verifying your ansible roles using docker, test kitchen and serverspec
TRANSCRIPT
![Page 1: Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec](https://reader031.vdocuments.net/reader031/viewer/2022021503/58f036461a28ab1b308b45dd/html5/thumbnails/1.jpg)
Verifying your Ansible
RolesFeat: Docker, Test Kitchen, Serverspec
![Page 3: Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec](https://reader031.vdocuments.net/reader031/viewer/2022021503/58f036461a28ab1b308b45dd/html5/thumbnails/3.jpg)
Coming up…
• Test Kitchen
• Serverspec
• Ansible
• Docker
• Demo Time!
![Page 4: Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec](https://reader031.vdocuments.net/reader031/viewer/2022021503/58f036461a28ab1b308b45dd/html5/thumbnails/4.jpg)
Test Driven Development
Write Failing Test
Write CodeMake Test Pass
Write tests
one at a time
Add code in small
increments
Commit often No refactoring until tests pass
![Page 5: Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec](https://reader031.vdocuments.net/reader031/viewer/2022021503/58f036461a28ab1b308b45dd/html5/thumbnails/5.jpg)
Test Kitchen
• Originally designed for Chef
• Test Harness with simple
workflow
• Pluggable architecture!
![Page 6: Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec](https://reader031.vdocuments.net/reader031/viewer/2022021503/58f036461a28ab1b308b45dd/html5/thumbnails/6.jpg)
Key Concepts
• Drivers <<
• Provisioners
• Platforms
Where to run your code:
Cloud infrastructure
Azure, EC2, Rackspace
Local environment
Vagrant, Docker
![Page 7: Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec](https://reader031.vdocuments.net/reader031/viewer/2022021503/58f036461a28ab1b308b45dd/html5/thumbnails/7.jpg)
Key Concepts
• Drivers
• Provisioners <<
• Platforms
How to configure your environment:
Ansible, Chef, Puppet, CFEngine
![Page 8: Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec](https://reader031.vdocuments.net/reader031/viewer/2022021503/58f036461a28ab1b308b45dd/html5/thumbnails/8.jpg)
Key Concepts
• Drivers
• Provisioners
• Platforms <<
Which OS to spin up:
Can be Linux or Windows if using a
VM
![Page 9: Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec](https://reader031.vdocuments.net/reader031/viewer/2022021503/58f036461a28ab1b308b45dd/html5/thumbnails/9.jpg)
Test Kitchen Workflow
Create
Environments
Config
ManagementRun Tests
VerifyConverge
![Page 10: Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec](https://reader031.vdocuments.net/reader031/viewer/2022021503/58f036461a28ab1b308b45dd/html5/thumbnails/10.jpg)
Ansible 101
• SSH-based configuration management
• Idempotent - Test & repair to achieve desired
state
• YML files with loops, conditionals and variables
![Page 11: Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec](https://reader031.vdocuments.net/reader031/viewer/2022021503/58f036461a28ab1b308b45dd/html5/thumbnails/11.jpg)
Example Ansible role
- template:
src: foo.j2
dest: /tmp/foo.sh
- user:
name: “{{item}}”
group: admin
with_items: {{new_user}}
tasks/main.ymldefaults/main.yml
templates/foo.j2
test_var: “Hello world”
new_user: [foo,bar]
#!/bin/bash
echo {{ test_var}}Tasks
Variables
File Template
![Page 12: Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec](https://reader031.vdocuments.net/reader031/viewer/2022021503/58f036461a28ab1b308b45dd/html5/thumbnails/12.jpg)
Serverspec
RSpec for your infrastructure
describe file('/etc/passwd') do
it { should be_file }
it { should exist }
end
describe package('httpd') do
it { should be_installed }
end
describe user('foo') do
it { should exist }
it { should belong_to_group ‘bar’ }
end
Resource
Matcher
![Page 13: Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec](https://reader031.vdocuments.net/reader031/viewer/2022021503/58f036461a28ab1b308b45dd/html5/thumbnails/13.jpg)
Docker 101
• Image = Readonly template of a filesystem
• Container = Isolated filesystem and processes
based on an image
• Image filesystem is made up of 1 or more cached
layers
• A container is not a VM!
• Host kernel is shared with containers
![Page 14: Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec](https://reader031.vdocuments.net/reader031/viewer/2022021503/58f036461a28ab1b308b45dd/html5/thumbnails/14.jpg)
Virtual Machine Docker Container
![Page 15: Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec](https://reader031.vdocuments.net/reader031/viewer/2022021503/58f036461a28ab1b308b45dd/html5/thumbnails/15.jpg)
Why does this matter?
• Spinning up a new container takes very little time
• Faster feedback when testing
• Containers can run inside VMs on hardware that
doesn’t support virtualisation inside VMs
• Images take seconds to update due to caching
'In our world, fast feedback is essential' - @martinfowler
![Page 16: Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec](https://reader031.vdocuments.net/reader031/viewer/2022021503/58f036461a28ab1b308b45dd/html5/thumbnails/16.jpg)
Creating a new docker image
Example Dockerfile
FROM ubuntu:15.04
RUN apt-get update
RUN apt-get install sudo openssh-server curl lsb-release -y
From Docker registry
![Page 17: Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec](https://reader031.vdocuments.net/reader031/viewer/2022021503/58f036461a28ab1b308b45dd/html5/thumbnails/17.jpg)
Why test at all?
“You are already describing the
desired state of the system in
Ansible, why do it another time?”
![Page 18: Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec](https://reader031.vdocuments.net/reader031/viewer/2022021503/58f036461a28ab1b308b45dd/html5/thumbnails/18.jpg)
Refactoring
Uncoupling testing
from Ansible
People get it wrong!
![Page 19: Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec](https://reader031.vdocuments.net/reader031/viewer/2022021503/58f036461a28ab1b308b45dd/html5/thumbnails/19.jpg)
Installed Software
• Docker 1.8.2 (from package)
• Ansible 1.9.3 (from package)
• test-kitchen (rubygem)
• kitchen-ansible (rubygem)
• serverspec (rubygem)
![Page 20: Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec](https://reader031.vdocuments.net/reader031/viewer/2022021503/58f036461a28ab1b308b45dd/html5/thumbnails/20.jpg)
Demo time!
![Page 21: Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec](https://reader031.vdocuments.net/reader031/viewer/2022021503/58f036461a28ab1b308b45dd/html5/thumbnails/21.jpg)
Questions?