Infrastructure as Cake
Testing Your Configuration Management in the Kitchen, with Sprinkles and Love
By Jamie Tanna, https://jamietanna.co.uk
Overview
- A Crash Course in Configuration Management
- Writing Cookbooks with Chef
- Chef Utensils
- Questions
About Me
A Crash Course in Configuration Management
Let's Guage Experience Levels
"Configuration Management"
Used Chef?
Used another CM tool?
Deploy an application/website/provision instances regularly?
Used Ruby?
What is it?
Creating a repeatable, controlled fashion to make changes to a server
A way to maintain parity between environments
"the objective is to have everything that can possibly change at any point stored in a controlled manner"
Continuous Delivery, Jez Humble & David Farley
You're building quality-driven software
You're deploying said software
Shouldn't you be deploying with quality-driven config?
"Why Can't I Just Use a Shell Script?"
Using a "real language"
- Standard library
- Package ecosystem
- Edge cases / language subtleties
- Auditability / grokability
Tooling
Testable
Versionable artefacts
DSL can be exposed
Templating languages
What happens if I don't have Configuration Management?
Story time
How would you respond to this?
What Configuration Management is Not
Silver bullet
"Glorified Bash scripts"
Writing Cookbooks with Chef
What is Chef?
Ruby-based Configuration Management tool
DSL provided to make a lot of common tasks easier
A whole host of community cookbooks hosted on https://supermarket.chef.io/:
- mysql, mariadb, postgresql
- apache, nginx
- java
- node.JS
- jenkins
- openssh
Deployment
- Generally run in a Client-Server model
- Can be run server-less
Three main components:
- Client
- Server
- Supermarket
Apache 2.0 licensed
Cookbook File Structure
So what does a cookbook file structure look like?
new-cookbook
├── attributes
│ └── default.rb # what are the default configuration values?
├── Berksfile # dependency management
├── chefignore
├── LICENSE
├── metadata.rb # what is the version, name, license, dependencies?
├── README.md
├── recipes
│ └── default.rb # how do I do stuff?
├── spec
│ ├── spec_helper.rb # ChefSpec helper
│ └── unit
│ └── recipes
│ └── default_spec.rb # unit tests for the default recipe
└── test
└── smoke
└── default
└── default_test.rb # integration/smoke test for the default suite
Cooking Some Welcome Muffins
user 'create user' do
username 'jamie'
manage_home true
end
file 'creates the muffins.txt file' do
path '/home/jamie/muffins.txt'
content 'Welcome to the team!'
mode '0600'
owner 'jamie'
end
Adding a Special Touch
Attributes are a great way to make cookbooks configurable:
# attributes/default.rb
node.default['user'] = 'jamie'
# recipes/welcome.rb
user "create user #{node['user']}" do
username node['user']
manage_home true
end
file 'creates the muffins.txt file' do
path "/home/#{node['user']}/muffins.txt"
content "Welcome #{node['user']}, it's nice to meet you!"
mode '0600'
owner node['user']
end
Hey, I Thought Testing Was Important?
ChefSpec
Quickest path to testing a cookbook
Matchers for Chef resources
expect(chef_run).to_not install_package('wibble')
expect(chef_run).to run_execute('ls -al')
expect(chef_run).to render_file('/etc/os-release')
.with_content('Hello!')
Mock and test out different paths + scenarios
describe 'user-cookbook::default' do
context 'When all attributes are default, on an Ubuntu 16.04' do
let(:chef_run) do
runner = ChefSpec::ServerRunner.new(platform: 'ubuntu', version: '16.04')
runner.converge(described_recipe)
end
it 'converges successfully' do
expect { chef_run }.to_not raise_error
end
it 'creates the jamie user' do
expect(chef_run).to create_user('create user jamie')
.with(username: 'jamie')
.with(manage_home: true)
end
it 'creates the muffins.txt file' do
expect(chef_run).to create_file('creates the muffins.txt file')
.with(content: 'Welcome jamie, it\'s nice to meet you!')
.with(mode: '0600')
.with(owner: 'jamie')
end
end
end
describe 'user-cookbook::default' do
# ...
context 'When the user attribute is set' do
let(:chef_run) do
runner = ChefSpec::ServerRunner.new(platform: 'ubuntu', version: '16.04') do |node|
node.automatic['user'] = 'test'
end
runner.converge(described_recipe)
end
it 'converges successfully' do
expect { chef_run }.to_not raise_error
end
it 'creates the jamie user' do
expect(chef_run).to create_user('create user test')
.with(username: 'test')
.with(manage_home: true)
end
it 'creates the muffins.txt file' do
expect(chef_run).to create_file('creates the muffins.txt file')
.with(content: 'Welcome test, it\'s nice to meet you!')
.with(mode: '0600')
.with(owner: 'test')
end
end
end
Using context blocks for testing different OS configurations
describe 'user-cookbook::package' do
context 'On Ubuntu 16.04' do
let(:chef_run) do
runner = ChefSpec::ServerRunner.new(platform: 'ubuntu', version: '16.04')
runner.converge(described_recipe)
end
it 'installs the apache2 package' do
expect(chef_run).to install_package('Install Apache')
.with(package_name: 'apache2')
end
end
context 'On RHEL 7.2' do
let(:chef_run) do
runner = ChefSpec::ServerRunner.new(platform: 'redhat', version: '7.2')
runner.converge(described_recipe)
end
it 'installs the httpd package' do
expect(chef_run).to install_package('Install Apache')
.with(package_name: 'httpd')
end
end
end
package 'Install Apache' do
case node['platform']
when 'redhat'
package_name 'httpd'
when 'ubuntu'
package_name 'apache2'
end
end
Using context blocks for testing for error states
describe 'cookbook-spectat::install' do
context 'When site_type is valid' do
let(:chef_run) do
runner = ChefSpec::SoloRunner.new(platform: 'debian', version: '9.1') do |node|
node.automatic['site_type'] = 'static'
end
runner.converge(described_recipe)
end
it 'installs nginx' do
expect(chef_run).to install_package('Install Nginx')
.with(package_name: 'nginx')
end
end
context 'When site_type is not set' do
let(:runner) do
ChefSpec::SoloRunner.new(platform: 'debian', version: '9.1')
end
it 'throws an error' do
expect { runner.converge(described_recipe) }.to\
raise_error('Attribute site_type needs to be set to `static`')
end
end
end
if node['site_type'].nil? || 'static' != node['site_type']
raise 'Attribute site_type needs to be set to `static`'
end
package 'Install Nginx' do
package_name 'nginx'
end
Chef Utensils
Linting
Cookstyle
Ruby-specific linting
FoodCritic
FC004: Use a service resource to start and stop services:
# Don't do this
execute 'start-tomcat' do
command '/etc/init.d/tomcat6 start'
action :run
end
# Do this instead
service 'tomcat' do
action :start
end
FC041: Execute resource used to run curl or wget command
# Don't do this
execute "cd /tmp && wget 'http://example.org/'" do
action :run
end
# Do this instead
remote_file '/tmp/testfile' do
source 'http://www.example.org/'
end
Integration Testing - Test Kitchen
Unit tests are for assumptions
Does that package exist in the cache?
Unit tests can't possibly know!
Different ways to spin up the nodes:
- kitchen-docker
- kitchen-vagrant
- kitchen-ec2
- kitchen-digitalocean
---
# .kitchen.yml
driver:
name: vagrant
provisioner:
name: chef_zero
verifier:
name: inspec
platforms:
- name: debian
driver_config:
image: debian:jessie
suites:
- name: hello
run_list:
- recipe[user-cookbook::default]
attributes:
user: 'everybody'
hello: true
Stages of a kitchen test:
kitchen create:
kitchen converge:
kitchen verify:
kitchen destroy:
Integration Testing - InSpec
describe package('nginx') do
it { should be_installed }
end
describe port('443') do
it { should be_listening }
its('processes') { should include 'nginx' }
end
Compliance and audit tool
Confirm nodes are in correct state
Agent- and dependency-less
Not just for Chef
Review
A Crash Course in Configuration Management
Writing Cookbooks with Chef
Chef Utensils
Questions
Learning Resources
Learn Chef Rally - https://learn.chef.io/
Chef Certification - https://training.chef.io/certification
Food Fight Podcast - http://foodfightshow.org/
My personal blog - https://www.jvt.me/posts/tags/chef/
Intro to TDD Chef: How I Write Cookbooks (Coming Soon!) - https://gitlab.com/jamietanna/jvt.me/issues/184
Contact
@jamietanna on Twitter