Test Driven Devops

Illustration: 500 - Internal server errorI like to apply Test Driven Development to my sysadmin work. For example, every time I add a new redirect to a web server configuration I want to make sure I haven’t broken anything else. Further, I want my SSL configurations proactively checked daily for any possible error. I use Ruby RSpec and write tests like these:

describe 'My app' do
  context 'www.myapp.com' do
    it { should be_up }
    it { should have_a_valid_cert }

  it 'serves the www.myapp.com page without redirecting' do
    expect('http://www.myapp.com/about').to be_status 200

  it 'only serves via www' do
    expect('http://myapp.com').to redirect_permanently_to 'http://www.myapp.com/'

  it 'forces visitors to use https' do
  expect('myapp.com').to enforce_https_everywhere

When I want to make a configuration change, I first write a test for the desired outcome. Naturally, it fails while the old tests pass. I then work on the config change, re-running all the tests as I go, and am finished when they all pass. I also run these automatically from a cron job to get pro-active notification of new problems.

The phrases such as have_a_valid_cert are custom RSpec matchers; they’re added into the RSpec environment by this open source library on Github.  I’m also working on an app to run these specs in the cloud.

See also


  1. John Cooper says:

    I have been doing a similar thing using cucumber and some simple net/http tests. It works okay but I like the format of what you have done there. Looks a lot simpler. I’ll have a look at it in more detail at the next major change we are looking at.
    Any reason you are switching to python? Will this mean you are not updating this library?
    Thanks for sharing your code.

    1. Robb says:

      I’ll definitely be keeping this up to date; Ruby excels when it comes to test frameworks and Domain Specific Languages. I’d like to see what’s possible with Python because I find code written with it more maintainable.

  2. Arnab says:

    Your post reminds of something very similar – http://babushka.me/. Babushka is a tool for automating test-driven system admin tasks, you can check it out and see, it also has pretty nice DSL as well. You can also see https://github.com/politburo/politburo which is a Ruby DSL written on top of Babushka.

  3. mestachs says:

    Looks like https://github.com/garethr/prodder/ is pushing a bit further the ssl/http headers/open ports.
    Another, more generic, framework is gauntlt : http://gauntlt.org/

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s