×
Copy
Open
Link
Embed
Share
Beginning
This slide
Copy link URL
Copy link URL
Copy iframe embed code
Copy iframe embed code
Copy javascript embed code
Copy javascript embed code
Share
Tweet
Share
Tweet
Slide 1
Slide 1 text
Continuously Testing Infrastructure Puppet Conf, San Francisco, 2014 Gareth Rushgrove Beyond Module Testing
Slide 2
Slide 2 text
@garethr
Slide 3
Slide 3 text
Gareth Rushgrove
Slide 4
Slide 4 text
Gareth Rushgrove
Slide 5
Slide 5 text
Gareth Rushgrove
Slide 6
Slide 6 text
Not talking about
Slide 7
Slide 7 text
Finished software Gareth Rushgrove
Slide 8
Slide 8 text
Testing individual modules Gareth Rushgrove
Slide 9
Slide 9 text
puppet-lint, puppet-syntax, rspec-puppet, beaker Gareth Rushgrove
Slide 10
Slide 10 text
Gareth Rushgrove
Slide 11
Slide 11 text
Am talking about
Slide 12
Slide 12 text
Experiments Gareth Rushgrove
Slide 13
Slide 13 text
Testing images and containers Gareth Rushgrove
Slide 14
Slide 14 text
Test driving infrastructure as a service Gareth Rushgrove
Slide 15
Slide 15 text
Testing with PuppetDB Gareth Rushgrove
Slide 16
Slide 16 text
Testing images and containers 1
Slide 17
Slide 17 text
Gareth Rushgrove
Slide 18
Slide 18 text
Packer builds images based on a JSON template Gareth Rushgrove
Slide 19
Slide 19 text
Gareth Rushgrove
Slide 20
Slide 20 text
It has some Puppet integration too Gareth Rushgrove
Slide 21
Slide 21 text
Gareth Rushgrove
Slide 22
Slide 22 text
But how do we know the image works? Gareth Rushgrove
Slide 23
Slide 23 text
Lets add some tests! Gareth Rushgrove
Slide 24
Slide 24 text
Gareth Rushgrove
Slide 25
Slide 25 text
shaunduncan/packer-provisioner-host-command Gareth Rushgrove
Slide 26
Slide 26 text
serverspec.org Gareth Rushgrove
Slide 27
Slide 27 text
Gareth Rushgrove
Slide 28
Slide 28 text
Gareth Rushgrove
Slide 29
Slide 29 text
Gareth Rushgrove
Slide 30
Slide 30 text
Serverspec also supports port, file, ppa, selinux, user, group, lxc, iptables, cron and more Gareth Rushgrove
Slide 31
Slide 31 text
Only publish the image if the tests pass Gareth Rushgrove
Slide 32
Slide 32 text
Run tests automatically with a continuous integration system Gareth Rushgrove
Slide 33
Slide 33 text
Gareth Rushgrove
Slide 34
Slide 34 text
Gareth Rushgrove
Slide 35
Slide 35 text
garethr/packer-serverspec-example Gareth Rushgrove
Slide 36
Slide 36 text
Gareth Rushgrove
Slide 37
Slide 37 text
Same approach works with containers too Gareth Rushgrove
Slide 38
Slide 38 text
Gareth Rushgrove
Slide 39
Slide 39 text
garethr/docker-spec-example Gareth Rushgrove
Slide 40
Slide 40 text
Test drive your IaaS 2
Slide 41
Slide 41 text
Test driven development Gareth Rushgrove
Slide 42
Slide 42 text
First the developer writes an automated test case that defines a desired improvement or new function Gareth Rushgrove
Slide 43
Slide 43 text
Then produces the minimum amount of code to pass that test Gareth Rushgrove
Slide 44
Slide 44 text
And finally refactors the new code Gareth Rushgrove
Slide 45
Slide 45 text
Gareth Rushgrove First the developer writes an automated test case that defines a desired improvement or new function
Slide 46
Slide 46 text
Your infrastructure should! have an API Gareth Rushgrove
Slide 47
Slide 47 text
What if we write assertions against! that API? Gareth Rushgrove
Slide 48
Slide 48 text
Aside: Clojure 2.1
Slide 49
Slide 49 text
Gareth Rushgrove
Slide 50
Slide 50 text
Great for building DSLs Gareth Rushgrove
Slide 51
Slide 51 text
Don’t worry, you could write the examples in any language Gareth Rushgrove
Slide 52
Slide 52 text
Policy driven development Gareth Rushgrove
Slide 53
Slide 53 text
I don’t want to launch too many nodes, they’re expensive Gareth Rushgrove Policy
Slide 54
Slide 54 text
Gareth Rushgrove
Slide 55
Slide 55 text
I don’t want any stopped nodes, they are costing me money Gareth Rushgrove Policy
Slide 56
Slide 56 text
Gareth Rushgrove
Slide 57
Slide 57 text
Large nodes are really expensive, so limit their usage Gareth Rushgrove Policy
Slide 58
Slide 58 text
Gareth Rushgrove
Slide 59
Slide 59 text
We should be backing up every node Gareth Rushgrove Policy
Slide 60
Slide 60 text
Gareth Rushgrove
Slide 61
Slide 61 text
I only want nodes in London and ! San Francisco Gareth Rushgrove Policy
Slide 62
Slide 62 text
Gareth Rushgrove
Slide 63
Slide 63 text
All our nodes should be named environment-name Gareth Rushgrove Policy
Slide 64
Slide 64 text
Gareth Rushgrove
Slide 65
Slide 65 text
garethr/digitalocean-expect Gareth Rushgrove
Slide 66
Slide 66 text
Gareth Rushgrove
Slide 67
Slide 67 text
Now we have the tests, we can provision some infrastructure Gareth Rushgrove
Slide 68
Slide 68 text
Aside: Provisioning with Puppet 2.2
Slide 69
Slide 69 text
Gareth Rushgrove
Slide 70
Slide 70 text
Gareth Rushgrove
Slide 71
Slide 71 text
puppetlabs/gce_compute Gareth Rushgrove
Slide 72
Slide 72 text
Gareth Rushgrove
Slide 73
Slide 73 text
Gareth Rushgrove
Slide 74
Slide 74 text
garethr/digitalocean Gareth Rushgrove
Slide 75
Slide 75 text
Gareth Rushgrove
Slide 76
Slide 76 text
bobtfish/aws_api Gareth Rushgrove
Slide 77
Slide 77 text
Testing with PuppetDB 3
Slide 78
Slide 78 text
Aside: PuppetDB 3.1
Slide 79
Slide 79 text
puppetlabs/puppetdb Gareth Rushgrove
Slide 80
Slide 80 text
PuppetDB can store a lot of data about your infrastructure Gareth Rushgrove
Slide 81
Slide 81 text
The most recent facts from every node Gareth Rushgrove
Slide 82
Slide 82 text
The most recent catalog for every node Gareth Rushgrove
Slide 83
Slide 83 text
A wide range of metrics Gareth Rushgrove
Slide 84
Slide 84 text
Gareth Rushgrove
Slide 85
Slide 85 text
I want to run the same operating system on all hosts Gareth Rushgrove Policy
Slide 86
Slide 86 text
Gareth Rushgrove
Slide 87
Slide 87 text
Security enforcing packages should be installed everywhere Gareth Rushgrove Policy
Slide 88
Slide 88 text
Gareth Rushgrove
Slide 89
Slide 89 text
I want to limit how many puppet resources I’m using Gareth Rushgrove Policy
Slide 90
Slide 90 text
Gareth Rushgrove
Slide 91
Slide 91 text
We should avoid heavy I/ O load on the database by maintaining a high catalog duplication rate Gareth Rushgrove Policy
Slide 92
Slide 92 text
Gareth Rushgrove
Slide 93
Slide 93 text
garethr/puppetdb-expect Gareth Rushgrove
Slide 94
Slide 94 text
Testing based on PuppetDB 3.2
Slide 95
Slide 95 text
PuppetDB is a great source of context for tests Gareth Rushgrove
Slide 96
Slide 96 text
Generate serverspec tests from PuppetDB data Gareth Rushgrove
Slide 97
Slide 97 text
Automatically detect hosts, and generate commands Gareth Rushgrove
Slide 98
Slide 98 text
Gareth Rushgrove
Slide 99
Slide 99 text
Match puppet resources to serverspec resources Gareth Rushgrove
Slide 100
Slide 100 text
Gareth Rushgrove
Slide 101
Slide 101 text
For instance on a Puppet Enterprise master Gareth Rushgrove
Slide 102
Slide 102 text
Gareth Rushgrove
Slide 103
Slide 103 text
Run serverspec tests on all puppet managed hosts Gareth Rushgrove
Slide 104
Slide 104 text
Gareth Rushgrove
Slide 105
Slide 105 text
garethr/serverspec-puppetdb Gareth Rushgrove
Slide 106
Slide 106 text
Conclusions
Slide 107
Slide 107 text
Is this monitoring? Gareth Rushgrove
Slide 108
Slide 108 text
We’re still moving towards infrastructure as code Gareth Rushgrove
Slide 109
Slide 109 text
Infrastructure as code rather than infrastructure from code Gareth Rushgrove
Slide 110
Slide 110 text
Taking about policy as code might help communicate intent Gareth Rushgrove
Slide 111
Slide 111 text
Questions? And thanks for listening