Testing your Chef cookbook with Inspec and Docker

April 4th, 2017 Posted by Blog, DevOps, Tips 0 thoughts on “Testing your Chef cookbook with Inspec and Docker”

In your cookbook repository:

cd cookbooks/
chef generate cookbook myfirst_cookbook
Generating cookbook myfirst_cookbook
- Ensuring correct cookbook file content
- Ensuring delivery configuration
- Ensuring correct delivery build cookbook content
Your cookbook is ready. Type `cd myfirst_cookbook` to enter it.
There are several commands you can run to get started locally developing and testing your cookbook.
Type `delivery local --help` to see a full list.
Why not start by writing a test? Tests for the default recipe are stored at:
test/smoke/default/default_test.rb
If you’d prefer to dive right in, the default recipe can be found at:
recipes/default.rb

Let’s edit our cookbook default recipe at myfirst_cookbook/recipes/default.rb and add:

package 'vim'

Open our cookbook .kitchen.yml file and replace following configuration using the dokken driver:

---
driver:
  name: dokken
  privileged: true # because Docker and SystemD/Upstart
  customize:
    memory: '512'

transport:
  name: dokken

provisioner:
  name: dokken
  deprecations_as_errors: true

verifier:
  name: inspec

platforms:
  - name: ubuntu-16.04
    driver:
      image: ubuntu:16.04
      pid_one_command: /sbin/init
      intermediate_instructions:
        - RUN /usr/bin/apt-get update
        - RUN /usr/bin/apt-get install apt-transport-https net-tools -y
  - name: centos-7
    driver:
      image: centos:7
      platform: rhel
      pid_one_command: /usr/lib/systemd/systemd
      intermediate_instructions:
        - RUN yum clean all
        - RUN yum -y install net-tools lsof

suites:
  - name: default
    run_list:
      - recipe[myfirst_cookbook::default]
    verifier:
      inspec_tests:
        - test/smoke/default
    attributes:

Let’s list our platform and converge:

kitchen list
Instance             Driver  Provisioner  Verifier  Transport  Last Action    Last Error
default-ubuntu-1604  Dokken  Dokken       Inspec    Dokken
default-centos-7     Dokken  Dokken       Inspec    Dokken

As you can see we have two platform, one for Ubuntu 16.04 and the other for CentOs 7, let’s converge the Ubuntu:

kitchen converge default-ubuntu-1604
-----> Starting Kitchen (v1.14.2)
-----> Creating …
Finished creating  (0m18.79s).
-----> Converging …
Preparing files for transfer
Preparing dna.json
Resolving cookbook dependencies with Berkshelf 5.2.0…
Removing non-cookbook files before transfer
Preparing validation.pem
Preparing client.rb
Transferring files to
Starting Chef Client, version 12.19.36
Creating a new client identity for default-ubuntu-1604 using the validator key.
resolving cookbooks for run list: [“myfirst_cookbook::default”]
Synchronizing Cookbooks:
-- myfirst_cookbook (0.1.0)
Installing Cookbook Gems:
Compiling Cookbooks…
Converging 1 resources
Recipe: myfirst_cookbook::default
* apt_package[vim] action install
-- install version 2:7.4.1689-3ubuntu1.2 of package vim
Running handlers:
Running handlers complete
Chef Client finished, 1/1 resources updated in 12 seconds
Finished converging  (0m21.81s).
-----> Kitchen is finished. (0m41.67s)

The default Chef testing and compliance framework is inspec.

Let’s add a test by editing the file test/smoke/default/default_test.rb

describe command('vim --help') do
   its('stdout') { should match (/VIM - Vi IMproved/) }
end

Let’s run kitchen verify:

kitchen verify default-ubuntu-1604
-----> Starting Kitchen (v1.14.2)
-----> Setting up …
Finished setting up  (0m0.00s).
-----> Verifying …
Loaded
Target:  docker://454ad2f3c719af78a61f45acfe331760b522dd6c943f705fdf19cb46137b3d30
User root
✔  should exist
↺  This is an example test, replace with your own test.
Port 80
✔  should not be listening
↺  This is an example test, replace with your own test.
Command vim
✔  --help stdout should match /VIM -- Vi IMproved/
Test Summary: 3 successful, 0 failures, 2 skipped
Finished verifying  (0m0.51s).
-----> Kitchen is finished. (0m1.81s)
kitchen verify default-centos-72

Let’s connect into our container:

kitchen login default-ubuntu-1604

You can use kitchen on your CI with the command test that converge, verify and destroy your container:

kitchen test default-ubuntu-1604

Continuous S.A.
Avenue des Hauts-Fourneaux 9
L-4362 Esch-sur-Alzette
Luxembourg

© Continuous S.A. 2017