Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Test Driven Infrastructure for Docker

Test Driven Infrastructure for Docker

Test driven development is common sense, test driven infrastructure not. Using serverspec and related tools, it becomes really ease to test a docker setup, starting from the host, dockerd, its images and containers, and the container contents itself. References : http://www.infrabricks.de/blog/2015/04/16/docker-container-mit-serverspetesten-teil-2/ https://github.com/de-wiring/containerspec

F28d4f1634bce85c90b76b197b1413d4?s=128

Andreas Schmidt

May 08, 2015
Tweet

Transcript

  1. Test Driven (Docker) Infrastructure: Testing containers and docker hosts ##

    github.com/de-wiring/containerspec @aschmidt75
  2. Test Driven Development (TDD) is common sense. Today, infrastructure is

    code. Containers and Hosts can be spec'ed and tested
  3. https://speakerdeck.com/aschmidt75/continuous-lifecycle-2013- testgetriebenes-arbeiten-im-betrieb Why test IT infrastructure?

  4. https://speakerdeck.com/aschmidt75/testing-server-infrastructure-with-number-serverspec https://www.youtube.com/watch?v=o_90_W7Btwo How to test IT infrastructure?

  5. serverspec.org •  by @gosukenatorand community •  like unit-tests for your

    hosts •  independend of provisioning mechanisms •  != rspec-puppet •  readable DSL, based on ruby
  6. serverspec.org

  7. serverspec.org – Resource types •  files •  users, groups • 

    "network": bridge, port, gateway, interface, routing_table •  "os": cgroup, service, yumrepo, cron, kernel_module, iptables, ... •  x509: certificates, keys •  windows (yesh!): iis, registry_keys
  8. Ok, but that's for hosts. How do i test containers?

  9. Host level - Daemon •  Ensure that dockerd is installed

    •  Configured the way you want it to be (/etc/ default/docker) •  Running with given options (i.e. selinux) •  Running TLS-enabled with correct TLS setup 1
  10. Host level - Daemon •  Example spec at https://gist.github.com/aschmidt75/163c36450c9c24f21285 • 

    correct TLS keys & certs •  not listening on 0.0.0.0 •  not using docker.sock •  TLS works as expected •  ... 1
  11. Host level - Daemon 1

  12. Host level - Images •  Ensure that specific images are

    present •  Ensure that conditions on images are met, i.e. Maintainer is set, Ports are exposed, Environment entries are present a.s.o. •  Serverspec type does a "docker inspect", checks values. 2 (*)  h&ps://github.com/de-­‐wiring/containerspec/wiki/Specifying-­‐and-­‐tes?ng-­‐a-­‐docker-­‐setup  
  13. Host level - Images 2 (*)  h&ps://github.com/de-­‐wiring/containerspec/wiki/Specifying-­‐and-­‐tes?ng-­‐a-­‐docker-­‐setup  

  14. Host level - Images 2 (*)  h&ps://github.com/de-­‐wiring/containerspec/wiki/Specifying-­‐and-­‐tes?ng-­‐a-­‐docker-­‐setup  

  15. Host level - Images 2 h&p://www.infrabricks.de/blog/2015/04/16/docker-­‐container-­‐mit-­‐serverspetesten-­‐teil-­‐2/  

  16. Host level - Containers •  Ensure that specific containers are

    present, running within certain conditions. •  i.e. not privileged, as a certain user, not as root, exposing ports (or not), having volumes mounted (ro), having capabilities dropped or added a.s.o. 3 (*)  h&ps://github.com/de-­‐wiring/containerspec/wiki/Specifying-­‐and-­‐tes?ng-­‐a-­‐docker-­‐setup  
  17. Host level - Containers 3 (*)  h&ps://github.com/de-­‐wiring/containerspec/wiki/Specifying-­‐and-­‐tes?ng-­‐a-­‐docker-­‐setup  

  18. Host level - Complete Setup •  Drawback of serverspec: Tests

    only a single image / container •  containerspec is based on cucumber •  tests multiple images/containers at once •  selects by name, image repo, ... 4 (*)  h&ps://github.com/de-­‐wiring/containerspec/wiki/Specifying-­‐and-­‐tes?ng-­‐a-­‐docker-­‐setup  
  19. Host level - Complete Setup 4 (*)  h&ps://github.com/de-­‐wiring/containerspec/wiki/Specifying-­‐and-­‐tes?ng-­‐a-­‐docker-­‐setup  

  20. Host level - Complete Setup 4 (*)  h&ps://github.com/de-­‐wiring/containerspec/wiki/Specifying-­‐and-­‐tes?ng-­‐a-­‐docker-­‐setup  

  21. Container level •  Host: ✔ •  docker backend of serverspec

    allows for looking into containers: "docker exec" •  Everything can be tested inside containers – as long as testing binaries (i.e. netstat) are installed. 5
  22. Container level 5 h&p://www.infrabricks.de/blog/2015/04/16/docker-­‐container-­‐mit-­‐serverspetesten-­‐teil-­‐2/  

  23. Build chains do not just produce application packages. With docker,

    they produce infrastructure. Testing Infrastructure is not that hard.
  24. Thanks! @aschmidt75 github.com/de-wiring andreas@de-wiring.net