSTANCE: default-ubuntu-1804
+#    - INSTANCE: default-fedora-27
+#    - INSTANCE: default-centos-7
+
+script:
+  - bundle exec kitchen verify ${INSTANCE}
+

Gemfile

+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+gem 'test-kitchen'
+gem 'kitchen-docker'
+gem 'kitchen-salt'
+gem 'kitchen-inspec'
+

pillar.example

@@ -121,23 +121,23 @@ haproxy:
         - "X-Forwarded-Proto:\\ http"
       default_backend: www-backend
 
-    www-https:
-      bind: "*:443 ssl crt /etc/ssl/private/certificate-chain-and-key-combined.pem"
-      logformat: "%ci:%cp\\ [%t]\\ %ft\\ %b/%s\\ %Tq/%Tw/%Tc/%Tr/%Tt\\ %ST\\ %B\\ %CC\\ %CS\\ %tsc\\ %ac/%fc/%bc/%sc/%rc\\ %sq/%bq\\ %hr\\ %hs\\ %{+Q}r\\ ssl_version:%sslv\\ ssl_cipher:%sslc"
-      reqadds:
-        - "X-Forwarded-Proto:\\ https"
-      default_backend: www-backend
-      acls:
-        - url_static       path_beg       -i /static /images /javascript /stylesheets
-        - url_static       path_end       -i .jpg .gif .png .css .js
-      use_backends:
-        - static-backend  if url_static
-      extra: "rspadd  Strict-Transport-Security:\ max-age=15768000"
-    some-services:
-      bind:
-        - "*:8080"
-        - "*:8088"
-      default_backend: api-backend
+#    www-https:
+#      bind: "*:443 ssl crt /etc/ssl/private/certificate-chain-and-key-combined.pem"
+#      logformat: "%ci:%cp\\ [%t]\\ %ft\\ %b/%s\\ %Tq/%Tw/%Tc/%Tr/%Tt\\ %ST\\ %B\\ %CC\\ %CS\\ %tsc\\ %ac/%fc/%bc/%sc/%rc\\ %sq/%bq\\ %hr\\ %hs\\ %{+Q}r\\ ssl_version:%sslv\\ ssl_cipher:%sslc"
+#      reqadds:
+#        - "X-Forwarded-Proto:\\ https"
+#      default_backend: www-backend
+#      acls:
+#        - url_static       path_beg       -i /static /images /javascript /stylesheets
+#        - url_static       path_end       -i .jpg .gif .png .css .js
+#      use_backends:
+#        - static-backend  if url_static
+#      extra: "rspadd  Strict-Transport-Security:\ max-age=15768000"
+#    some-services:
+#      bind:
+#        - "*:8080"
+#        - "*:8088"
+#      default_backend: api-backend
 
   backends:
     backend1:

test/integration/default/controls/package.rb

+title 'Verify haproxy installation'
+
+describe package('haproxy') do
+    it { should be_installed }
+end
+

test/integration/default/inspec.yml

+name: default
+title: Default Profile
+version: 0.1.0
+supports:
+  - os-name: debian
+

test/salt/pillar/hosts.sls

+hosts:
+  - server1: 127.0.0.1
+  - server2: 127.0.0.1
+  - web1.example.com: 127.0.0.1
+  - web2.example.com: 127.0.0.1
+  - web3.example.com: 127.0.0.1
+  - apiserver1.example.com: 127.0.0.1
+  - apiserver2.example.com: 127.0.0.1
+ 

test/salt/salt/hosts/init.sls

+
+{% set hosts = salt['pillar.get']('hosts', []) %}
+
+{% for host in hosts %}
+  {% for name, ip in host.items() %}
+{{ name }}:
+  host.present:
+    - ip: {{ ip }}
+  {% endfor %}
+{% endfor %}
+