Validating Puppet managed resources with awspecGet started with rspec testing for AWS resources

Twitter: @dkcwd

First a little background….

About this session When I talk about managing resources in AWS I’m talking about the servers and other services we are leveraging in AWS.

The concepts of testing resources, whether in AWS or not, is relevant regardless of whether you are using Puppet or not.

After the session, you know more about with the awspec library.

About this session We have people of all levels of experience in this session.

Please feel free to share your knowledge and experience with the group and ask questions.

Why test our resources?

?

Why test our resources? Once the resources have been “spun up” and configured, the test suite can be run to verify resources are in line with expectations.

CI tools can alert the team to issues which need attention.

$$$ money can be saved….

Why test our resources? Resource tests can be considered part of fulfilling a contract with the business.

Demonstrating the resources are ready could be as simple as ensuring the typical ports are exposed for a web server and that a page containing some specific text can be loaded within a specific timeframe.

Why test our resources? In the context of managing your Software Development Life Cycle (SDLC)

Before we deploy an application to our infrastructure we want to know that the environment is correctly configured.

Unexpected behavior can result from leveraging configuration data which has been included in error.

But Puppet describes the desired config!

Yes! And if you are using Hiera, you are likely to be including extra data conditionally

Sometimes people make mistakes….

A hypothetical situation You’re managing your network settings with Puppet and you have conditionally configured the value of resolve.conf

The DNS settings which have been incorrectly supplied are appropriate for London when they should be settings which are appropriate for China.

Ok, so let’s talk about awspec….

Make sure you find the right library

https://github.com/k1LoW/awspec

Based on Serverspechttps://github.com/k1LoW/awspec

Some set up is required To become more familiar with awspec you should do the following:

Set up an AWS account for testing Set up an IAM user, noting the access key and secret access key Install the AWS tools and run the ``aws configure`` command

See: http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html

Spin up an AWS EC2 instance When a new instance has been loaded test the command line config

``aws ec2 describe-instances``

See: http://docs.aws.amazon.com/cli/latest/userguide/shorthand-syntax.html

Install some Ruby dependencies Install RVM to make it easier to use different versions of Ruby

See: https://rvm.io/rvm/install

Follow the awspec README.md guide

The instructions explain what you need to do to write your tests

See: https://github.com/k1LoW/awspec

Try auto-generating a test The instructions explain what you need to do to write your tests

See: https://github.com/k1LoW/awspec

The result of auto-generation

Base Dockerfile installing the Will project

There is a minor adjustment required

Base Dockerfile installing the Will project

Need to include a line at the top of the file to include the helper script.

Add the helper script if necessary

This is required for the awspec methods to work correctly.

Run your example test

Run your test suite. Note: in this case I wanted to see the exit code.

Run your example test

You should see your tests passing. If not, you’ll need to debug.

So what should we test?

Great question! That was a simple example to get you started.

Take time to understand what expectations you can define.

Here is a good question to get you in a testing mindset….

What would make you sleep better than knowing that configuration has been correctly applied?

Enjoy and share what you do….

I’m on Twitter: @dkcwdLinkedIn: https://au.linkedin.com/in/daveclarkprofile