Fast and efficient, containers make an ideal environment for testing. This talk will show how containers can be used to safely and effectively test configuration changes before deploying to production.
Using Docker, Puppet, and other open source tools, we will demonstrate a containerized and fully-automated test environment and compare to VM-based alternatives. We will examine the benefits of containers for ad-hoc exploratory testing and accelerating and expanding test coverage through parallelization.
6. 0
10
20
30
40
50
60
Docker Run VM Boot Docker Build+Run
Time(seconds)
debian:8 centos:7
6
What Does “Fast & Efficient” Actually Mean?
Back of the Envelope
40𝑠/𝑉𝑀 𝑏𝑜𝑜𝑡 + 10𝑠/𝑡𝑒𝑠𝑡
1.1𝑠/𝐷𝑜𝑐𝑘𝑒𝑟 𝑟𝑢𝑛 + 10𝑠/𝑡𝑒𝑠𝑡
= 4.5 tests in containers
for every test run in a VM
16. 16
Containers: Ephemeral & “Safe” Sandboxes?
Containers have security
implications
• Shared OS kernel & resources
And more security exposure
with privileged containers,
additional capabilities
[For Testing] Are you
willing to sacrifice some
degree of security for
performance?
From Jérôme Petazzoni’s talk
“Is it safe to run applications in containers?”
17. Run containers inside VM(s)
Enable SELinux
Remove or separate secrets &
credentials
Plenty of prior art for securing
containers in production
17
From “Is it safe to run applications in containers?”
If you answered, “No. Security over Performance.”
20. 20
The Hard Part: Modeling Your Environment
Good news: Your CM code
does most of the work
Prior art for fine tuning, e.g.
see Reliant’s PuppetConf talk
here
23. “Who needs Config Management? We use containers!”
23
Have You Heard This One?
24. Given a container:
How was it built?
How do you run it?
What is inside right now?
When do you rebuild?
24
Docker Tooling: Not Bad… Could It Be Better?
What packages are in the base image?
What version of Puppet
& dependencies?
Is this the one and only way to run this container?
25. Puppet lives in separate
mounted container
Inventoried container
can be Immutable
Inventory is JSON
• Query with standard tools
• Use for container health
checks, extend container
metadata, etc.
26. 26
Unpacking It All
Configuration Management + Containers: Better Together
Testing: A very good place to start
Many free and open-source tools
Base container images
Build, run, inspect containers
DSL integration and much more…
You can do it too…on your laptop!