0

Environment

chefdk 1.3.40

berks 5.6.4

kitchen 1.16.0

vagrant 1.9.3

After a 'kitchen login', we can see that port 80 has been opened

sudo iptables-save | grep 80
-A IN_public_allow -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT

However, when running 'kitchen verify' the test fails:

PORT 80
[MAJR]  should be listening
expected 'Port 80.listening?' to return true, got false

Here is the Inspec test:

describe port(80) do
  it { should be_listening }
end
StephenKing
  • 36,187
  • 11
  • 83
  • 112
Paul Croarkin
  • 14,496
  • 14
  • 79
  • 118
  • 1
    And is an application actually listening to port 80? Because you're just showing the iptables rules (or is the magic in the `conntrack` part)? Try `netstat -ntl`, as this is IIRC what Inspec calls. – StephenKing Apr 12 '17 at 13:34
  • No, an application is not (yet) listening. We are trying to test-drive this and that part of the recipe is still being written. netstat -ntl tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN – Paul Croarkin Apr 12 '17 at 13:45
  • @StephenKing Adding the chef_nginx recipe made this test pass. If you submit your comment as an answer, I'll accept it. Thanks! – Paul Croarkin Apr 12 '17 at 14:04
  • 1
    thanks for the feedback. Done so. – StephenKing Apr 13 '17 at 10:07

1 Answers1

3

Based on the commands provided, there is no indication that any program is actually listening to port 80. The iptables-save output only shows a firewall rule that permits incoming connections.

InSpec itself calls netstat -tulpen to gather information about listening sockets. You might want to use this to verify manually.

StephenKing
  • 36,187
  • 11
  • 83
  • 112