osdc 2014: andreas schmidt - testing server infrastructure with serverspec
DESCRIPTION
Companies that focus on cloud infrastructures for both developing and running their applications are likely to have the highest benefit of test driven infrastructure tools such as configuration management and their spec-oriented testing counterparts. However many enterprises have not moved to the cloud yet. Often limited by contracts, regulations or security considerations, they too are in need of testing their infrastructure that service providers built for them. The talk shows approaches to infrastructure testing and demonstrates the use of serverspec (http://serverspec.org/).TRANSCRIPT
© 2014 Cassini Consulting
Andreas Schmidt
Testing server infrastructure with serverspec
Cassini Consulting @cassinigmbh • IT & Management Consulting Andreas Schmidt • From Dev to Ops • Infrastructure & Deployment
Automation w/ ruby
• Purpose of infrastructure testing
• #serverspec • Examples / Demo
• Use Cases & benefits
? !
Provisioning & Delivery
Application being tested?
Servers being tested?
How is infrastructure
being specified?
„Startup“
• Recent cloud technology
• Virtual Infrastructure Provisioning
• „Phoenix Server“
„Classic“ IT Environments
• Both virtualized & non-virtualized
• Mixed Provisioning
processes
• IT outsourcing
• IT System & Software Architecture
Regulated IT Environments
• i.e. banking, insurance companies, government
• + Compliance
• + Security
Low Cost Short Cycle Time
Documentation (Internal/External) Audit Capabilities
Internal Documentation Acceptance Tests
Automated Provisioning & Configuration Management
Lower-level configuration aspects • VM infrastructure & kernel parameters • Networking • Logical volume management
Side effects • RPM post-install scripts
Documentation • Specification of infrastructure • Human Readable
Testing on machine itself
what‘s missing?
Machine parse-able Human read-able
Infrastructure Specification
serverspec • www.serverspec.org • github.com/serverspec/serverspec MIT License Gosuke Miyashita @gokusenator
„With serverspec, you can write RSpec tests for checking your servers are configured correctly.“
serverspec describe package 'openssh-server' doit { should be_installed }enddescribe file '/etc/ssh/sshd_config' doit { should be_mode 600 }it { should be_owned_by 'root' } enddescribe service 'ssh' do it { should be_enabled }end
Development box
CM code
Development box
CM code
CM code specs
Test locally
Development box
CM code
Staging
Provision
CM code specs
box „state“
Test locally
Development box
CM code
Staging
Provision
Test locally
CM code specs
box „state“
server spec
„Spec“ box
Development box
CM code
Staging
Provision
Test locally
CM code specs
box „state“
Test on server(s)
server spec
„Spec“ box
Development box
CM code
Staging
Local VM or Container
Provision
Test locally
CM code specs
box „state“
Provisio
n
Test on server(s)
server spec
„Spec“ box
Development box
CM code
Staging
Local VM or Container
Provision
Test locally
CM code specs
box „state“
Test
Provisio
n
Test on server(s)
server spec
„Spec“ box
Development box
CM code
Staging
Local VM or Container
Provision
Test locally
CM code specs
box „state“
Test
Provisio
n
Test on server(s)
server spec
„Spec“ box
$ gem install serverspec
diff-lcs, highline, rakenet-sshrspec, rspec-core, rspec-expectations, rspec-mockspecinfra, serverspec
Basics
ssh to target hosts
spec basics
„Backend“ for infrastructure tests (local/remote, command abstraction, helpers)
„Frontend“ w/ resource types à rspec
Demo • Serverspec Basics
• Overview of resource types
• Using abstractions and facts
• Introduce roles
• Environment-independent specs through properties
Monitoring vs. Spec • Dynamic Aspects
(crashed servers, services not reachable, disk full, ...)
• Mostly in „internal form“, not human readable, special checks buried in scripts
• Static Aspects (how system is built)
• Explicit form, human readable
• Keep your system up & running
• Build according to a specification and prove compliance with it
Additional tools • Comparable:
rspec-system (! beaker-rspec), rspec-system-serverspec
• Integrate serverspec into vagrant as a provisioner: github.com/jvoorhis/vagrant-serverspec
• Reporting http://vincent.bernat.im/en/blog/2014-serverspec-test-infrastructure.html
Infrastructure QA
Infrastructure regression
testing
Automated acceptance
testing
Audit Capabilities
Work test driven –
Define, build, compare your environments.
github.com/aschmidt75/serverspecplayground [email protected] xing.to/aschmidt @aschmidt75
?
Cassini Consulting Niederlassung Düsseldorf Andreas Schmidt Bennigsen-Platz 1 40474 Düsseldorf Deutschland [email protected] visit www.cassini.de
Alle Angaben basieren auf dem derzeitigen Kenntnisstand. Änderungen vorbehalten. Dieses Dokument von Cassini Consulting ist ausschließlich für den Adressaten bzw. Auftraggeber bestimmt. Es bleibt bis zur einer ausdrücklichen Übertragung von Nutzungsrechten Eigentum von Cassini. Jede Bearbeitung, Verwertung, Vervielfältigung und/oder gewerbsmäßige Verbreitung des Werkes ist nur mit Einverständnis von Cassini zulässig.