Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Continuously testing infrastructure

Gareth Rushgrove
September 24, 2014
Programming
21
3.5k

Continuously testing infrastructure

Talk from #puppetconf 2014 all about moving towards infrastructure as code and why policy driven development is a cool idea.

Gareth Rushgrove

September 24, 2014
Tweet

More Decks by Gareth Rushgrove

See All by Gareth Rushgrove
GTM vs Open Source
garethr
0
790
Software Build of Materials For Cloud Native applications
garethr
1
380
Evolving vulnerabilities in CycloneDX
garethr
0
380
Configuration security is a developer problem
garethr
2
2.1k
Patterns for secure container base image management
garethr
1
2k
Testing configuration with Open Policy Agent
garethr
0
550
Building a Docker Image Packaging Pipeline Using GitHub Actions
garethr
5
2.6k
The perils of configuration security
garethr
1
220
Shifting Terraform security left
garethr
3
1.7k

Other Decks in Programming

See All in Programming
Java 24まとめ / Java 24 summary
kishida
3
500
音声プラットフォームのアーキテクチャ変遷から学ぶ、クラウドネイティブなバッチ処理 (20250422_CNDS2025_Batch_Architecture)
thousanda
0
290
SwiftUI API Design Lessons
niw
1
300
generative-ai-use-cases(GenU)の推しポイント ~2025年4月版~
hideg
1
290
実践Webフロントパフォーマンスチューニング
cp20
32
6.8k
Road to RubyKaigi: Making Tinny Chiptunes with Ruby
makicamel
4
460
On-the-fly Suggestions of Rewriting Method Deprecations
ohbarye
1
3.4k
RubyKaigi Dev Meeting 2025
tenderlove
1
380
The Implementations of Advanced LR Parser Algorithm
junk0612
1
620
REALITY コマンド作成チュートリアル
nishiuriraku
0
110
fieldalignmentから見るGoの構造体
kuro_kurorrr
0
110
VitestのIn-Source Testingが便利
taro28
8
2.2k

Featured

See All Featured
Building a Scalable Design System with Sketch
lauravandoore
462
33k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
129
19k
It's Worth the Effort
3n
184
28k
The World Runs on Bad Software
bkeepers
PRO
67
11k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.4k
How to train your dragon (web standard)
notwaldorf
90
6k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Code Review Best Practice
trishagee
67
18k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
160
15k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
30
2k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5.3k

Transcript

  1. Continuously Testing Infrastructure Puppet Conf, San Francisco, 2014 Gareth Rushgrove

    Beyond Module Testing

  2. @garethr

  3. Gareth Rushgrove

  4. Gareth Rushgrove

  5. Gareth Rushgrove

  6. Not talking about

  7. Finished software Gareth Rushgrove

  8. Testing individual modules Gareth Rushgrove

  9. puppet-lint, puppet-syntax, rspec-puppet, beaker Gareth Rushgrove

  10. Gareth Rushgrove

  11. Am talking about

  12. Experiments Gareth Rushgrove

  13. Testing images and containers Gareth Rushgrove

  14. Test driving infrastructure as a service Gareth Rushgrove

  15. Testing with PuppetDB Gareth Rushgrove

  16. Testing images and containers 1

  17. Gareth Rushgrove

  18. Packer builds images based on a JSON template Gareth Rushgrove

  19. Gareth Rushgrove

  20. It has some Puppet integration too Gareth Rushgrove

  21. Gareth Rushgrove

  22. But how do we know the image works? Gareth Rushgrove

  23. Lets add some tests! Gareth Rushgrove

  24. Gareth Rushgrove

  25. shaunduncan/packer-provisioner-host-command Gareth Rushgrove

  26. serverspec.org Gareth Rushgrove

  27. Gareth Rushgrove

  28. Gareth Rushgrove

  29. Gareth Rushgrove

  30. Serverspec also supports port, file, ppa, selinux, user, group, lxc,

    iptables, cron and more Gareth Rushgrove

  31. Only publish the image if the tests pass Gareth Rushgrove

  32. Run tests automatically with a continuous integration system Gareth Rushgrove

  33. Gareth Rushgrove

  34. Gareth Rushgrove

  35. garethr/packer-serverspec-example Gareth Rushgrove

  36. Gareth Rushgrove

  37. Same approach works with containers too Gareth Rushgrove

  38. Gareth Rushgrove

  39. garethr/docker-spec-example Gareth Rushgrove

  40. Test drive your IaaS 2

  41. Test driven development Gareth Rushgrove

  42. First the developer writes an automated test case that defines

    a desired improvement or new function Gareth Rushgrove

  43. Then produces the minimum amount of code to pass that

    test Gareth Rushgrove

  44. And finally refactors the new code Gareth Rushgrove

  45. Gareth Rushgrove First the developer writes an automated test case

    that defines a desired improvement or new function

  46. Your infrastructure should! have an API Gareth Rushgrove

  47. What if we write assertions against! that API? Gareth Rushgrove

  48. Aside: Clojure 2.1

  49. Gareth Rushgrove

  50. Great for building DSLs Gareth Rushgrove

  51. Don’t worry, you could write the examples in any language

    Gareth Rushgrove

  52. Policy driven development Gareth Rushgrove

  53. I don’t want to launch too many nodes, they’re expensive

    Gareth Rushgrove Policy

  54. Gareth Rushgrove

  55. I don’t want any stopped nodes, they are costing me

    money Gareth Rushgrove Policy

  56. Gareth Rushgrove

  57. Large nodes are really expensive, so limit their usage Gareth

    Rushgrove Policy

  58. Gareth Rushgrove

  59. We should be backing up every node Gareth Rushgrove Policy

  60. Gareth Rushgrove

  61. I only want nodes in London and ! San Francisco

    Gareth Rushgrove Policy

  62. Gareth Rushgrove

  63. All our nodes should be named environment-name Gareth Rushgrove Policy

  64. Gareth Rushgrove

  65. garethr/digitalocean-expect Gareth Rushgrove

  66. Gareth Rushgrove

  67. Now we have the tests, we can provision some infrastructure

    Gareth Rushgrove

  68. Aside: Provisioning with Puppet 2.2

  69. Gareth Rushgrove

  70. Gareth Rushgrove

  71. puppetlabs/gce_compute Gareth Rushgrove

  72. Gareth Rushgrove

  73. Gareth Rushgrove

  74. garethr/digitalocean Gareth Rushgrove

  75. Gareth Rushgrove

  76. bobtfish/aws_api Gareth Rushgrove

  77. Testing with PuppetDB 3

  78. Aside: PuppetDB 3.1

  79. puppetlabs/puppetdb Gareth Rushgrove

  80. PuppetDB can store a lot of data about your infrastructure

    Gareth Rushgrove

  81. The most recent facts from every node Gareth Rushgrove

  82. The most recent catalog for every node Gareth Rushgrove

  83. A wide range of metrics Gareth Rushgrove

  84. Gareth Rushgrove

  85. I want to run the same operating system on all

    hosts Gareth Rushgrove Policy

  86. Gareth Rushgrove

  87. Security enforcing packages should be installed everywhere Gareth Rushgrove Policy

  88. Gareth Rushgrove

  89. I want to limit how many puppet resources I’m using

    Gareth Rushgrove Policy

  90. Gareth Rushgrove

  91. We should avoid heavy I/ O load on the database

    by maintaining a high catalog duplication rate Gareth Rushgrove Policy

  92. Gareth Rushgrove

  93. garethr/puppetdb-expect Gareth Rushgrove

  94. Testing based on PuppetDB 3.2

  95. PuppetDB is a great source of context for tests Gareth

    Rushgrove

  96. Generate serverspec tests from PuppetDB data Gareth Rushgrove

  97. Automatically detect hosts, and generate commands Gareth Rushgrove

  98. Gareth Rushgrove

  99. Match puppet resources to serverspec resources Gareth Rushgrove

  100. Gareth Rushgrove

  101. For instance on a Puppet Enterprise master Gareth Rushgrove

  102. Gareth Rushgrove

  103. Run serverspec tests on all puppet managed hosts Gareth Rushgrove

  104. Gareth Rushgrove

  105. garethr/serverspec-puppetdb Gareth Rushgrove

  106. Conclusions

  107. Is this monitoring? Gareth Rushgrove

  108. We’re still moving towards infrastructure as code Gareth Rushgrove

  109. Infrastructure as code rather than infrastructure from code Gareth Rushgrove

  110. Taking about policy as code might help communicate intent Gareth

    Rushgrove

  111. Questions? And thanks for listening