SlideShare a Scribd company logo
Who am I? 
Raphaël Pinson (@raphink) 
■ Infrastructure Developer & Trainer @ Camptocamp 
■ Augeas & Augeasproviders developer 
■ Various contributions to Puppet & ecosystem / 2/32
Monitoring vs. Functional Tests 
Complementary or redundant? / 3/32
Conformity Tests 
■ Check if machines comply to standards 
■ Avoid permanent heavy monitoring checks 
■ Tests must be inter-dependent 
■ Focus on getting sysadmins to fix one thing at a time to converge 
toward standards / 4/32
■ Back in 2008 
■ Written in Perl 
■ Orchestrate conformity tests on a 4k+ server fleet / 5/32
Treetester: modules output 
■ For all hosts/modules 
■ Number of hosts filtered per module 
■ Modules dependency tree 
■ Colors by priority / 6/32
Treetester: host output 
■ For each host 
■ Failed steps in the module tree 
■ Green: OK, Red: KO, Purple: Ignored / 7/32
Treetester architecture 
■ All data in a database (MySQL) 
■ Tests scripts output YAML 
■ Tests scripts can be local (hosts as STDIN) or remote (ssh or http) 
■ Tests are inter-dependent 
■ Generate filtered data as a tree 
■ Generate graphs (graphviz) / 8/32
Treetester filters 
■ For each test/module 
■ Based on data in MySQL (joins and additional SQL conditions) 
■ Allows to link tests to each other 
■ Like multiple sieves / 9/32
Treetester: future? 
■ Not open-sourced :'-( 
■ Too monolithic/not flexible enough 
■ Heavily linked to specific architecture 
■ Needed a rewrite / 10/32
Adding specs to Puppet runs 
■ Testing the catalog before it gets applied 
■ Testing the node after the catalog is applied 
Enter the Puppet-spec module / 11/32
■ Now the standard to unit test Puppet manifests 
■ Generates catalogs in clean environments 
■ Asserts catalogs for resources/classes 
require 'spec_helper' 
describe 'logrotate::rule' do 
let(:title) { 'nginx' } 
it { should compile.with_all_deps } 
it { should contain_class('logrotate::setup') } 
end / 12/32
■ Runs tests from within Puppet runs 
■ Test catalogs using rspec-puppet 
■ Test hosts using serverspec / 13/32
Puppet-spec: Unit testing 
■ Catalog exposed by PuppetSpec::Catalog.instance.catalog 
■ Uses rspec-puppet matchers 
■ Asserts real catalogs 
■ Runs on the master or agent side (as catalog indirection terminii) 
describe 'puppet' do 
subject { PuppetSpec::Catalog.instance.catalog } 
it { should contain_package('puppet') } 
it { should contain_package('ppet') } 
it { should include_class('puppet') } 
it { should include_class('puppet::client::base') } 
end / 14/32
Puppet-spec: Unit tests output 
# puppet agent -t 
info: Retrieving plugin 
err: Could not retrieve catalog from remote server: Unit tests failed: 
1) package 
Failure/Error: it { should contain_package('augeas') } 
expected that the catalogue would contain Package[augeas] 
# /var/lib/puppet/lib/spec/class/augeas/package_spec.rb:3 
# /var/lib/puppet/lib/puppet/indirector/catalog/rest_spec.rb:31:in `find' 
Finished in 0.00092 seconds 
3 examples, 1 failure 
Failed examples: 
rspec /var/lib/puppet/lib/spec/class/augeas/package_spec.rb:3 # package 
info: Not using expired catalog for from cache; expired at Tue Apr 02 17:40:21 +0200 2013 
notice: Using cached catalog / 15/32
Puppet-spec: Deploying unit tests 
■ On the master side: 
○ Tests are located in the spec/catalog/class directory of the 
○ Only the directories named after classes declared in the catalog 
are tested 
■ On the agent side: 
○ Deploy tests using pluginsync 
○ Tests are located in the lib/spec/catalog/class directory of each 
○ Only the directories named after classes declared in the catalog 
are tested / 16/32
Puppet-spec: Unit tests limits 
■ When to apply the tests (currently based on class names) 
■ Tests on master, or need to deploy all tests with pluginsync 
■ Redundant with existing unit tests, or additional security? / 17/32
Puppet-spec: Setting up Unit testing 
■ Tests achieved from catalog indirection terminii 
■ Plugins (terminii) deployed with pluginsync 
■ Setup done in routes.yaml: 
# Either on the agent side 
terminus: rest_spec 
cache: yaml 
# Or on the master side 
terminus: compiler_spec / 18/32
■ Provides RSpec matchers for local functional tests (packages, 
users, services, ports, etc.) 
■ Independant from configuration management tools 
require 'spec_helper' 
describe service('httpd') do 
it { should be_enabled } 
it { should be_running } 
describe port(80) do 
it { should be_listening } 
describe file('/etc/httpd/conf/httpd.conf') do 
it { should be_file } 
its(:content) { should match /ServerName } 
end / 19/32
Serverspec backends 
Allows to use various means of launching tests: 
■ SSH (default) 
■ Exec 
■ Puppet (RAL, removed from core) 
$ serverspec-init 
Select OS type: 
1) UN*X 
2) Windows 
Select number: 1 
Select a backend type: 
1) SSH 
2) Exec (local) 
Select number: 1 / 20/32
Puppet-spec: Functional testing 
■ Uses serverspec/specinfra matchers 
■ Tests the machine state (not the catalog) 
require 'spec_helper' 
describe service('httpd') do 
it { should be_enabled } 
it { should be_running } 
describe port(80) do 
it { should be_listening } 
describe file('/etc/httpd/conf/httpd.conf') do 
it { should be_file } 
its(:content) { should match /ServerName } 
end / 21/32
Puppet-spec: Function tests output 
# puppet agent -t 
info: Retrieving plugin 
info: Caching catalog for 
info: Applying configuration version 'raphink/a2c8e0f [+]' 
... Applying changes ... 
notice: Finished catalog run in 59.19 seconds 
err: Could not send report: Unit tests failed: 
1) augeas 
Failure/Error: it { should be_installed } 
expected "augeas" to be installed 
# /var/lib/puppet/lib/spec/server/class/ 
# /var/lib/puppet/lib/puppet/indirector/report/rest_spec.rb:45:in `save' 
2) /usr/share/augeas/lenses/dist 
Failure/Error: it { should be_file } 
expected "/usr/share/augeas/lenses/dist" to be file 
# /var/lib/puppet/lib/spec/server/class/ 
# /var/lib/puppet/lib/puppet/indirector/report/rest_spec.rb:45:in `save' 
Finished in 0.06033 seconds 
2 examples, 2 failures 
Failed examples: 
rspec /var/lib/puppet/lib/spec/server/class/ # augeas 
rspec /var/lib/puppet/lib/spec/server/class/ # /usr/share/augeas/lenses/ / 22/32
Puppet-spec: Deploying functional 
■ Tests are run after catalog application 
■ Tests can be distributed via pluginsync (in the spec/server/class) 
directory of each module 
■ Tests can be distributed with file Puppet resources, optionally 
using the spec::serverspec defined resource type / 23/32
Puppet-spec: MCollective agent 
■ Communicates with distant nodes 
■ Sends action and values to specinfra check commands 
■ Does not implement serverspec syntax 
■ Returns true/false 
■ Uses MCollective as transport (instead of SSH) 
$ mco rpc spec check action=user values=rpinson 
$ mco rpc spec check action=file values=/etc/passwd 
$ mco rpc spec check action=resolvable,A 
$ mco rpc spec check action=listening values=80 
$ mco rpc spec check action=process values=mcollectived 
$ mco rpc spec check action=file_contain values=/etc/passwd,rpinson / 24/32
■ RSpec matchers 
■ Calls MCollective to achieve tests 
■ Uses MCollective spec agent (among others) / 25/32
Mspectator architecture 
■ Client runs RSpec 
■ RSpec calls MCollective 
■ MCollective calls distant spec agent 
■ spec agent calls specinfra backend / 26/32
Mspectator syntax 
Own matchers, mapping to specinfra backend methods: 
require 'mspectator' 
describe 'apache' do 
it { should find_nodes(100).or_less } # Counts discovered nodes 
it { should pass_puppet_spec } # Runs the `spec` agent 
it { should have_certificate.signed } # Uses the `puppetca` agent 
context 'when on Debian', 
:facts => { :operatingsystem => 'Debian' } do # Filter by facts 
it { should find_nodes(5).with_agent('spec') } 
it { should have_package('apache2.2-common') } 
it { should_not have_package('httpd') } 
it { should have_service('apache2').with( 
:ensure => 'running' 
) } 
it { should have_file('/etc/apache2/apache2.conf') } 
it { should have_directory('/etc/apache2/conf.d') } 
it { should have_user('www-data') } 
context 'when using SSL', :classes => ['apache::ssl'] do # Filter by classes 
it { should find_nodes(50).or_more } 
it { should have_package('ca-certificates') } 
end / 27/32
Mspectator output 
$ rake spec SPEC=apache_spec.rb 
/home/rpinson/.rvm/rubies/ruby-1.8.7-p371/bin/ruby -S rspec apache_spec.rb 
should find nodes 100 
should pass puppet spec (FAILED - 1) 
should have certificate 
when on Debian 
should find nodes 5 (FAILED - 2) 
when using SSL 
should find nodes 50 (FAILED - 3) 
No request sent, we did not discover any nodes. should have package "ca-certificates" 
1) apache 
Failure/Error: it { should pass_puppet_spec } 
expected that all hosts would pass tests, the following didn't: 
# ./apache_spec.rb:5 
... / 28/32
Mspectator demo / 29/32
On GitHub: 
■ puppet-spec: 
■ mspectator: / 30/32
Thank you! 
■ @raphink on Twitter/Github 
■ raphink on Freenode 
■ Slides: / 31/32
Orchestrated Functional Testing with Puppet-spec and Mspectator

More Related Content

What's hot

Configure once, run everywhere 2016
Configure once, run everywhere 2016Configure once, run everywhere 2016
Configure once, run everywhere 2016
Anatole Tresch
Puppet modules for Fun and Profit
Puppet modules for Fun and ProfitPuppet modules for Fun and Profit
Puppet modules for Fun and Profit
Alessandro Franceschi
Puppet Continuous Integration with PE and GitLab
Puppet Continuous Integration with PE and GitLabPuppet Continuous Integration with PE and GitLab
Puppet Continuous Integration with PE and GitLab
Alessandro Franceschi
Puppi. Puppet strings to the shell
Puppi. Puppet strings to the shellPuppi. Puppet strings to the shell
Puppi. Puppet strings to the shell
Alessandro Franceschi
Puppet modules: An Holistic Approach
Puppet modules: An Holistic ApproachPuppet modules: An Holistic Approach
Puppet modules: An Holistic Approach
Alessandro Franceschi
Puppet Camp Düsseldorf 2014: Continuously Deliver Your Puppet Code with Jenki...
Puppet Camp Düsseldorf 2014: Continuously Deliver Your Puppet Code with Jenki...Puppet Camp Düsseldorf 2014: Continuously Deliver Your Puppet Code with Jenki...
Puppet Camp Düsseldorf 2014: Continuously Deliver Your Puppet Code with Jenki...
Puppet @ Seat
Puppet @ SeatPuppet @ Seat
Puppet @ Seat
Alessandro Franceschi
From SaltStack to Puppet and beyond...
From SaltStack to Puppet and beyond...From SaltStack to Puppet and beyond...
From SaltStack to Puppet and beyond...
Yury Bushmelev
Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011
Puppet evolutions
Puppet evolutionsPuppet evolutions
Puppet evolutions
Alessandro Franceschi
Puppet camp chicago-automated_testing2
Puppet camp chicago-automated_testing2Puppet camp chicago-automated_testing2
Puppet camp chicago-automated_testing2
Puppet: What _not_ to do
Puppet: What _not_ to doPuppet: What _not_ to do
Puppet: What _not_ to do
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
PuppetConf 2017: Use Puppet to Tame the Dockerfile Monster- Bryan Belanger, A...
PuppetConf 2017: Use Puppet to Tame the Dockerfile Monster- Bryan Belanger, A...PuppetConf 2017: Use Puppet to Tame the Dockerfile Monster- Bryan Belanger, A...
PuppetConf 2017: Use Puppet to Tame the Dockerfile Monster- Bryan Belanger, A...
Angular 1.6 typescript application
Angular 1.6 typescript applicationAngular 1.6 typescript application
Angular 1.6 typescript application
Yitzchak Meirovich
Intro django
Intro djangoIntro django
Intro django
Alexander Lyabah
Testing your-automation-code (vagrant version) v0.2
Testing your-automation-code (vagrant version) v0.2Testing your-automation-code (vagrant version) v0.2
Testing your-automation-code (vagrant version) v0.2
Sylvain Tissot
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Workflow story: Theory versus practice in Large Enterprises
Workflow story: Theory versus practice in Large EnterprisesWorkflow story: Theory versus practice in Large Enterprises
Workflow story: Theory versus practice in Large Enterprises

What's hot (20)

Configure once, run everywhere 2016
Configure once, run everywhere 2016Configure once, run everywhere 2016
Configure once, run everywhere 2016
Puppet modules for Fun and Profit
Puppet modules for Fun and ProfitPuppet modules for Fun and Profit
Puppet modules for Fun and Profit
Puppet Continuous Integration with PE and GitLab
Puppet Continuous Integration with PE and GitLabPuppet Continuous Integration with PE and GitLab
Puppet Continuous Integration with PE and GitLab
Puppi. Puppet strings to the shell
Puppi. Puppet strings to the shellPuppi. Puppet strings to the shell
Puppi. Puppet strings to the shell
Puppet modules: An Holistic Approach
Puppet modules: An Holistic ApproachPuppet modules: An Holistic Approach
Puppet modules: An Holistic Approach
Puppet Camp Düsseldorf 2014: Continuously Deliver Your Puppet Code with Jenki...
Puppet Camp Düsseldorf 2014: Continuously Deliver Your Puppet Code with Jenki...Puppet Camp Düsseldorf 2014: Continuously Deliver Your Puppet Code with Jenki...
Puppet Camp Düsseldorf 2014: Continuously Deliver Your Puppet Code with Jenki...
Puppet @ Seat
Puppet @ SeatPuppet @ Seat
Puppet @ Seat
From SaltStack to Puppet and beyond...
From SaltStack to Puppet and beyond...From SaltStack to Puppet and beyond...
From SaltStack to Puppet and beyond...
Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011
Puppet evolutions
Puppet evolutionsPuppet evolutions
Puppet evolutions
Puppet camp chicago-automated_testing2
Puppet camp chicago-automated_testing2Puppet camp chicago-automated_testing2
Puppet camp chicago-automated_testing2
Puppet: What _not_ to do
Puppet: What _not_ to doPuppet: What _not_ to do
Puppet: What _not_ to do
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
PuppetConf 2017: Use Puppet to Tame the Dockerfile Monster- Bryan Belanger, A...
PuppetConf 2017: Use Puppet to Tame the Dockerfile Monster- Bryan Belanger, A...PuppetConf 2017: Use Puppet to Tame the Dockerfile Monster- Bryan Belanger, A...
PuppetConf 2017: Use Puppet to Tame the Dockerfile Monster- Bryan Belanger, A...
Angular 1.6 typescript application
Angular 1.6 typescript applicationAngular 1.6 typescript application
Angular 1.6 typescript application
Intro django
Intro djangoIntro django
Intro django
Testing your-automation-code (vagrant version) v0.2
Testing your-automation-code (vagrant version) v0.2Testing your-automation-code (vagrant version) v0.2
Testing your-automation-code (vagrant version) v0.2
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Workflow story: Theory versus practice in Large Enterprises
Workflow story: Theory versus practice in Large EnterprisesWorkflow story: Theory versus practice in Large Enterprises
Workflow story: Theory versus practice in Large Enterprises

Similar to Orchestrated Functional Testing with Puppet-spec and Mspectator

Test-Driven Puppet Development - PuppetConf 2014
Test-Driven Puppet Development - PuppetConf 2014Test-Driven Puppet Development - PuppetConf 2014
Test-Driven Puppet Development - PuppetConf 2014
More on bpftrace for MariaDB DBAs and Developers - FOSDEM 2022 MariaDB Devroom
More on bpftrace for MariaDB DBAs and Developers - FOSDEM 2022 MariaDB DevroomMore on bpftrace for MariaDB DBAs and Developers - FOSDEM 2022 MariaDB Devroom
More on bpftrace for MariaDB DBAs and Developers - FOSDEM 2022 MariaDB Devroom
Valeriy Kravchuk
Continuous Delivery: The Next Frontier
Continuous Delivery: The Next FrontierContinuous Delivery: The Next Frontier
Continuous Delivery: The Next Frontier
Carlos Sanchez
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Smoking docker
Smoking dockerSmoking docker
Smoking docker
Workhorse Computing
Continuous Infrastructure: Modern Puppet for the Jenkins Project - PuppetConf...
Continuous Infrastructure: Modern Puppet for the Jenkins Project - PuppetConf...Continuous Infrastructure: Modern Puppet for the Jenkins Project - PuppetConf...
Continuous Infrastructure: Modern Puppet for the Jenkins Project - PuppetConf...
How I hack on puppet modules
How I hack on puppet modulesHow I hack on puppet modules
How I hack on puppet modules
Kris Buytaert
Automated Puppet Testing - PuppetCamp Chicago '12 - Scott Nottingham
Automated Puppet Testing - PuppetCamp Chicago '12 - Scott NottinghamAutomated Puppet Testing - PuppetCamp Chicago '12 - Scott Nottingham
Automated Puppet Testing - PuppetCamp Chicago '12 - Scott Nottingham
Puppet: From 0 to 100 in 30 minutes
Puppet: From 0 to 100 in 30 minutesPuppet: From 0 to 100 in 30 minutes
Puppet: From 0 to 100 in 30 minutes
Alessandro Franceschi
20140408 tdd puppetcamp-paris
20140408 tdd puppetcamp-paris20140408 tdd puppetcamp-paris
20140408 tdd puppetcamp-paris
Johan De Wit
Puppet Camp Paris 2014: Test Driven Development
Puppet Camp Paris 2014: Test Driven DevelopmentPuppet Camp Paris 2014: Test Driven Development
Puppet Camp Paris 2014: Test Driven Development
Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)
Intro to-puppet
Intro to-puppetIntro to-puppet
Intro to-puppet
F.L. Jonathan Araña Cruz
Installing and updating software packages [autosaved]
Installing and updating software packages [autosaved]Installing and updating software packages [autosaved]
Installing and updating software packages [autosaved]
#OktoCampus - Workshop : An introduction to Ansible
#OktoCampus - Workshop : An introduction to Ansible#OktoCampus - Workshop : An introduction to Ansible
#OktoCampus - Workshop : An introduction to Ansible
Cédric Delgehier
Provisioning with Puppet
Provisioning with PuppetProvisioning with Puppet
Provisioning with Puppet
Joe Ray
DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on Lab
Michelle Holley
Puppet Loves RSpec, Why You Should, Too
Puppet Loves RSpec, Why You Should, TooPuppet Loves RSpec, Why You Should, Too
Puppet Loves RSpec, Why You Should, Too
Using Puppet on Linux, Windows, and Mac OSX
Using Puppet on Linux, Windows, and Mac OSXUsing Puppet on Linux, Windows, and Mac OSX
Using Puppet on Linux, Windows, and Mac OSX

Similar to Orchestrated Functional Testing with Puppet-spec and Mspectator (20)

Test-Driven Puppet Development - PuppetConf 2014
Test-Driven Puppet Development - PuppetConf 2014Test-Driven Puppet Development - PuppetConf 2014
Test-Driven Puppet Development - PuppetConf 2014
More on bpftrace for MariaDB DBAs and Developers - FOSDEM 2022 MariaDB Devroom
More on bpftrace for MariaDB DBAs and Developers - FOSDEM 2022 MariaDB DevroomMore on bpftrace for MariaDB DBAs and Developers - FOSDEM 2022 MariaDB Devroom
More on bpftrace for MariaDB DBAs and Developers - FOSDEM 2022 MariaDB Devroom
Continuous Delivery: The Next Frontier
Continuous Delivery: The Next FrontierContinuous Delivery: The Next Frontier
Continuous Delivery: The Next Frontier
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Smoking docker
Smoking dockerSmoking docker
Smoking docker
Continuous Infrastructure: Modern Puppet for the Jenkins Project - PuppetConf...
Continuous Infrastructure: Modern Puppet for the Jenkins Project - PuppetConf...Continuous Infrastructure: Modern Puppet for the Jenkins Project - PuppetConf...
Continuous Infrastructure: Modern Puppet for the Jenkins Project - PuppetConf...
How I hack on puppet modules
How I hack on puppet modulesHow I hack on puppet modules
How I hack on puppet modules
Automated Puppet Testing - PuppetCamp Chicago '12 - Scott Nottingham
Automated Puppet Testing - PuppetCamp Chicago '12 - Scott NottinghamAutomated Puppet Testing - PuppetCamp Chicago '12 - Scott Nottingham
Automated Puppet Testing - PuppetCamp Chicago '12 - Scott Nottingham
Puppet: From 0 to 100 in 30 minutes
Puppet: From 0 to 100 in 30 minutesPuppet: From 0 to 100 in 30 minutes
Puppet: From 0 to 100 in 30 minutes
20140408 tdd puppetcamp-paris
20140408 tdd puppetcamp-paris20140408 tdd puppetcamp-paris
20140408 tdd puppetcamp-paris
Puppet Camp Paris 2014: Test Driven Development
Puppet Camp Paris 2014: Test Driven DevelopmentPuppet Camp Paris 2014: Test Driven Development
Puppet Camp Paris 2014: Test Driven Development
Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)
Intro to-puppet
Intro to-puppetIntro to-puppet
Intro to-puppet
Installing and updating software packages [autosaved]
Installing and updating software packages [autosaved]Installing and updating software packages [autosaved]
Installing and updating software packages [autosaved]
#OktoCampus - Workshop : An introduction to Ansible
#OktoCampus - Workshop : An introduction to Ansible#OktoCampus - Workshop : An introduction to Ansible
#OktoCampus - Workshop : An introduction to Ansible
Provisioning with Puppet
Provisioning with PuppetProvisioning with Puppet
Provisioning with Puppet
DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on Lab
Puppet Loves RSpec, Why You Should, Too
Puppet Loves RSpec, Why You Should, TooPuppet Loves RSpec, Why You Should, Too
Puppet Loves RSpec, Why You Should, Too
Using Puppet on Linux, Windows, and Mac OSX
Using Puppet on Linux, Windows, and Mac OSXUsing Puppet on Linux, Windows, and Mac OSX
Using Puppet on Linux, Windows, and Mac OSX

More from Raphaël PINSON

Explore the World of Cilium, Tetragon & eBPF
Explore the World of Cilium, Tetragon & eBPFExplore the World of Cilium, Tetragon & eBPF
Explore the World of Cilium, Tetragon & eBPF
Raphaël PINSON
Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...
Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...
Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...
Raphaël PINSON
ContainerDays Hamburg 2023 — Cilium Workshop.pdf
ContainerDays Hamburg 2023 — Cilium Workshop.pdfContainerDays Hamburg 2023 — Cilium Workshop.pdf
ContainerDays Hamburg 2023 — Cilium Workshop.pdf
Raphaël PINSON
KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf
KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdfKCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf
KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf
Raphaël PINSON
Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust Visibility
Raphaël PINSON
DevOpsDays Zurich 2023 — Bridging Dev and Ops with eBPF: Extending Observabil...
DevOpsDays Zurich 2023 — Bridging Dev and Ops with eBPF: Extending Observabil...DevOpsDays Zurich 2023 — Bridging Dev and Ops with eBPF: Extending Observabil...
DevOpsDays Zurich 2023 — Bridging Dev and Ops with eBPF: Extending Observabil...
Raphaël PINSON
Révolution eBPF - un noyau dynamique
Révolution eBPF - un noyau dynamiqueRévolution eBPF - un noyau dynamique
Révolution eBPF - un noyau dynamique
Raphaël PINSON
Cfgmgmtcamp 2023 — eBPF Superpowers
Cfgmgmtcamp 2023 — eBPF SuperpowersCfgmgmtcamp 2023 — eBPF Superpowers
Cfgmgmtcamp 2023 — eBPF Superpowers
Raphaël PINSON
Cloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFCloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPF
Raphaël PINSON
2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf
2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf
2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf
Raphaël PINSON
SKS in git ops mode
SKS in git ops modeSKS in git ops mode
SKS in git ops mode
Raphaël PINSON
The Hare and the Tortoise: Open Source, Standards & Technological Debt
The Hare and the Tortoise: Open Source, Standards & Technological DebtThe Hare and the Tortoise: Open Source, Standards & Technological Debt
The Hare and the Tortoise: Open Source, Standards & Technological Debt
Raphaël PINSON
Devops stack
Devops stackDevops stack
Devops stack
Raphaël PINSON
YAML Engineering: why we need a new paradigm
YAML Engineering: why we need a new paradigmYAML Engineering: why we need a new paradigm
YAML Engineering: why we need a new paradigm
Raphaël PINSON
Container Security: a toolchain for automatic image rebuilds
Container Security: a toolchain for automatic image rebuildsContainer Security: a toolchain for automatic image rebuilds
Container Security: a toolchain for automatic image rebuilds
Raphaël PINSON
K9s - Kubernetes CLI To Manage Your Clusters In Style
K9s - Kubernetes CLI To Manage Your Clusters In StyleK9s - Kubernetes CLI To Manage Your Clusters In Style
K9s - Kubernetes CLI To Manage Your Clusters In Style
Raphaël PINSON
Argocd up and running
Argocd up and runningArgocd up and running
Argocd up and running
Raphaël PINSON
Bivac - Container Volumes Backup
Bivac - Container Volumes BackupBivac - Container Volumes Backup
Bivac - Container Volumes Backup
Raphaël PINSON
Automating Puppet Certificates Renewal
Automating Puppet Certificates RenewalAutomating Puppet Certificates Renewal
Automating Puppet Certificates Renewal
Raphaël PINSON
Running the Puppet Stack in Containers
Running the Puppet Stack in ContainersRunning the Puppet Stack in Containers
Running the Puppet Stack in Containers
Raphaël PINSON

More from Raphaël PINSON (20)

Explore the World of Cilium, Tetragon & eBPF
Explore the World of Cilium, Tetragon & eBPFExplore the World of Cilium, Tetragon & eBPF
Explore the World of Cilium, Tetragon & eBPF
Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...
Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...
Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...
ContainerDays Hamburg 2023 — Cilium Workshop.pdf
ContainerDays Hamburg 2023 — Cilium Workshop.pdfContainerDays Hamburg 2023 — Cilium Workshop.pdf
ContainerDays Hamburg 2023 — Cilium Workshop.pdf
KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf
KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdfKCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf
KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf
Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust Visibility
DevOpsDays Zurich 2023 — Bridging Dev and Ops with eBPF: Extending Observabil...
DevOpsDays Zurich 2023 — Bridging Dev and Ops with eBPF: Extending Observabil...DevOpsDays Zurich 2023 — Bridging Dev and Ops with eBPF: Extending Observabil...
DevOpsDays Zurich 2023 — Bridging Dev and Ops with eBPF: Extending Observabil...
Révolution eBPF - un noyau dynamique
Révolution eBPF - un noyau dynamiqueRévolution eBPF - un noyau dynamique
Révolution eBPF - un noyau dynamique
Cfgmgmtcamp 2023 — eBPF Superpowers
Cfgmgmtcamp 2023 — eBPF SuperpowersCfgmgmtcamp 2023 — eBPF Superpowers
Cfgmgmtcamp 2023 — eBPF Superpowers
Cloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFCloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPF
2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf
2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf
2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf
SKS in git ops mode
SKS in git ops modeSKS in git ops mode
SKS in git ops mode
The Hare and the Tortoise: Open Source, Standards & Technological Debt
The Hare and the Tortoise: Open Source, Standards & Technological DebtThe Hare and the Tortoise: Open Source, Standards & Technological Debt
The Hare and the Tortoise: Open Source, Standards & Technological Debt
Devops stack
Devops stackDevops stack
Devops stack
YAML Engineering: why we need a new paradigm
YAML Engineering: why we need a new paradigmYAML Engineering: why we need a new paradigm
YAML Engineering: why we need a new paradigm
Container Security: a toolchain for automatic image rebuilds
Container Security: a toolchain for automatic image rebuildsContainer Security: a toolchain for automatic image rebuilds
Container Security: a toolchain for automatic image rebuilds
K9s - Kubernetes CLI To Manage Your Clusters In Style
K9s - Kubernetes CLI To Manage Your Clusters In StyleK9s - Kubernetes CLI To Manage Your Clusters In Style
K9s - Kubernetes CLI To Manage Your Clusters In Style
Argocd up and running
Argocd up and runningArgocd up and running
Argocd up and running
Bivac - Container Volumes Backup
Bivac - Container Volumes BackupBivac - Container Volumes Backup
Bivac - Container Volumes Backup
Automating Puppet Certificates Renewal
Automating Puppet Certificates RenewalAutomating Puppet Certificates Renewal
Automating Puppet Certificates Renewal
Running the Puppet Stack in Containers
Running the Puppet Stack in ContainersRunning the Puppet Stack in Containers
Running the Puppet Stack in Containers

Recently uploaded

Adaptive synchronous sliding control for a robot manipulator based on neural ...
Adaptive synchronous sliding control for a robot manipulator based on neural ...Adaptive synchronous sliding control for a robot manipulator based on neural ...
Adaptive synchronous sliding control for a robot manipulator based on neural ...
digital fundamental by Thomas L.floydl.pdf
digital fundamental by Thomas L.floydl.pdfdigital fundamental by Thomas L.floydl.pdf
digital fundamental by Thomas L.floydl.pdf
PPT on GRP pipes manufacturing and testing
PPT on GRP pipes manufacturing and testingPPT on GRP pipes manufacturing and testing
PPT on GRP pipes manufacturing and testing
6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)
Low power architecture of logic gates using adiabatic techniques
Low power architecture of logic gates using adiabatic techniquesLow power architecture of logic gates using adiabatic techniques
Low power architecture of logic gates using adiabatic techniques
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Sreedhar Chowdam
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
Mukeshwaran Balu
New techniques for characterising damage in rock slopes.pdf
New techniques for characterising damage in rock slopes.pdfNew techniques for characterising damage in rock slopes.pdf
New techniques for characterising damage in rock slopes.pdf
Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
Swimming pool mechanical components design.pptx
Swimming pool  mechanical components design.pptxSwimming pool  mechanical components design.pptx
Swimming pool mechanical components design.pptx
14 Template Contractual Notice - EOT Application
14 Template Contractual Notice - EOT Application14 Template Contractual Notice - EOT Application
14 Template Contractual Notice - EOT Application
22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesHarnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
Christina Lin
Building Electrical System Design & Installation
Building Electrical System Design & InstallationBuilding Electrical System Design & Installation
Building Electrical System Design & Installation

Recently uploaded (20)

Adaptive synchronous sliding control for a robot manipulator based on neural ...
Adaptive synchronous sliding control for a robot manipulator based on neural ...Adaptive synchronous sliding control for a robot manipulator based on neural ...
Adaptive synchronous sliding control for a robot manipulator based on neural ...
digital fundamental by Thomas L.floydl.pdf
digital fundamental by Thomas L.floydl.pdfdigital fundamental by Thomas L.floydl.pdf
digital fundamental by Thomas L.floydl.pdf
PPT on GRP pipes manufacturing and testing
PPT on GRP pipes manufacturing and testingPPT on GRP pipes manufacturing and testing
PPT on GRP pipes manufacturing and testing
6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)
Low power architecture of logic gates using adiabatic techniques
Low power architecture of logic gates using adiabatic techniquesLow power architecture of logic gates using adiabatic techniques
Low power architecture of logic gates using adiabatic techniques
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
New techniques for characterising damage in rock slopes.pdf
New techniques for characterising damage in rock slopes.pdfNew techniques for characterising damage in rock slopes.pdf
New techniques for characterising damage in rock slopes.pdf
Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
Swimming pool mechanical components design.pptx
Swimming pool  mechanical components design.pptxSwimming pool  mechanical components design.pptx
Swimming pool mechanical components design.pptx
14 Template Contractual Notice - EOT Application
14 Template Contractual Notice - EOT Application14 Template Contractual Notice - EOT Application
14 Template Contractual Notice - EOT Application
22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesHarnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
Building Electrical System Design & Installation
Building Electrical System Design & InstallationBuilding Electrical System Design & Installation
Building Electrical System Design & Installation

Orchestrated Functional Testing with Puppet-spec and Mspectator

  • 2. Who am I? Raphaël Pinson (@raphink) ■ Infrastructure Developer & Trainer @ Camptocamp ■ Augeas & Augeasproviders developer ■ Various contributions to Puppet & ecosystem / 2/32
  • 3. Monitoring vs. Functional Tests Complementary or redundant? / 3/32
  • 4. Conformity Tests ■ Check if machines comply to standards ■ Avoid permanent heavy monitoring checks ■ Tests must be inter-dependent ■ Focus on getting sysadmins to fix one thing at a time to converge toward standards / 4/32
  • 5. Treetester ■ Back in 2008 ■ Written in Perl ■ Orchestrate conformity tests on a 4k+ server fleet / 5/32
  • 6. Treetester: modules output ■ For all hosts/modules ■ Number of hosts filtered per module ■ Modules dependency tree ■ Colors by priority / 6/32
  • 7. Treetester: host output ■ For each host ■ Failed steps in the module tree ■ Green: OK, Red: KO, Purple: Ignored / 7/32
  • 8. Treetester architecture ■ All data in a database (MySQL) ■ Tests scripts output YAML ■ Tests scripts can be local (hosts as STDIN) or remote (ssh or http) ■ Tests are inter-dependent ■ Generate filtered data as a tree ■ Generate graphs (graphviz) / 8/32
  • 9. Treetester filters ■ For each test/module ■ Based on data in MySQL (joins and additional SQL conditions) ■ Allows to link tests to each other ■ Like multiple sieves / 9/32
  • 10. Treetester: future? ■ Not open-sourced :'-( ■ Too monolithic/not flexible enough ■ Heavily linked to specific architecture ■ Needed a rewrite / 10/32
  • 11. Adding specs to Puppet runs ■ Testing the catalog before it gets applied ■ Testing the node after the catalog is applied Enter the Puppet-spec module / 11/32
  • 12. Rspec-puppet ■ ■ Now the standard to unit test Puppet manifests ■ Generates catalogs in clean environments ■ Asserts catalogs for resources/classes require 'spec_helper' describe 'logrotate::rule' do let(:title) { 'nginx' } it { should compile.with_all_deps } it { should contain_class('logrotate::setup') } end / 12/32
  • 13. Puppet-spec ■ Runs tests from within Puppet runs ■ Test catalogs using rspec-puppet ■ Test hosts using serverspec / 13/32
  • 14. Puppet-spec: Unit testing ■ Catalog exposed by PuppetSpec::Catalog.instance.catalog ■ Uses rspec-puppet matchers ■ Asserts real catalogs ■ Runs on the master or agent side (as catalog indirection terminii) describe 'puppet' do subject { PuppetSpec::Catalog.instance.catalog } it { should contain_package('puppet') } it { should contain_package('ppet') } it { should include_class('puppet') } it { should include_class('puppet::client::base') } end / 14/32
  • 15. Puppet-spec: Unit tests output # puppet agent -t info: Retrieving plugin err: Could not retrieve catalog from remote server: Unit tests failed: F.. Failures: 1) package Failure/Error: it { should contain_package('augeas') } expected that the catalogue would contain Package[augeas] # /var/lib/puppet/lib/spec/class/augeas/package_spec.rb:3 # /var/lib/puppet/lib/puppet/indirector/catalog/rest_spec.rb:31:in `find' Finished in 0.00092 seconds 3 examples, 1 failure Failed examples: rspec /var/lib/puppet/lib/spec/class/augeas/package_spec.rb:3 # package info: Not using expired catalog for from cache; expired at Tue Apr 02 17:40:21 +0200 2013 notice: Using cached catalog / 15/32
  • 16. Puppet-spec: Deploying unit tests ■ On the master side: ○ Tests are located in the spec/catalog/class directory of the environment ○ Only the directories named after classes declared in the catalog are tested ■ On the agent side: ○ Deploy tests using pluginsync ○ Tests are located in the lib/spec/catalog/class directory of each module ○ Only the directories named after classes declared in the catalog are tested / 16/32
  • 17. Puppet-spec: Unit tests limits ■ When to apply the tests (currently based on class names) ■ Tests on master, or need to deploy all tests with pluginsync ■ Redundant with existing unit tests, or additional security? / 17/32
  • 18. Puppet-spec: Setting up Unit testing ■ Tests achieved from catalog indirection terminii ■ Plugins (terminii) deployed with pluginsync ■ Setup done in routes.yaml: agent: catalog: # Either on the agent side terminus: rest_spec cache: yaml master: catalog: # Or on the master side terminus: compiler_spec / 18/32
  • 19. Serverspec ■ ■ Provides RSpec matchers for local functional tests (packages, users, services, ports, etc.) ■ Independant from configuration management tools require 'spec_helper' describe service('httpd') do it { should be_enabled } it { should be_running } end describe port(80) do it { should be_listening } end describe file('/etc/httpd/conf/httpd.conf') do it { should be_file } its(:content) { should match /ServerName } end / 19/32
  • 20. Serverspec backends Allows to use various means of launching tests: ■ SSH (default) ■ Exec ■ Puppet (RAL, removed from core) $ serverspec-init Select OS type: 1) UN*X 2) Windows Select number: 1 Select a backend type: 1) SSH 2) Exec (local) Select number: 1 / 20/32
  • 21. Puppet-spec: Functional testing ■ Uses serverspec/specinfra matchers ■ Tests the machine state (not the catalog) require 'spec_helper' describe service('httpd') do it { should be_enabled } it { should be_running } end describe port(80) do it { should be_listening } end describe file('/etc/httpd/conf/httpd.conf') do it { should be_file } its(:content) { should match /ServerName } end / 21/32
  • 22. Puppet-spec: Function tests output # puppet agent -t info: Retrieving plugin info: Caching catalog for info: Applying configuration version 'raphink/a2c8e0f [+]' ... Applying changes ... notice: Finished catalog run in 59.19 seconds err: Could not send report: Unit tests failed: FF Failures: 1) augeas Failure/Error: it { should be_installed } expected "augeas" to be installed # /var/lib/puppet/lib/spec/server/class/ # /var/lib/puppet/lib/puppet/indirector/report/rest_spec.rb:45:in `save' 2) /usr/share/augeas/lenses/dist Failure/Error: it { should be_file } expected "/usr/share/augeas/lenses/dist" to be file # /var/lib/puppet/lib/spec/server/class/ # /var/lib/puppet/lib/puppet/indirector/report/rest_spec.rb:45:in `save' Finished in 0.06033 seconds 2 examples, 2 failures Failed examples: rspec /var/lib/puppet/lib/spec/server/class/ # augeas rspec /var/lib/puppet/lib/spec/server/class/ # /usr/share/augeas/lenses/ / 22/32
  • 23. Puppet-spec: Deploying functional tests ■ Tests are run after catalog application ■ Tests can be distributed via pluginsync (in the spec/server/class) directory of each module ■ Tests can be distributed with file Puppet resources, optionally using the spec::serverspec defined resource type / 23/32
  • 24. Puppet-spec: MCollective agent ■ Communicates with distant nodes ■ Sends action and values to specinfra check commands ■ Does not implement serverspec syntax ■ Returns true/false ■ Uses MCollective as transport (instead of SSH) Examples: $ mco rpc spec check action=user values=rpinson $ mco rpc spec check action=file values=/etc/passwd $ mco rpc spec check action=resolvable,A $ mco rpc spec check action=listening values=80 $ mco rpc spec check action=process values=mcollectived $ mco rpc spec check action=file_contain values=/etc/passwd,rpinson / 24/32
  • 25. Mspectator ■ ■ RSpec matchers ■ Calls MCollective to achieve tests ■ Uses MCollective spec agent (among others) / 25/32
  • 26. Mspectator architecture ■ Client runs RSpec ■ RSpec calls MCollective ■ MCollective calls distant spec agent ■ spec agent calls specinfra backend / 26/32
  • 27. Mspectator syntax Own matchers, mapping to specinfra backend methods: require 'mspectator' describe 'apache' do it { should find_nodes(100).or_less } # Counts discovered nodes it { should pass_puppet_spec } # Runs the `spec` agent it { should have_certificate.signed } # Uses the `puppetca` agent context 'when on Debian', :facts => { :operatingsystem => 'Debian' } do # Filter by facts it { should find_nodes(5).with_agent('spec') } it { should have_package('apache2.2-common') } it { should_not have_package('httpd') } it { should have_service('apache2').with( :ensure => 'running' ) } it { should have_file('/etc/apache2/apache2.conf') } it { should have_directory('/etc/apache2/conf.d') } it { should have_user('www-data') } end context 'when using SSL', :classes => ['apache::ssl'] do # Filter by classes it { should find_nodes(50).or_more } it { should have_package('ca-certificates') } end end / 27/32
  • 28. Mspectator output $ rake spec SPEC=apache_spec.rb /home/rpinson/.rvm/rubies/ruby-1.8.7-p371/bin/ruby -S rspec apache_spec.rb apache should find nodes 100 should pass puppet spec (FAILED - 1) should have certificate when on Debian should find nodes 5 (FAILED - 2) ... when using SSL should find nodes 50 (FAILED - 3) No request sent, we did not discover any nodes. should have package "ca-certificates" Failures: 1) apache Failure/Error: it { should pass_puppet_spec } expected that all hosts would pass tests, the following didn't: # ./apache_spec.rb:5 ... / 28/32
  • 30. Contribute On GitHub: ■ puppet-spec: ■ mspectator: / 30/32
  • 31. Thank you! ■ ■ @raphink on Twitter/Github ■ raphink on Freenode ■ Slides: / 31/32