Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Continuously testing infrastructure

Gareth Rushgrove
September 24, 2014
Programming
21
3.2k

Continuously testing infrastructure

Talk from #puppetconf 2014 all about moving towards infrastructure as code and why policy driven development is a cool idea.

Gareth Rushgrove

September 24, 2014
Tweet

More Decks by Gareth Rushgrove

See All by Gareth Rushgrove
GTM vs Open Source
garethr
0
590
Software Build of Materials For Cloud Native applications
garethr
1
300
Evolving vulnerabilities in CycloneDX
garethr
0
220
Configuration security is a developer problem
garethr
2
1.8k
Patterns for secure container base image management
garethr
1
1.7k
Testing configuration with Open Policy Agent
garethr
0
400
Building a Docker Image Packaging Pipeline Using GitHub Actions
garethr
4
1.7k
The perils of configuration security
garethr
1
170
Shifting Terraform security left
garethr
3
1.4k

Other Decks in Programming

See All in Programming
Rustの手続きマクロで黒魔術入門
lemolatoon
2
540
6年以上メンテされていない!? クレカ読み取りライブラリの廃止とDataScannerViewControllerを使ってクレカ読み取りを実装しよう!
terukinakano
0
110
GitHub ActionsとDeployGateで始めるAndroidアプリのCICD
yuhei_fujita
2
180
トランクベース開発の実現に向けた開発プロセスとCIパイプラインの継続的改善
aanrii
5
960
RISC-V 命令 / ISA 拡張ピックアップ ― 最近追加されたもの、これから追加されるもの、議論が進みつつあるもの
a4lg
0
120
Cloudflare 概論 Cloudflare Meetup Kick Off! #CloudflareUG
maroon1st
0
590
フレームワークが存在しない時代からのレガシープロダクトを、 Laravelに”載せる”実装戦略
hirobe1999
0
170
#phperkaigi 名著「パーフェクトPHP」のPart3に出てきたフレームワークを令和5年に書き直したらどんな感じですかね?
o0h
PRO
1
800
macのunicode正規化.pdf
mski_iksm
0
10k
Structure for Enterprise-Scale Angular Applications: Nx Monorepos, Micro Frontends, and Module Federation
manfredsteyer
PRO
0
130
どこでも動くWebフレームワークをつくる
yusukebe
13
6.5k
社内のメンバーに「関数型プログラミングの学習・教育」についていろいろ聞いてみた
j5ik2o
1
470

Featured

See All Featured
Dealing with People You Can't Stand - Big Design 2015
cassininazir
351
21k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
8
4.9k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
270
12k
Embracing the Ebb and Flow
colly
76
3.6k
Mobile First: as difficult as doing things right
swwweet
213
7.9k
Navigating Team Friction
lara
177
12k
Art Directing for the Web. Five minutes with CSS Template Areas
malarkey
197
11k
Building an army of robots
kneath
300
41k
Large-scale JavaScript Application Architecture
addyosmani
499
110k
StorybookのUI Testing Handbookを読んだ
zakiyama
8
3.4k
Gamification - CAS2011
davidbonilla
75
4.2k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
236
1.1M

Transcript

  1. Continuously Testing
    Infrastructure
    Puppet Conf, San Francisco, 2014
    Gareth Rushgrove
    Beyond Module Testing

    View Slide

  2. @garethr

    View Slide

  3. Gareth Rushgrove

    View Slide

  4. Gareth Rushgrove

    View Slide

  5. Gareth Rushgrove

    View Slide

  6. Not talking about

    View Slide

  7. Finished software
    Gareth Rushgrove

    View Slide

  8. Testing individual modules
    Gareth Rushgrove

    View Slide

  9. puppet-lint, puppet-syntax,
    rspec-puppet, beaker
    Gareth Rushgrove

    View Slide

  10. Gareth Rushgrove

    View Slide

  11. Am talking about

    View Slide

  12. Experiments
    Gareth Rushgrove

    View Slide

  13. Testing images and
    containers
    Gareth Rushgrove

    View Slide

  14. Test driving infrastructure
    as a service
    Gareth Rushgrove

    View Slide

  15. Testing with PuppetDB
    Gareth Rushgrove

    View Slide

  16. Testing
    images and
    containers
    1

    View Slide

  17. Gareth Rushgrove

    View Slide

  18. Packer builds images
    based on a JSON
    template
    Gareth Rushgrove

    View Slide

  19. Gareth Rushgrove

    View Slide

  20. It has some Puppet
    integration too
    Gareth Rushgrove

    View Slide

  21. Gareth Rushgrove

    View Slide

  22. But how do we know the
    image works?
    Gareth Rushgrove

    View Slide

  23. Lets add some tests!
    Gareth Rushgrove

    View Slide

  24. Gareth Rushgrove

    View Slide

  25. shaunduncan/packer-provisioner-host-command
    Gareth Rushgrove

    View Slide

  26. serverspec.org
    Gareth Rushgrove

    View Slide

  27. Gareth Rushgrove

    View Slide

  28. Gareth Rushgrove

    View Slide

  29. Gareth Rushgrove

    View Slide

  30. Serverspec also supports
    port, file, ppa, selinux,
    user, group, lxc, iptables,
    cron and more
    Gareth Rushgrove

    View Slide

  31. Only publish the image if
    the tests pass
    Gareth Rushgrove

    View Slide

  32. Run tests automatically
    with a continuous
    integration system
    Gareth Rushgrove

    View Slide

  33. Gareth Rushgrove

    View Slide

  34. Gareth Rushgrove

    View Slide

  35. garethr/packer-serverspec-example
    Gareth Rushgrove

    View Slide

  36. Gareth Rushgrove

    View Slide

  37. Same approach works
    with containers too
    Gareth Rushgrove

    View Slide

  38. Gareth Rushgrove

    View Slide

  39. garethr/docker-spec-example
    Gareth Rushgrove

    View Slide

  40. Test drive
    your IaaS
    2

    View Slide

  41. Test driven development
    Gareth Rushgrove

    View Slide

  42. First the developer writes
    an automated test case
    that defines a desired
    improvement or new
    function
    Gareth Rushgrove

    View Slide

  43. Then produces the
    minimum amount of code
    to pass that test
    Gareth Rushgrove

    View Slide

  44. And finally refactors the
    new code
    Gareth Rushgrove

    View Slide

  45. Gareth Rushgrove
    First the developer writes
    an automated test case
    that defines a desired
    improvement or new
    function

    View Slide

  46. Your infrastructure should!
    have an API
    Gareth Rushgrove

    View Slide

  47. What if we write
    assertions against!
    that API?
    Gareth Rushgrove

    View Slide

  48. Aside: Clojure
    2.1

    View Slide

  49. Gareth Rushgrove

    View Slide

  50. Great for building DSLs
    Gareth Rushgrove

    View Slide

  51. Don’t worry, you could
    write the examples in any
    language
    Gareth Rushgrove

    View Slide

  52. Policy driven development
    Gareth Rushgrove

    View Slide

  53. I don’t want to launch too
    many nodes, they’re
    expensive
    Gareth Rushgrove
    Policy

    View Slide

  54. Gareth Rushgrove

    View Slide

  55. I don’t want any stopped
    nodes, they are costing
    me money
    Gareth Rushgrove
    Policy

    View Slide

  56. Gareth Rushgrove

    View Slide

  57. Large nodes are really
    expensive, so limit their
    usage
    Gareth Rushgrove
    Policy

    View Slide

  58. Gareth Rushgrove

    View Slide

  59. We should be backing up
    every node
    Gareth Rushgrove
    Policy

    View Slide

  60. Gareth Rushgrove

    View Slide

  61. I only want nodes in
    London and !
    San Francisco
    Gareth Rushgrove
    Policy

    View Slide

  62. Gareth Rushgrove

    View Slide

  63. All our nodes should be
    named environment-name
    Gareth Rushgrove
    Policy

    View Slide

  64. Gareth Rushgrove

    View Slide

  65. garethr/digitalocean-expect
    Gareth Rushgrove

    View Slide

  66. Gareth Rushgrove

    View Slide

  67. Now we have the tests,
    we can provision some
    infrastructure
    Gareth Rushgrove

    View Slide

  68. Aside: Provisioning
    with Puppet
    2.2

    View Slide

  69. Gareth Rushgrove

    View Slide

  70. Gareth Rushgrove

    View Slide

  71. puppetlabs/gce_compute
    Gareth Rushgrove

    View Slide

  72. Gareth Rushgrove

    View Slide

  73. Gareth Rushgrove

    View Slide

  74. garethr/digitalocean
    Gareth Rushgrove

    View Slide

  75. Gareth Rushgrove

    View Slide

  76. bobtfish/aws_api
    Gareth Rushgrove

    View Slide

  77. Testing with
    PuppetDB
    3

    View Slide

  78. Aside: PuppetDB
    3.1

    View Slide

  79. puppetlabs/puppetdb
    Gareth Rushgrove

    View Slide

  80. PuppetDB can store a lot
    of data about your
    infrastructure
    Gareth Rushgrove

    View Slide

  81. The most recent facts
    from every node
    Gareth Rushgrove

    View Slide

  82. The most recent catalog
    for every node
    Gareth Rushgrove

    View Slide

  83. A wide range of metrics
    Gareth Rushgrove

    View Slide

  84. Gareth Rushgrove

    View Slide

  85. I want to run the same
    operating system on all
    hosts
    Gareth Rushgrove
    Policy

    View Slide

  86. Gareth Rushgrove

    View Slide

  87. Security enforcing
    packages should be
    installed everywhere
    Gareth Rushgrove
    Policy

    View Slide

  88. Gareth Rushgrove

    View Slide

  89. I want to limit how many
    puppet resources I’m
    using
    Gareth Rushgrove
    Policy

    View Slide

  90. Gareth Rushgrove

    View Slide

  91. We should avoid heavy I/
    O load on the database by
    maintaining a high catalog
    duplication rate
    Gareth Rushgrove
    Policy

    View Slide

  92. Gareth Rushgrove

    View Slide

  93. garethr/puppetdb-expect
    Gareth Rushgrove

    View Slide

  94. Testing based on
    PuppetDB
    3.2

    View Slide

  95. PuppetDB is a great
    source of context for tests
    Gareth Rushgrove

    View Slide

  96. Generate serverspec tests
    from PuppetDB data
    Gareth Rushgrove

    View Slide

  97. Automatically detect
    hosts, and generate
    commands
    Gareth Rushgrove

    View Slide

  98. Gareth Rushgrove

    View Slide

  99. Match puppet resources to
    serverspec resources
    Gareth Rushgrove

    View Slide

  100. Gareth Rushgrove

    View Slide

  101. For instance on a Puppet
    Enterprise master
    Gareth Rushgrove

    View Slide

  102. Gareth Rushgrove

    View Slide

  103. Run serverspec tests on
    all puppet managed hosts
    Gareth Rushgrove

    View Slide

  104. Gareth Rushgrove

    View Slide

  105. garethr/serverspec-puppetdb
    Gareth Rushgrove

    View Slide

  106. Conclusions

    View Slide

  107. Is this monitoring?
    Gareth Rushgrove

    View Slide

  108. We’re still moving towards
    infrastructure as code
    Gareth Rushgrove

    View Slide

  109. Infrastructure as code
    rather than infrastructure
    from code
    Gareth Rushgrove

    View Slide

  110. Taking about policy as
    code might help
    communicate intent
    Gareth Rushgrove

    View Slide

  111. Questions?
    And thanks for listening

    View Slide