Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Continuously testing infrastructure

Gareth Rushgrove
September 24, 2014
Programming
21
3.3k

Continuously testing infrastructure

Talk from #puppetconf 2014 all about moving towards infrastructure as code and why policy driven development is a cool idea.

Gareth Rushgrove

September 24, 2014
Tweet

More Decks by Gareth Rushgrove

See All by Gareth Rushgrove
GTM vs Open Source
garethr
0
690
Software Build of Materials For Cloud Native applications
garethr
1
330
Evolving vulnerabilities in CycloneDX
garethr
0
270
Configuration security is a developer problem
garethr
2
1.9k
Patterns for secure container base image management
garethr
1
1.9k
Testing configuration with Open Policy Agent
garethr
0
490
Building a Docker Image Packaging Pipeline Using GitHub Actions
garethr
5
2.1k
The perils of configuration security
garethr
1
190
Shifting Terraform security left
garethr
3
1.6k

Other Decks in Programming

See All in Programming
Scalable Customer Journey Orchestration (CJO)
lewuathe
0
300
OpenAPIを中心に考えるAPI開発入門 / Introduction to API Development with a Focus on OpenAPI
seike460
PRO
2
170
検証も兼ねて個人開発でHonoとかと向き合った話
hanetsuki
1
910
使ってみよう Azure AI Document Intelligence
kosmosebi
2
310
0→1と1→10の狭間で Javaという技術選定を振り返る/Reflecting on the Decision to Choose Java Between Scaling from 0 to 1 and 1 to 10
jaguar_imo
2
380
if constexpr文はテンプレート世界のラムダ式である
faithandbrave
3
650
Snowflakeで眠ったデータを起こそう!
estie
0
120
R言語の環境構築と基礎 Tokyo.R 112
bob3bob3
0
270
Micro Frontends for Java Microservices - Devnexus 2024
mraible
PRO
0
490
[技育CAMPアカデミア]アイディアを形に!【超入門】スマホアプリ開発〜リリースまでの流れをご紹介
teamlab
PRO
0
370
Netty Chicago Java User Group 2024-04-17
sullis
0
170
Goのmultiple errorsについて (2024年4月版)
syumai
3
790

Featured

See All Featured
Robots, Beer and Maslow
schacon
PRO
155
7.9k
Put a Button on it: Removing Barriers to Going Fast.
kastner
58
3k
Docker and Python
trallard
34
2.7k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
659
120k
Reflections from 52 weeks, 52 projects
jeffersonlam
345
19k
How STYLIGHT went responsive
nonsquared
92
4.8k
Product Roadmaps are Hard
iamctodd
44
9.7k
4 Signs Your Business is Dying
shpigford
175
21k
For a Future-Friendly Web
brad_frost
172
9k
The Cost Of JavaScript in 2023
addyosmani
16
3.9k
No one is an island. Learnings from fostering a developers community.
thoeni
16
2.1k
Raft: Consensus for Rubyists
vanstee
132
6.3k

Transcript

  1. Continuously Testing Infrastructure Puppet Conf, San Francisco, 2014 Gareth Rushgrove

    Beyond Module Testing

  2. @garethr

  3. Gareth Rushgrove

  4. Gareth Rushgrove

  5. Gareth Rushgrove

  6. Not talking about

  7. Finished software Gareth Rushgrove

  8. Testing individual modules Gareth Rushgrove

  9. puppet-lint, puppet-syntax, rspec-puppet, beaker Gareth Rushgrove

  10. Gareth Rushgrove

  11. Am talking about

  12. Experiments Gareth Rushgrove

  13. Testing images and containers Gareth Rushgrove

  14. Test driving infrastructure as a service Gareth Rushgrove

  15. Testing with PuppetDB Gareth Rushgrove

  16. Testing images and containers 1

  17. Gareth Rushgrove

  18. Packer builds images based on a JSON template Gareth Rushgrove

  19. Gareth Rushgrove

  20. It has some Puppet integration too Gareth Rushgrove

  21. Gareth Rushgrove

  22. But how do we know the image works? Gareth Rushgrove

  23. Lets add some tests! Gareth Rushgrove

  24. Gareth Rushgrove

  25. shaunduncan/packer-provisioner-host-command Gareth Rushgrove

  26. serverspec.org Gareth Rushgrove

  27. Gareth Rushgrove

  28. Gareth Rushgrove

  29. Gareth Rushgrove

  30. Serverspec also supports port, file, ppa, selinux, user, group, lxc,

    iptables, cron and more Gareth Rushgrove

  31. Only publish the image if the tests pass Gareth Rushgrove

  32. Run tests automatically with a continuous integration system Gareth Rushgrove

  33. Gareth Rushgrove

  34. Gareth Rushgrove

  35. garethr/packer-serverspec-example Gareth Rushgrove

  36. Gareth Rushgrove

  37. Same approach works with containers too Gareth Rushgrove

  38. Gareth Rushgrove

  39. garethr/docker-spec-example Gareth Rushgrove

  40. Test drive your IaaS 2

  41. Test driven development Gareth Rushgrove

  42. First the developer writes an automated test case that defines

    a desired improvement or new function Gareth Rushgrove

  43. Then produces the minimum amount of code to pass that

    test Gareth Rushgrove

  44. And finally refactors the new code Gareth Rushgrove

  45. Gareth Rushgrove First the developer writes an automated test case

    that defines a desired improvement or new function

  46. Your infrastructure should! have an API Gareth Rushgrove

  47. What if we write assertions against! that API? Gareth Rushgrove

  48. Aside: Clojure 2.1

  49. Gareth Rushgrove

  50. Great for building DSLs Gareth Rushgrove

  51. Don’t worry, you could write the examples in any language

    Gareth Rushgrove

  52. Policy driven development Gareth Rushgrove

  53. I don’t want to launch too many nodes, they’re expensive

    Gareth Rushgrove Policy

  54. Gareth Rushgrove

  55. I don’t want any stopped nodes, they are costing me

    money Gareth Rushgrove Policy

  56. Gareth Rushgrove

  57. Large nodes are really expensive, so limit their usage Gareth

    Rushgrove Policy

  58. Gareth Rushgrove

  59. We should be backing up every node Gareth Rushgrove Policy

  60. Gareth Rushgrove

  61. I only want nodes in London and ! San Francisco

    Gareth Rushgrove Policy

  62. Gareth Rushgrove

  63. All our nodes should be named environment-name Gareth Rushgrove Policy

  64. Gareth Rushgrove

  65. garethr/digitalocean-expect Gareth Rushgrove

  66. Gareth Rushgrove

  67. Now we have the tests, we can provision some infrastructure

    Gareth Rushgrove

  68. Aside: Provisioning with Puppet 2.2

  69. Gareth Rushgrove

  70. Gareth Rushgrove

  71. puppetlabs/gce_compute Gareth Rushgrove

  72. Gareth Rushgrove

  73. Gareth Rushgrove

  74. garethr/digitalocean Gareth Rushgrove

  75. Gareth Rushgrove

  76. bobtfish/aws_api Gareth Rushgrove

  77. Testing with PuppetDB 3

  78. Aside: PuppetDB 3.1

  79. puppetlabs/puppetdb Gareth Rushgrove

  80. PuppetDB can store a lot of data about your infrastructure

    Gareth Rushgrove

  81. The most recent facts from every node Gareth Rushgrove

  82. The most recent catalog for every node Gareth Rushgrove

  83. A wide range of metrics Gareth Rushgrove

  84. Gareth Rushgrove

  85. I want to run the same operating system on all

    hosts Gareth Rushgrove Policy

  86. Gareth Rushgrove

  87. Security enforcing packages should be installed everywhere Gareth Rushgrove Policy

  88. Gareth Rushgrove

  89. I want to limit how many puppet resources I’m using

    Gareth Rushgrove Policy

  90. Gareth Rushgrove

  91. We should avoid heavy I/ O load on the database

    by maintaining a high catalog duplication rate Gareth Rushgrove Policy

  92. Gareth Rushgrove

  93. garethr/puppetdb-expect Gareth Rushgrove

  94. Testing based on PuppetDB 3.2

  95. PuppetDB is a great source of context for tests Gareth

    Rushgrove

  96. Generate serverspec tests from PuppetDB data Gareth Rushgrove

  97. Automatically detect hosts, and generate commands Gareth Rushgrove

  98. Gareth Rushgrove

  99. Match puppet resources to serverspec resources Gareth Rushgrove

  100. Gareth Rushgrove

  101. For instance on a Puppet Enterprise master Gareth Rushgrove

  102. Gareth Rushgrove

  103. Run serverspec tests on all puppet managed hosts Gareth Rushgrove

  104. Gareth Rushgrove

  105. garethr/serverspec-puppetdb Gareth Rushgrove

  106. Conclusions

  107. Is this monitoring? Gareth Rushgrove

  108. We’re still moving towards infrastructure as code Gareth Rushgrove

  109. Infrastructure as code rather than infrastructure from code Gareth Rushgrove

  110. Taking about policy as code might help communicate intent Gareth

    Rushgrove

  111. Questions? And thanks for listening