The document discusses Chef tooling and test-driven development (TDD) workflows. It introduces several tools for linting, unit testing, integration testing, and validating the state of infrastructure after Chef runs. These include Cookstyle/Rubocop for linting, Foodcritic for warnings, ChefSpec for unit tests, Test Kitchen for integration on multiple platforms, and Inspec for post-convergence testing. Using these tools allows for automating testing and validation into continuous integration to catch errors and ensure idempotency and desired state.
2. Existing Chef Workflow
1. Engineer writes a chef cookbook
2. May perhaps write Minitest suite
3. May spin up vagrant with chef solo
4. Engineer does a `Rake release`
a. Json lint
b. FoodCritic warnings
c. Push to hooks
d. Berks upload cookbook
3. Chef Tooling
● Pre-convergence - Linting, Style and Rules
● Unit-tests
● Convergence - Integration Tests
● Post Convergence
4. Cookstyle/Rubocop
● Cookstyle - Invoked with Rubocop. Does autocorrection with rules from
cookstyle.yml
● Rubocop - Static Code analyzes code for Ruby errors and style guidelines
> rubocop recipes/counter.rb
8. Unit Tests
ChefSpec
● Rspec style unit testing for cookbooks
● Help regression testing when making changes
● Simulate convergence of resources on node
But do we really need this, if we use tools in convergence?
● Does not test chef runs
● May not catch all failures in spite of perfect run
9. Integration Testing
# Test Kitchen
What is it?
● Test Harness
● Allows to execute code on one or more platforms in isolation
● Cloud Providers, dockers, vagrant and VMs
● Supports testing frameworks - Inspec, minitest, Serverspec and BATS
● Uses kitchen-vagrant driver for managing vms (just like vagrant-berkshelf)
10. Why use Test Kitchen?
● Multiple platforms support with single config
● Chef-zero does not require additional flags for environment, roles, data bags
etc. Not required to add chef-solo conditionals in recipes.
● Full in-memory, fast start so chef runs for zero would be faster.
● Minitest is no longer actively supported and is being deprecated in favour of
inspec :(
11. Test kitchen commands
● vagrant status ⇔ kitchen list
● vagrant up ⇔ kitchen converge
● vagrant provision
● vagrant ssh ⇔ kitchen login
● minitest-handler ⇔ kitchen verify (supports inspec, serverspec)
● kitchen test (all in one)
12. Post-Convergence
Inspec
● Rspec like tests to ensure state of node
● Built in resource types for Chef
● Add tests for business assumptions and outcomes
13. New Chef Tooling
● Cookstyle/Rubocop
● FoodCritic
● ChefSpec
● Test Kitchen
● Inspec
● Automate into CI
1. Replace hooks with Jenkins jobs that download cookbooks, upload to
Chef server
14. Other Tools
● Cookbook skeleton generator - Bourdain/Chef/Kitchen-cabinet
● Bump and release cookbooks - Bourdain
● Berkshelf over Policyfiles
● Chef Push jobs - Ansible/Rundeck style jobs triggered independently of chef
runs
15. Sources
● https://docs.chef.io
● Alex Manly - Chef workflow
https://www.youtube.com/watch?v=jauXuwIfgbs&t=49s
● Inspec - https://www.inspec.io/tutorials/
● Chef solo to Zero - https://blog.chef.io/2014/06/24/from-solo-to-zero-
migrating-to-chef-client-local-mode/
● kitchen.ci