Thursday, October 3, 13 1files.meetup.com/8763012/Opscode_AWS CICD Meetup_101713.pdf · Speaker...

1Thursday, October 3, 13

Testing Your Chef Infrastructure CodeTDD Your Infrastructure With Chefspec, Test-Kitchen, & Serverspec

Speaker Introduction

Charles JohnsonSolutions Engineer, Opscodecharles@opscode.com@chipadeedoodah

Your Infrastructure Code Isn’t “Just Scripts”

Cookbooks Are Source Code• Chef Cookbook source code is just like the source

code for other programs.

• Changes are tracked and versioned with source control software such as git

• Code is inert until it has been deployed

• Code can be used to re-create the desired system configuration from scratch

Cookbooks Are Artifacts• Chef Cookbook artifacts are just like the artifacts for other

programs.• Cookbooks are packaged for distribution• Cookbooks are deployed• Cookbooks are released with versions• Cookbooks are immutable once deployed• Cookbooks can depend on one another

Cookbooks Are Artifacts

“This means something! This is important!”

Cookbooks Are Artifacts

• Depending entirely on context,your infrastructure code can be either source code OR artifact.

“This means something! This is important!”

Cookbooks Are Artifacts• This sounds obvious, but it’s easy to overlook:

Treating infrastructure code only as source code or only as artifacts will lead to long-term problems when using code to manage infrastructure.

Source'Code' Ar+fact'

• A good infrastructure code workflow treats code appropriately depending on context

Code Can (Help)9Thursday, October 3, 13

But wait... Isn’t Chef a declarative language?

• Chef itself is a testing engine. Either the intent expressed is executed, or the Chef run fails!

Yes! Chef is Declarative!package "apache2" do action :installend

template "/etc/apache2/apache2.conf" do source "apache2.conf.erb" owner "root" group "root" mode "0644" variables(:allow_override => "All") notifies :reload, "service[apache2]"end

service "apache2" do action [:enable,:start] supports :reload => trueend

• Code Linting:

• Is my code properly formed?

• Signal in: Unit test

• Did I send Chef the correct command?

• Signal Processing: Convergence

• Did Chef interpret my command correctly?

• Signal out: Acceptance test

• Did my expressed intent, executed by Chef, achieve the desired result?

What and When To Test

Flickr user: Rain Rabbit

Chef Testing Tools

Chef Testing Tools• Linting: Foodcritic, Rubocop

http://acrmp.github.io/foodcritic/https://github.com/bbatsov/rubocop

• Unit Testing: Chefspechttps://github.com/acrmp/chefspec

• Convergence Testing: Test-Kitchenhttps://github.com/opscode/test-kitchen

• Acceptance Testing: ServerSpechttp://serverspec.org

Berkshelf• Cookbook manager

• No more maintaining copies ofunmodified community cookbooksin a personal repo!

• Automatically resolves all cookbook dependencies

• Artifact installer• If you’re familiar with bundler,

berks is easy• Integrates tightly with...

Make a Test Recipe

$ knife cookbook create -o . myface

Create New Cookbook

** Creating cookbook myface** Creating README for cookbook: myface** Creating CHANGELOG for cookbook: myface** Creating metadata for cookbook: myface

OPEN IN EDITOR: myface/Gemfile

source 'https://rubygems.org'

gem 'berkshelf', '~> 2.0'gem 'chefspec', '~> 2.0'gem 'foodcritic', '~> 2.2'gem 'rubocop', '~> 0.12'

group :integration do gem 'test-kitchen', '~> 1.0.0.beta' gem 'kitchen-ec2', '~> 0.7.0'end

Set Up Gemfile

OPEN IN EDITOR: myface/Berksfile

site :opscodemetadata

group :integration do cookbook 'apt', '~> 2.0'end

Set Up Berksfile

OPEN IN EDITOR: myface/recipes/default.rb

package "apache2" do action :installend

Edit default recipe

Chefspec- Signal In / Unit Test

How ChefSpec Works

Sysadmin / Developer

How ChefSpec Works

$rspec

$ mock node$ mock chef-client converge$ verify test assertions$ report results

in-memory test

How ChefSpec Works

$rspec

Finished in 0.0222 seconds2 examples, 0 failures

$ cd myface myface $ bundle install

Install Test Suite Bundle

Fetching gem metadata from https://rubygems.org/......Resolving dependencies...Installing i18n (0.6.5)Installing multi_json (1.8.0)...Using bundler (1.3.5)Your bundle is complete!Use `bundle show [gemname]` to see where a bundled gem is installed.

myface $ mkdir -p spec/unit/recipes

Create Unit Test Directories

(no output)

OPEN IN EDITOR: spec/spec_helper.rb

require 'chefspec'require 'berkshelf'

Berkshelf.ui.mute do Berkshelf::Berksfile.from_file('Berksfile').install(path: 'vendor/cookbooks/')end

RSpec.configure do |c| c.after(:suite) do # Berks will infinitely nest vendor/cookbooks/ntp on each rspec run # https://github.com/RiotGames/berkshelf/issues/828 FileUtils.rm_rf('vendor/') endend

Create the Chefspec spec_helper.rb

OPEN IN EDITOR: myface/recipes/default.rb

package "apache2" do action :installend

One more time: The Default Recipe

OPEN IN EDITOR: spec/unit/recipes/default_spec.rb

require 'spec_helper'

describe 'myface::default' do let (:chef_run) { ChefSpec::ChefRunner.new.converge 'myface::default' }

it "installs apache2" do expect(chef_run).to install_package 'apache2' end

it "starts and enables the apache2 service" do expect(chef_run).to start_service 'apache2' expect(chef_run).to set_service_to_start_on_boot 'apache2' endend

Create default_spec.rb

myface $ rspec

Run Chefspec Test Suite

Finished in 0.02124 seconds2 examples, 0 failures

Test Kitchen- Signal Processing / Convergence Test

How Test-Kitchen Works

Cloud Provisioner(Amazon EC2)

$ kitchen test

Instances

$ kitchen test

Instances

$ install Chef$ configure Chef$ copy cookbook$ run Chef$ report results

$ kitchen test

Chef Client finished, 4 resources updated Finished converging <default-ubuntu-1004> (1m24.99s).-----> Kitchen is finished. (1m25.45s)

OPEN IN EDITOR: .kitchen.yml

---driver_plugin: ec2driver_config: availability_zone: us-east-1a aws_access_key_id: <%= ENV['AWS_ACCESS_KEY_ID'] %> aws_secret_access_key: <%= ENV['AWS_SECRET_ACCESS_KEY'] %> aws_ssh_key_id: <%= ENV['EC2_SSH_KEY_NAME'] %> ssh_key: <%= ENV['EC2_SSH_KEY_PATH'] %> flavor_id: m1.small require_chef_omnibus: true

platforms:- name: ubuntu-10.04suites:- name: default run_list: - recipe[apt::default] - recipe[myface::default] attributes: {}

Create Kitchen.yml

---driver_plugin: ec2driver_config: availability_zone: us-east-1a aws_access_key_id: <%= ENV['AWS_ACCESS_KEY_ID'] %> aws_secret_access_key: <%= ENV['AWS_SECRET_ACCESS_KEY'] %> aws_ssh_key_id: <%= ENV['EC2_SSH_KEY_NAME'] %> ssh_key: <%= ENV['EC2_SSH_KEY_PATH'] %> flavor_id: m1.small require_chef_omnibus: true...

Create Kitchen.yml

...platforms:- name: ubuntu-10.04

suites:- name: default run_list: - recipe[apt::default] - recipe[myface::default] attributes: {}

Create Kitchen.yml

platforms:- name: ubuntu-10.04

Create Kitchen.yml

myface $ kitchen test

Test Myface

-----> Starting Kitchen (v1.0.0.beta.3)-----> Cleaning up any prior instances of <default-ubuntu-1004>...-----> Testing <default-ubuntu-1004>-----> Creating <default-ubuntu-1004> EC2 instance <i-e941558c> created.-----> Converging <default-ubuntu-1004>... (Lots of Chef happens here) Resolving cookbook dependencies with BerkshelfUsing myface (0.1.0)Using apt (2.1.1)... (Lots more Chef) Finished converging <default-ubuntu-1004> (1m24.99s).-----> Kitchen is finished. (1m25.45s)

Bussers & ServerSpec- Signal Out / Acceptance Test

Instance

$ install Chef$ configure Chef$ copy cookbook$ run Chef

How Kitchen Bussers Work

Instance

$ install Chef$ configure Chef$ copy cookbook$ run Chef

If acceptance tests present:$ install acceptance test framework$ copy acceptance tests$ run acceptance suite

$ report results

How Kitchen Bussers Work

Currently Supported Bussers• Minitest

• Not to be confused with chef-minitest-handler. Straight minitest, no fancy Chef-specific matchers or assertions.https://github.com/fnichol/busser-minitest

• BATS• Bash-based acceptance testing & host inspection.

https://github.com/sstephenson/bats

• ServerSpec

• Young project, aims to provide rspec-based testing & host inspection.http://serverspec.org

myface $ mkdir -p test/integration/default/serverspec/localhost

Create Serverspec Test Directories

(no output)

OPEN IN EDITOR: test/integration/default/serverspec/spec_helper.rb

require 'serverspec'require 'pathname'

include Serverspec::Helper::Execinclude Serverspec::Helper::DetectOS

RSpec.configure do |c| c.before :all do c.os = backend(Serverspec::Commands::Base).check_os endend

Create the ServerSpec spec_helper.rb

OPEN IN EDITOR: test/integration/default/serverspec/localhost/default_spec.rb

describe 'myface::default recipe' do

it 'Enables & starts the apache2 service' do expect(service 'apache2').to be_running expect(service 'apache2').to be_enabled end

OPEN IN EDITOR: test/integration/default/serverspec/localhost/default_spec.rb

describe 'myface::default recipe' do

it 'Enables & starts the apache2 service' do expect(service 'apache2').to be_running expect(service 'apache2').to be_enabled end

myface $ kitchen verify

Test Myface

-----> Starting Kitchen (v1.0.0.beta.3)-----> Cleaning up any prior instances of <default-ubuntu-1004>... (all the same stuff from before)-----> Running serverspec test suite /opt/chef/embedded/bin/ruby -I/opt/busser/suites/serverspec -S /opt/chef/embedded/bin/rspec /opt/busser/suites/serverspec/localhost/default_spec.rb .

Finished in 0.12308 seconds 1 example, 0 failures Finished verifying <default-ubuntu-1004> (0m8.99s).-----> Kitchen is finished. (1m34.66s)

Put It All Together

Chef Testing Tools

• Acceptance Testing: ServerSpechttp://serverspec.org

• New initiative: Upgrade or replace all Ubuntu 10.04 instances with Ubuntu 12.04.

New Edict: Upgrade to Ubuntu 12.04

Flickr user: iheartubuntu

• New initiative: Upgrade or replace all Ubuntu 10.04 instances with Ubuntu 12.04.

• Because we have a comprehensive automated test suite, we can easily test our infrastructure code and deploy with confidence.

New Edict: Upgrade to Ubuntu 12.04

Flickr user: iheartubuntu

...platforms:- name: ubuntu-10.04- name: ubuntu-12.04

Create Kitchen.yml

...platforms:- name: ubuntu-10.04- name: ubuntu-12.04

Create Kitchen.yml

platforms:- name: ubuntu-10.04- name: ubuntu-12.04suites:- name: default run_list: - recipe[apt::default] - recipe[myface::default] attributes: {}

Create Kitchen.yml

myface $ kitchen test --parallel

Test Myface

-----> Starting Kitchen (v1.0.0.beta.3)-----> Creating <default-ubuntu-1004>-----> Creating <default-ubuntu-1204> EC2 instance <i-f1f43688> created. EC2 instance <i-2557e15d> created.... (Chef converges)... (ServerSpec tests) EC2 instance <i-f1f43688> created. EC2 instance <i-2557e15d> created. Finished testing <default-ubuntu-1004> (3m21.22s). Finished testing <default-ubuntu-1204> (3m54.97s).-----> Kitchen is finished. (3m55.45s)

So What’s the Catch?

• Test-Kitchen is in beta & still has bugs

It’s All Bleeding Edge

fanex.com

• Serverspec is a young language

fanex.com

• Chefspec is under heavy development

fanex.com

• Chefspec is under heavy development

• Cookbook generators don’t cover all the boilerplate files & folders just yet

fanex.com

• Test-Kitchen has drivers for Vagrant, Openstack, VMware, and other cloud providers

But Wait! There’s More!

Chris Notarile

• Fancy tricks:

Chris Notarile

• Fancy tricks:

• Check out guard-kitchen in the Opscode zsh cookbook, and automatically test files when you save them!

Chris Notarile

• Fancy tricks:

• The Future:

Chris Notarile

• Fancy tricks:

• The Future:

• Support for other CM systems

Chris Notarile

• Fancy tricks:

• The Future:

• Support for other bussers

Chris Notarile

• Fancy tricks:

• The Future:

• Support for even more cloud provisioners

Chris Notarile

• Fancy tricks:

• The Future:

• Support for even more cloud provisioners

• Cookbook generators that write all these extra boilerplate files for you

Chris Notarile

Who’s this guy, again?

Charles JohnsonSolutions Engineer, Opscodecharles@opscode.com@chipadeedoodah

Questions

• Question & Answer

Thursday, October 3, 13 1files.meetup.com/8763012/Opscode_AWS CICD Meetup_101713.pdf · Speaker...

Documents

Introducing Amazon Kinesis - Meetupfiles.meetup.com/8763012/Amazon Kinesis_Sunnyvale_Meetup_06M… · Amazon Kinesis Managed Service for Streaming Data Ingestion & Processing o Origins

Liechtenauers Bloßfechten Page 1files.meetup.com/1741823/Longsword_Composite.pdf · 2011-04-19 · Liechtenauers Bloßfechten — Page 2 Here begins Master Liechtenauer’s art of

Petrin tower, Charles bridge and Charles Iv

Anton or Antoni Charles (or Charles Anton or Charles A ... or Antoni Charles (or Charles Anton or Charles A.) Hirschfelder Born about 1844 in Pozńan (Posen), Poland Anton’s brother

Nets, fishing, and forgiving Pastor Charles Pastor Charles

1files.meetup.com/284333/Dualism.doc · Web viewSimilarly, the interactionist can claim that the mind uses the brain to manifest it’s abilities in the public realm. If, like the

Othniel Charles Marsh - National Academy of …nasonline.org/publications/biographical-memoirs/memoir...OTHNIEL CHARLES MARSH BY CHARLES SCHUCIIERT Othniel Charles Marsh, for ,twelve

Quick Start Guide Sococo Team Space 20110805-1files.meetup.com/450839/Sococo Team Space Quick Start Guide.pdf · Team Space Quick Start Guide January 12, 2012, v1.1 Page 1 of 6 Introduction*

Introduction to DynamoDB - Meetupfiles.meetup.com/8763012/DatabaseDay_Deep Dive on... · Data Volume Since 2010 e Historical Current 90% of stored data generated in last 2 years 1

Charles Mitchell Lake Charles

Am 1files.meetup.com/1821363/Betsy's DooWop Song Book 1.pdf · For educational purposes G D7 Db7 Em C G baritone D7 baritone Em baritone C baritone Baritone The Dovells Kal Mann,

Resonans Kommunikation 11-09-2014 1files.meetup.com/3010392/Christopher_presentation.pdf · Christopher Jones - September 2014. Resonans Kommunikation 11-09-2014 3 WE BELIEVE THAT

Anirban Sinha Charles ‘Buck’ KrasicAnirban Sinha, Charles Buck …anirban.org/sosp07-poster.pdf · 2016. 5. 17. · Anirban Sinha Charles ‘Buck’ KrasicAnirban Sinha, Charles

An Anthology of Anthony J. Fejfar s Poetry, Vol. 1files.meetup.com/1349042/An Anthology of Anthony J...Gateway from life, To Eternity. My Soul has been to Heaven, Many times, Multidimensional

Engage Your Customers with SNS Mobile Pushfiles.meetup.com › 8763012 › AWS Meetup Presentation SNS...Mobile push notifications engage customers when your app is not currently active

AWS Security Overview - Meetupfiles.meetup.com/8763012/Bill Shinn_10-10 Security Event... · 2013-10-14 · Accelerating Security with AWS AWS Overview / Risk Management / Compliance

Agile Testing - Joe Caravella 1files.meetup.com/10712602/Agile Testing.pdf · no retros or reviews, and still doing annual or bi-annual releases • Scrum –solid understanding and

Sheet1 · CETME' CETME' Charco revolver' Charles Daly Auto' Charles Daly Field' Charles Daly Hunter' Charles Daly Miroku' Charles Daly shotgun' ... Sheet1 x' x' x'

GettingStartedWithAurora SF Loft - Meetupfiles.meetup.com/8763012/DatabaseDay_Overview of Amazon Aurora_… · Reimagining’the’relational’database ... Amazon RDS’MySQL 30K

Manuela Schirra CHARLES CORREA E IL CHARLES CORREA …