Chef Infra Best Practices: #3 Testing Chef Infra Cookbooks Fast with Docker

Third installment of the Shape-Up Your Infrastructure Webinar Series – “Testing Chef Infra Cookbooks Fast with Docker”. 

It often seems like every day brings about a new mission-critical business application to manage. Each of these critical systems needs special attention as you build out your infrastructure automation. No one wants to push out that “simple” configuration change that causes a business outage. Each and every change, no matter the size, needs full validation, but how can this be accomplished without slowing the business velocity?

Test Kitchen is an open source testing framework that tests cookbooks using Vagrant, Docker, VMware vSphere, or leading cloud providers. With Test Kitchen you can automate the validation of your complex infrastructure systems on local workstations during your development process as well as part of automated CI pipelines. This shifts the validation of systems as far left as possible, avoiding the need for costly manual validation in pre-production environments, or worse yet, validation in production. 

Test Kitchen is part of Chef Workstation and works in concert with Chef InSpec letting you write complex tests for your infrastructure code with ease. With Chef InSpec you utilize the same test language, and even code, for your infrastructure tests as your security and compliance tests. This reduces the time necessary to test systems and time spent training employees on new testing frameworks. 

Overview: Chef Infra Client and Test Kitchen Infrastructure Automation 

Test Kitchen validates infrastructure changes in four main stages: Create, Converge, Verify and Destroy: 

  • Create: In the create stage systems are created and booted in a clean-room environment either running locally on a workstation hypervisor or on a cloud provider.  
  • ConvergeIn the converge phase the Chef Infra Client is installed and cookbooks are then run to bring the node into policy compliance. 
  • Verify: In the verify Chef InSpec is used to smoke tests and verify systems meet business needs. One of the coolest things about Test Kitchen is that you are validating the compliance primitives along with running smoke tests.  
  • Destroy: In the destroy phase passed runs are committed to source control, failed runs are returned to development and the clean room instances are deleted from your local hypervisor or cloud provider.

Test Driven Development for Infrastructure Delivery with Chef Infra Client and Test Kitchen

Test Kitchen also includes an all-in-one phase, Test, which runs all the phases mentioned above. When running the Test Phase, if the verify stage completes successfully the destroy phase will run automatically to clean up the instances. If any failures occur the system will remain for further troubleshooting.

Defining Complex Infrastructure 

Your infrastructure can take many shapes. Test Kitchen allows you to define different suites of infrastructure tests to run. Suites can include different Chef Infra Client run lists or attribute combinations. These suites can also be tested on an array of different operating systems such as macOS, Linux, or Windows. Test Kitchen suites allow you to cover different scenarios such as client or server installations or test the upgrade of major software components along with fresh installations. 

Iterating Fast with Docker 

Testing complex infrastructure can quickly balloon to long–running tests, even when running against expensive cloud instances. Do you scale back testing to meet the needs of your high-velocity business? Or instead, consider changing how you test your complex infrastructure. 

The Dokken driver for Test Kitchen, built into Chef Workstation, allows you to rapidly test your infrastructure code using Docker, OS containers, and Chef Infra Client containers. Dokken includes a large collection of Linux distro containers designed to mimic full OS images (note Dokken does not work with Windows). These containers boot lightning-fast and when combined with Chef Infra Client containers you can test infrastructure changes in seconds instead of minutes.  

Best of all since these tests run all run in Docker you can Test Kitchen with Dokken in your favorite Continuous Delivery (CD) environments without the need for costly cloud test instances. To learn more about Test Kitchen with Dokken and to see how you can test client/server and cluster environments be sure to check out our on-demand webinar – Testing Chef Infra Cookbooks Fast with Docker below. 

The “Shape-up Your Infrastructure Automation” webinar series will continue through 2021. Below is the current list of events:   

Additional useful resources related to Chef Infra Client include:  

Posted in:

Tim Smithh

Tim was the Product Manager for Chef Infra.