We have been able to test our puppet modules using rspec-puppet and serverspec for a while now and the quality of our code is improving because of it. This talk will introduce the new kid on the block litmus. This talk will show you how to use litmus to test puppet modules and how to convert your existing modules to make use of litmus.

1. Testing your infrastructure
with litmus
04/02/2020 cfgmgmtcamp 2020
Bram Vogelaar
@attachmentgenie

2. ~$ whoami
●
I used to be a Molecular Biologist,
●
Then became a Dev,
●
Now an Ops.
●
Open Source Consultant @inuits.eu

3. “The intern just “solved” the problem
with $product by “fixing” the SSH
config”

4. Wait what?

5. $problems++?
https://preshing.com/20110926/high-resolution-mandelbrot-in-obfuscated-python/

6. Testing Pyramid

7. Read out loud warning
“Unit testing is a software development
process in which the smallest testable parts
of an application, called units, are individually
and independently scrutinized for proper
operation”

8. rspec-puppet
●
Independantly developed
●
Ruby based
●
Rspec based
●
(mostly) quick to run
●
(almost) unit testing *
https://rspec-puppet.com/

9. Rspec test
require 'spec_helper'
describe 'ssh::server', type: :class do
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) { facts }
context 'with defaults for all parameters' do
it { is_expected.to contain_class('ssh::server') }
it { is_expected.to contain_class('ssh::params') }
it do
is_expected.to contain_package('openssh-server').with(
'ensure' => 'present',
)
end

10. Read out loud warning
“An acceptance test is a formal description of
the behavior of a software product, generally
expressed as an example or a usage
scenario”

11. Beaker
●
Developed by puppet(labs)
●
Ruby based
●
Native puppet support
●
Docker & Vagrant providers *
●
Serverspec
https://github.com/puppetlabs/beaker

12. Serverspec
describe package('openssh-server')
it { should be_installed }
end
https://serverspec.org/

13. Test Kitchen
●
Based on the chef toolchain
●
Puppet support via plugin
●
Multiple provider support
●
Inspec (and serverspec) support
https://github.com/neillturner/kitchen-puppet

14. inspec
control 'ports-1.0' do
impact 1.0
title 'Port 9000 should have a fpm pool listening'
describe port(9000) do
it { should be_listening }
its('processes') {should include 'php-fpm'}
end
end
https://www.inspec.io/

15. Inspec (audit) profiles
include_controls 'linux-baseline'
https://dev-sec.io/

16. Highly Opinionated Awkward Bits
●
Designed for single node testing only *
●
Rage inducing CLI (beaker)
●
Weird CLI verbs (kitchen)
●
No orchestration (kitchen)
●
License issues (inspec)

18. Litmus
●
Developed by puppet
●
Ruby based
●
Native puppet support
●
Docker & Vagrant providers
●
Server-spec
●
Build on puppet’s Bolt
●
Multi node support
https://github.com/puppetlabs/puppet_litmus

19. provision.yaml
---
docker:
provisioner: docker
images: ['waffleimage/centos7']
vagrant:
provisioner: vagrant
images: ['centos/7']

20. bootstrap
# Start a docker image
>bundle exec rake 'litmus:provision[docker, centos:7]'
# Start all nodes defined it the vagrant list
>bundle exec rake 'litmus:provision[vagrant]'
Provisioning centos_7-2222
{"status":"ok","node_name":"localhost"}

21. Inventory.yml
> cat inventory.yaml
---
groups:
- name: ssh_nodes
nodes:
- name: localhost:2222
config:
transport: ssh
ssh:
user: root
password: root
port: 2222
host-key-check: false
facts:
provisioner: docker
container_name: centos_7-2222

22. Batteries not included?
# Installs the latest Puppet Agent on all targets
> bundle exec rake "litmus:install_agent"
# Installs Puppet 5 on all targets
> bundle exec rake 'litmus:install_agent[puppet5]'
# Install the latest Puppet Agent on a specific target
> bundle exec rake 'litmus:install_agent[foo.bar.bbq]'

23. Bolt
> bolt command run 'puppet --version' -n localhost:2222 -i inventory.yaml
Started on localhost...
Finished on localhost:
STDOUT:
6.12.0
Successful on 1 node: localhost:2222
Ran on 1 node in 0.92 seconds

24. Multi-node Setup
> bundle exec bolt --modulepath $(pwd)/spec/fixtures/modules/
plan run provision::server_setup --inventoryfile inventory.yaml
> bundle exec bolt --modulepath $(pwd)/spec/fixtures/modules/
plan run provision::agents --inventoryfile inventory.yaml

25. Push your code
> bundle exec rake litmus:install_module

26. Fire in the hole!
> bundle exec rake litmus:acceptance:parallel
Running against 1 machines |Time: 00:00:48 |
==================================================================
====================== | Time: 00:00:48
......
Finished in 46.38 seconds (files took 1.97 seconds to load)
6 examples, 0 failures

27. Fire in the hole!
> bundle exec rake litmus:acceptance:parallel
Running against 1 machines |Time: 00:00:48 |
==================================================================
====================== | Time: 00:00:48
......
Finished in 46.38 seconds (files took 1.97 seconds to load)
6 examples, 0 failures

28. Granularity
> TARGET_HOST=foo.bar.bbq bundle exec
rspec ./spec/acceptance
> bundle exec rspec
./spec/acceptance/test_spec.rb:21

29. Release Resources
> bundle exec rake litmus:tear_down
{"node"=>"localhost", "status"=>"success",
"result"=>{"_output"=>"Removed localhost:2222
n{"status":"ok"}n"}}

30. .travis.yml
before_script: ["bundle exec rake 'litmus:provision_list[travis_deb]'", "bundle exec rake
'litmus:install_agent[puppet6]'", "bundle exec rake litmus:install_module"]
bundler_args:
dist: trusty
env: PLATFORMS=deb_puppet6
rvm: 2.5.1
script: ["bundle exec rake litmus:acceptance:parallel"]
services: docker
stage: acceptance
sudo: required

31. INUITS bvba
Essensteenweg 31
2930 Brasschaat
Belgium
BE 0891.514.231
Contact:
+32.380.821.05
info@inuits.eu
inuits.eu
bram@inuits.eu
@attachmentgenie