Test Driven Devops

Illustration: 500 - Internal server errorI like to apply Test Driven Development to my sysadmin work. For example, every time I add a new redirect to a web server configuration I want to make sure I haven’t broken anything else. Further, I want my SSL configurations proactively checked daily for any possible error. I use Ruby RSpec and write tests like these:

describe 'My app' do
  context 'www.myapp.com' do
    it { should be_up }
    it { should have_a_valid_cert }
  end

  it 'serves the www.myapp.com page without redirecting' do
    expect('http://www.myapp.com/about').to be_status 200
  end

  it 'only serves via www' do
    expect('http://myapp.com').to redirect_permanently_to 'http://www.myapp.com/'
  end

  it 'forces visitors to use https' do
  expect('myapp.com').to enforce_https_everywhere
  end
end



When I want to make a configuration change, I first write a test for the desired outcome. Naturally, it fails while the old tests pass. I then work on the config change, re-running all the tests as I go, and am finished when they all pass. I also run these automatically from a cron job to get pro-active notification of new problems.

The phrases such as have_a_valid_cert are custom RSpec matchers; they’re added into the RSpec environment by this open source library on Github.  I’m also working on an app to run these specs in the cloud.

See also

4 Comments

  1. John Cooper says:
    January 17, 2014 at 2:28 am

    I have been doing a similar thing using cucumber and some simple net/http tests. It works okay but I like the format of what you have done there. Looks a lot simpler. I’ll have a look at it in more detail at the next major change we are looking at.
    Any reason you are switching to python? Will this mean you are not updating this library?
    Thanks for sharing your code.

    Reply
    1. Robb says:
      January 17, 2014 at 2:41 am

      I’ll definitely be keeping this up to date; Ruby excels when it comes to test frameworks and Domain Specific Languages. I’d like to see what’s possible with Python because I find code written with it more maintainable.

      Reply
  2. Arnab says:
    January 17, 2014 at 7:55 pm

    Your post reminds of something very similar – http://babushka.me/. Babushka is a tool for automating test-driven system admin tasks, you can check it out and see, it also has pretty nice DSL as well. You can also see https://github.com/politburo/politburo which is a Ruby DSL written on top of Babushka.

    Reply
  3. mestachs says:
    January 18, 2014 at 3:34 am

    Looks like https://github.com/garethr/prodder/ is pushing a bit further the ssl/http headers/open ports.
    Another, more generic, framework is gauntlt : http://gauntlt.org/

    Reply

Leave a Comment

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s