.gitignore

.kitchen/
recipes/

.kitchen.yml

driver:
  name: docker
  use_sudo: false
  privileged: true
  public_key: kitchen_id_rsa.pub
  private_key: kitchen_id_rsa
  run_command: /sbin/init
  chef_version: 12.13.37
provisioner:
  name: chef_solo
  require_chef_omnibus: true
  legacy_mode: true
  chef_omnibus_url: http://www.getchef.com/chef/install.sh
platforms:
- name: centos-7.2
  driver_config:
    build_options:
      tag: kitchen-centos:7.2
    dockerfile: centos-7.2
transport:
  name: rsync
  username: kitchen
suites:
- name: default
  run_list:
  - kitchen-docker-issue::default

README.md

Self contained kitchen-docker setup to reproduce the SSH auth issue after Test Kitchen 1.11+.

centos-7.2

FROM centos:7.2.1511
ENV TERM xterm

ENV container docker

VOLUME ["/sys/fs/cgroup"]
ENV init /sbin/init

RUN yum clean all && \
  yum -y install sudo util-linux-ng openssh-server && \
  # Cleanup systemd
  cd /lib/systemd/system/sysinit.target.wants/; ls | grep -v systemd-tmpfiles-setup | xargs rm -f $1 \
  rm -f /lib/systemd/system/multi-user.target.wants/*;\
  rm -f /etc/systemd/system/*.wants/*;\
  rm -f /lib/systemd/system/local-fs.target.wants/*; \
  rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
  rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
  rm -f /lib/systemd/system/basic.target.wants/*;\
  rm -f /lib/systemd/system/anaconda.target.wants/*; \
  rm -f /lib/systemd/system/plymouth*; \
  rm -f /lib/systemd/system/systemd-update-utmp* && \
  rm -f /usr/lib/tmpfiles.d/tmp.conf && \
  systemctl set-default multi-user.target && \
  # Enable SSH
  systemctl enable sshd.service && \
  # Setup kitchen user with passwordless sudo
  useradd -d /home/kitchen -m -s /bin/bash kitchen && \
  (echo kitchen:kitchen | chpasswd) && \
  mkdir -p /etc/sudoers.d && \
  echo 'kitchen ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/kitchen && \
  # remove /run/nologin which prevents ssh authentication for non-root
  ln -s /lib/systemd/system/rc-local.service /etc/systemd/system/multi-user.target.wants/rc-local.service && \
  printf "%s\n" '#!/bin/sh' 'rm -f /run/nologin' 'exit 0' > /etc/rc.d/rc.local && \
  # by default this script isn't executable, therefore systemd skips rc.local
  chmod +x /etc/rc.d/rc.local && \
  # Generate the OpenSSH server keys
  ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' && \
  ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''

# setup passwordless ssh
RUN su - kitchen -c 'mkdir /home/kitchen/.ssh && touch /home/kitchen/.ssh/authorized_keys' && \
  chmod 700 /home/kitchen/.ssh && chmod 600 /home/kitchen/.ssh/authorized_keys && \
  echo '<%= File.read(@public_key).strip %>' > /home/kitchen/.ssh/authorized_keys

# setup the rsync transport and Chef Omnibus
# setup initscripts to fix Chef service resources which depend on old behaviour
RUN yum -y install curl rsync initscripts && \
  curl -L http://www.opscode.com/chef/install.sh -o /tmp/install.sh && \
  bash /tmp/install.sh -v <%= @chef_version %>

default.rb

file '/tmp/foo.txt' do
  action :touch
end

service 'sshd' do
  action :start
end

kitchen_id_rsa

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAynKe4S5jEXYlloZafRCrbng3OctpvLuhGCBCoVjS18dYkAOY
p4Hu7KYSGxYvlC/YXYfG+4qBDrRidg3cWpcmdMo1XGBF9OQ9epZJ/uxDokpjTOEV
CK/LALO9fAeplRmRXrfAwgt5sB/zS6Gs5gUhxurZ08g4Ofqf4BNC550JOf3zx308
P0aar7yqin6/zrq6nAA7QR8QfKdqbe+0/IcqBV5p8KW4J3n6/n0GKaAgwSbL+do/
9jegPce3Ov+nHS5jNnaORXIWD4M/x3C+KHgE1aV/M5WYBK0PS4RlINVKOPCjQq64
z2csxUcl9uGvXvIJ5wVCOj/maWoPQOSoGGQJLwIDAQABAoIBAQCV4/Wkjd7Fz+8W
mtUmog/7k8B35xabqWQl48TRh11ca/kzb6Y356kJyA/BxFRn6GDPJzd5iFvzkjUQ
aUTMQfs0H38QrSs+nTqzp9CTkUSmRWNuSXx0WQv5shrKWTYC8dJDCdQLF8n6UD2n
ssW77PLMP5gWCLkwnFKA6mHv8MIjD4VTYFBcivncUJqidytxpfWnUzJCDW5l+cbZ
m0igxI1KRjAoAbtbsBndmJnk0XXmf6YQzMZrqJAOQtf2n3YBJteI8K4IJluJxqLH
aefLOW4vMUJBXLhLDt/KCiG0ZXZDA7qlDOv7BzHsJkMB3N37+aU3PZ0fI5f8I4Lo
ng69/jUJAoGBAO6JOYCsnBebrLeBB3b0VHPzDQlAQ32pZ3r283196I8UJgoMA9Ug
plUgxoDkgapFHr8ptMQj1FFPs5+hMt/JyIaJZDbY0jnH2lFEoBzc17/sxouBJnjl
+wEw+oxXdOeYqDj+FdmeVTdhBa9omLUjW5LLvgT6yjJOgiKlE7fcBVm9AoGBANlF
Ak7sP4lrHIGS/3Bat3F/k9uQAkplbUAmzrTA54Rk6sO7cx6poxNWFDjrxUgH5t9e
rJ+Vovk21pcnCu4Zm2iDeckDpMC5NK5C7m6m4D3xNweloTT+p4fUGIMsMpJT65f3
8P0opMki0Ch9CKD2Aay9zpV+N64U3MwXycmp8F9bAoGAEHocJb5Gnf7b5GUeTeI8
vzGn0d7FirWb90t9sEp1OQTsR79iuGMj+jdkXtzp9AgIQq4v1WigLumxf7JT4E+A
8YImEP/TLbiXZQu3f6blpFVHtbU7IhjIyOFIPU+BPMo3vJAYlEqymjuyd9Zizghe
N/qo6pEkTGtN4/TBMu8Y04UCgYAfvJHSv3WkeA3o63T+j3G+VXlemBGNlnU36rNE
+eyXjToxrx7ourTEbU105xOhKu5RcH3crbnpl1YPLDfPgdQOly3h6/NT53nHfqVf
ambVBXgZWNtMZ2pHT/boqjsU3sdKIoCEKjyv2LL5RxJMmMKz3eHgOlidyBRch5kF
KRqggwKBgQDAOwn5fe54radXYJ1/7oNY4a2sHguXJMZHn6A95wIldzCFD2WThYg+
1R8mNgFe3FkCIKqiDH9YXGsKfIb7xi3ygM257a5BGK52s8VrhRR7PMIOrJ/Pu5nT
00/0MkRDHeBaOjVp/nmqmj9QCadZk9Q7Vn/umNt2Qh+EtbqgBwweLg==
-----END RSA PRIVATE KEY-----

kitchen_id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKcp7hLmMRdiWWhlp9EKtueDc5y2m8u6EYIEKhWNLXx1iQA5inge7sphIbFi+UL9hdh8b7ioEOtGJ2DdxalyZ0yjVcYEX05D16lkn+7EOiSmNM4RUIr8sAs718B6mVGZFet8DCC3mwH/NLoazmBSHG6tnTyDg5+p/gE0LnnQk5/fPHfTw/RpqvvKqKfr/OurqcADtBHxB8p2pt77T8hyoFXmnwpbgnefr+fQYpoCDBJsv52j/2N6A9x7c6/6cdLmM2do5FchYPgz/HcL4oeATVpX8zlZgErQ9LhGUg1Uo48KNCrrjPZyzFRyX24a9e8gnnBUI6P+Zpag9A5KgYZAkv

metadata.rb

name             'kitchen-docker-issue'
maintainer       'SaltwaterC'
maintainer_email '[email protected]'
license          'MIT'
description      'Reproduce test-kitchen 1.11+ vs. kitchen-docker 2.5.0 authentication issue'
long_description 'Reproduce test-kitchen 1.11+ vs. kitchen-docker 2.5.0 authentication issue'
version          '0.1.0'

Rakefile

task :converge do
  # workaround gist's lack of support for directories
  mkdir 'recipes'
  cp 'default.rb', 'recipes'
  sh 'kitchen converge'
end

task :clean do
  sh 'kitchen destroy -c'
  rm_rf '.kitchen'
end