Ansible Tower Administration Guide Release Ansible Tower 2.4.3 ...
Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec
-
Upload
edmund-dipple -
Category
Software
-
view
493 -
download
1
Transcript of Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec
Verifying your Ansible
RolesFeat: Docker, Test Kitchen, Serverspec
Coming up…
• Test Kitchen
• Serverspec
• Ansible
• Docker
• Demo Time!
Test Driven Development
Write Failing Test
Write CodeMake Test Pass
Write tests
one at a time
Add code in small
increments
Commit often No refactoring until tests pass
Test Kitchen
• Originally designed for Chef
• Test Harness with simple
workflow
• Pluggable architecture!
Key Concepts
• Drivers <<
• Provisioners
• Platforms
Where to run your code:
Cloud infrastructure
Azure, EC2, Rackspace
Local environment
Vagrant, Docker
Key Concepts
• Drivers
• Provisioners <<
• Platforms
How to configure your environment:
Ansible, Chef, Puppet, CFEngine
Key Concepts
• Drivers
• Provisioners
• Platforms <<
Which OS to spin up:
Can be Linux or Windows if using a
VM
Test Kitchen Workflow
Create
Environments
Config
ManagementRun Tests
VerifyConverge
Ansible 101
• SSH-based configuration management
• Idempotent - Test & repair to achieve desired
state
• YML files with loops, conditionals and variables
Example Ansible role
- template:
src: foo.j2
dest: /tmp/foo.sh
- user:
name: “{{item}}”
group: admin
with_items: {{new_user}}
tasks/main.ymldefaults/main.yml
templates/foo.j2
test_var: “Hello world”
new_user: [foo,bar]
#!/bin/bash
echo {{ test_var}}Tasks
Variables
File Template
Serverspec
RSpec for your infrastructure
describe file('/etc/passwd') do
it { should be_file }
it { should exist }
end
describe package('httpd') do
it { should be_installed }
end
describe user('foo') do
it { should exist }
it { should belong_to_group ‘bar’ }
end
Resource
Matcher
Docker 101
• Image = Readonly template of a filesystem
• Container = Isolated filesystem and processes
based on an image
• Image filesystem is made up of 1 or more cached
layers
• A container is not a VM!
• Host kernel is shared with containers
Virtual Machine Docker Container
Why does this matter?
• Spinning up a new container takes very little time
• Faster feedback when testing
• Containers can run inside VMs on hardware that
doesn’t support virtualisation inside VMs
• Images take seconds to update due to caching
'In our world, fast feedback is essential' - @martinfowler
Creating a new docker image
Example Dockerfile
FROM ubuntu:15.04
RUN apt-get update
RUN apt-get install sudo openssh-server curl lsb-release -y
From Docker registry
Why test at all?
“You are already describing the
desired state of the system in
Ansible, why do it another time?”
Refactoring
Uncoupling testing
from Ansible
People get it wrong!
Installed Software
• Docker 1.8.2 (from package)
• Ansible 1.9.3 (from package)
• test-kitchen (rubygem)
• kitchen-ansible (rubygem)
• serverspec (rubygem)
Demo time!
Questions?