Friday, April 23, 2021

Chef Infra Best Practices: #3 Testing Chef Infra Cookbooks Fast with Docker

https://blog.chef.io/chef-infra-best-practices-3-testing-chef-infra-cookbooks-fast-with-docker

Third installment of the Shape-Up Your Infrastructure Webinar Series – "Testing Chef Infra Cookbooks Fast with Docker". 

It often seems like every day brings about a new mission-critical business application to manage. Each of these critical systems needs special attention as you build out your infrastructure automation. No one wants to push out that "simple" configuration change that causes business outage. Each and every change, no matter the size, needs full validation, but how can this be accomplished without slowing the business velocity?

Test Kitchen is an open source testing framework that tests cookbooks using Vagrant, Docker, VMware vSphere, or leading cloud providers. With Test Kitchen you can automate the validation of your complex infrastructure systems on local workstations during your development process as well as part of automated CI pipelines. This shifts the validation of systems as far left as possible, avoiding the need for costly manual validation in pre-production environments, or worse yet, validation in production. 

Test Kitchen is part of Chef Workstation and works in concert with Chef InSpec letting you write complex tests for your infrastructure code with ease. With Chef InSpec you utilize the same test language, and even code, for your infrastructure tests as your security and compliance tests. This reduces the time necessary to test systems and time spent training employees on new testing frameworks. 

Overview: Chef Infra Client and Test Kitchen Infrastructure Automation 

Test Kitchen validates infrastructure changes in four main stages: Create, Converge, Verify and Destroy: 

  • CreateIn the create stage systems are created and booted in a clean-room environment either running locally on a workstation hypervisor or on a cloud provider 
  • Converge In the converge phase the Chef Infra Client is installed and cookbooks are then run to bring the node into policy compliance. 
  • Verify: In the verify Chef InSpec is used to smoke tests and verify systems meet business needs. One of the coolest things about Test Kitchen is that you are validating the compliance primitives along with running smoke tests.  
  • Destroy: In the destroy phase passed runs are committed to source control, failed runs are returned to development and the clean room instances are deleted from your local hypervisor or cloud provider.


No comments:

Post a Comment