Recently I’ve started working often with Puppet, using it to provision environments for the project I’m working on. One of the things I’ve quickly realised when using it was how long the feedback loop between committing code and actually verifying that the manifest was working appropriately. In my situation, it would be something like this:
- Work on puppet manifests, making a few changes
- Commit code to repository
- Wait for build to finish, which just verified for correct syntax
- Wait for latest version to be published on the puppet master
- Wait for next sync between master and client
- Check that configuration was applied correctly on the client
As you can see, not very simple. If you also consider that I am not very experienced with puppet, you can imagine how I ended up having to retry things in this very long loop, which can end up with anyone’s patience.
Testing Infrastructure Code
Coming from a development background and being used to having very fast feedback about code that I write made me go into a search for testing tools that could ease my pain.
Unfortunately most of the tools I’ve found where not ideal since they focused on unit testing code, as rspec-puppet. Not sure what others think of it, but in the case of puppet manifests and chef recipes, unit testing doesn’t make much sense to me, since there is no code to be executed, and tests end up looking like some version of reverse programming, where you just assert what you wanted to write, but it doesn’t guarantee that the code actually works.
Luckily, one of the options I’ve found was Toft, which is a library aimed writing integration tests for infrastructure code using Linux containers. The main idea is that you write cucumber features verifying what you expect the target machine to have (packages, files, folders, etc..) and Toft starts a linux container, applies your configuration and runs your tests against it.
It also can be run from a vagrant box, so you can have your tests running on your mac, which is quite handy.
Features can be created using normal Cucumber steps, and mostly rely on ssh’ing into the target machine and verifying what’s going on in it, so are quite easy to extend and adapt to your needs. Here is an example of a feature verifying if a specific package has been installed.
Scenario: Check that package was installed on centos box
Given I have a clean running node n1
When I run puppet manifest “manifests/test_install.pp” on node “n1″
Then Node “n1″ should have package “zip” installed in the centos box
We’ve started using it in our team when writing new manifests and have also setup a ci build with it, which is quite useful to guarantee our manifests still work over time.
Toft is still in its beginning but I believe it has quite a lot of potential. If you are using chef or puppet you should definitely check it out at: