Test Driven Infrastructure for Docker

Transcript

1. Test Driven (Docker) Infrastructure: Testing containers and docker hosts ##

   github.com/de-wiring/containerspec @aschmidt75

2. Test Driven Development (TDD) is common sense. Today, infrastructure is

   code. Containers and Hosts can be spec'ed and tested

3. https://speakerdeck.com/aschmidt75/continuous-lifecycle-2013- testgetriebenes-arbeiten-im-betrieb Why test IT infrastructure?

4. https://speakerdeck.com/aschmidt75/testing-server-infrastructure-with-number-serverspec https://www.youtube.com/watch?v=o_90_W7Btwo How to test IT infrastructure?

5. serverspec.org •  by @gosukenatorand community •  like unit-tests for your

   hosts •  independend of provisioning mechanisms •  != rspec-puppet •  readable DSL, based on ruby

6. serverspec.org

7. serverspec.org – Resource types •  files •  users, groups • 

   "network": bridge, port, gateway, interface, routing_table •  "os": cgroup, service, yumrepo, cron, kernel_module, iptables, ... •  x509: certificates, keys •  windows (yesh!): iis, registry_keys

8. Ok, but that's for hosts. How do i test containers?

9. Host level - Daemon •  Ensure that dockerd is installed

   •  Configured the way you want it to be (/etc/ default/docker) •  Running with given options (i.e. selinux) •  Running TLS-enabled with correct TLS setup 1

10. Host level - Daemon •  Example spec at https://gist.github.com/aschmidt75/163c36450c9c24f21285 • 

    correct TLS keys & certs •  not listening on 0.0.0.0 •  not using docker.sock •  TLS works as expected •  ... 1

11. Host level - Daemon 1

12. Host level - Images •  Ensure that specific images are

    present •  Ensure that conditions on images are met, i.e. Maintainer is set, Ports are exposed, Environment entries are present a.s.o. •  Serverspec type does a "docker inspect", checks values. 2 (*)  h&ps://github.com/de-­‐wiring/containerspec/wiki/Specifying-­‐and-­‐tes?ng-­‐a-­‐docker-­‐setup  

13. Host level - Images 2 (*)  h&ps://github.com/de-­‐wiring/containerspec/wiki/Specifying-­‐and-­‐tes?ng-­‐a-­‐docker-­‐setup  

14. Host level - Images 2 (*)  h&ps://github.com/de-­‐wiring/containerspec/wiki/Specifying-­‐and-­‐tes?ng-­‐a-­‐docker-­‐setup  

15. Host level - Images 2 h&p://www.infrabricks.de/blog/2015/04/16/docker-­‐container-­‐mit-­‐serverspetesten-­‐teil-­‐2/  

16. Host level - Containers •  Ensure that specific containers are

    present, running within certain conditions. •  i.e. not privileged, as a certain user, not as root, exposing ports (or not), having volumes mounted (ro), having capabilities dropped or added a.s.o. 3 (*)  h&ps://github.com/de-­‐wiring/containerspec/wiki/Specifying-­‐and-­‐tes?ng-­‐a-­‐docker-­‐setup  

17. Host level - Containers 3 (*)  h&ps://github.com/de-­‐wiring/containerspec/wiki/Specifying-­‐and-­‐tes?ng-­‐a-­‐docker-­‐setup  

18. Host level - Complete Setup •  Drawback of serverspec: Tests

    only a single image / container •  containerspec is based on cucumber •  tests multiple images/containers at once •  selects by name, image repo, ... 4 (*)  h&ps://github.com/de-­‐wiring/containerspec/wiki/Specifying-­‐and-­‐tes?ng-­‐a-­‐docker-­‐setup  

19. Host level - Complete Setup 4 (*)  h&ps://github.com/de-­‐wiring/containerspec/wiki/Specifying-­‐and-­‐tes?ng-­‐a-­‐docker-­‐setup  

20. Host level - Complete Setup 4 (*)  h&ps://github.com/de-­‐wiring/containerspec/wiki/Specifying-­‐and-­‐tes?ng-­‐a-­‐docker-­‐setup  

21. Container level •  Host: ✔ •  docker backend of serverspec

    allows for looking into containers: "docker exec" •  Everything can be tested inside containers – as long as testing binaries (i.e. netstat) are installed. 5

22. Container level 5 h&p://www.infrabricks.de/blog/2015/04/16/docker-­‐container-­‐mit-­‐serverspetesten-­‐teil-­‐2/  

23. Build chains do not just produce application packages. With docker,

    they produce infrastructure. Testing Infrastructure is not that hard.

24. Thanks! @aschmidt75 github.com/de-wiring [email protected]