verifying your ansible roles using docker, test kitchen and serverspec

Verifying your Ansible

RolesFeat: Docker, Test Kitchen, Serverspec

About me

Edmund Dipple

edmund.dipple@gmail.com

@elmundio87

Coming up…

• Test Kitchen

• Serverspec

• Ansible

• Docker

• Demo Time!

Test Driven Development

Write Failing Test

Write CodeMake Test Pass

Write tests

one at a time

Add code in small

increments

Commit often No refactoring until tests pass

Test Kitchen

• Originally designed for Chef

• Test Harness with simple

workflow

• Pluggable architecture!

Key Concepts

• Drivers <<

• Provisioners

• Platforms

Where to run your code:

Cloud infrastructure

Azure, EC2, Rackspace

Local environment

Vagrant, Docker

Key Concepts

• Drivers

• Provisioners <<

• Platforms

How to configure your environment:

Ansible, Chef, Puppet, CFEngine

Key Concepts

• Drivers

• Provisioners

• Platforms <<

Which OS to spin up:

Can be Linux or Windows if using a

VM

Test Kitchen Workflow

Create

Environments

Config

ManagementRun Tests

VerifyConverge

Ansible 101

• SSH-based configuration management

• Idempotent - Test & repair to achieve desired

state

• YML files with loops, conditionals and variables

Example Ansible role

- template:

src: foo.j2

dest: /tmp/foo.sh

- user:

name: “{{item}}”

group: admin

with_items: {{new_user}}

tasks/main.ymldefaults/main.yml

templates/foo.j2

test_var: “Hello world”

new_user: [foo,bar]

#!/bin/bash

echo {{ test_var}}Tasks

Variables

File Template

Serverspec

RSpec for your infrastructure

describe file('/etc/passwd') do

it { should be_file }

it { should exist }

end

describe package('httpd') do

it { should be_installed }

end

describe user('foo') do

it { should exist }

it { should belong_to_group ‘bar’ }

end

Resource

Matcher

Docker 101

• Image = Readonly template of a filesystem

• Container = Isolated filesystem and processes

based on an image

• Image filesystem is made up of 1 or more cached

layers

• A container is not a VM!

• Host kernel is shared with containers

Virtual Machine Docker Container

Why does this matter?

• Spinning up a new container takes very little time

• Faster feedback when testing

• Containers can run inside VMs on hardware that

doesn’t support virtualisation inside VMs

• Images take seconds to update due to caching

'In our world, fast feedback is essential' - @martinfowler

Creating a new docker image

Example Dockerfile

FROM ubuntu:15.04

RUN apt-get update

RUN apt-get install sudo openssh-server curl lsb-release -y

From Docker registry

Why test at all?

“You are already describing the

desired state of the system in

Ansible, why do it another time?”

Refactoring

Uncoupling testing

from Ansible

People get it wrong!

Installed Software

• Docker 1.8.2 (from package)

• Ansible 1.9.3 (from package)

• test-kitchen (rubygem)

• kitchen-ansible (rubygem)

• serverspec (rubygem)

Demo time!

Questions?