Last active
December 30, 2018 21:37
-
-
Save githubfoam/5be6343291cc251d8bb24da3ed690801 to your computer and use it in GitHub Desktop.
test-kitchen cheat sheet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #1st method Install bundler,ruby,rbenv | |
| curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash - | |
| curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - | |
| echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list | |
| sudo apt-get update -y | |
| sudo apt-get install -y git-core curl zlib1g-dev build-essential libssl-dev libreadline-dev | |
| sudo apt-get install -y libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev libcurl4-openssl-dev software-properties-common libffi-dev nodejs yarn | |
| git clone https://github.com/rbenv/rbenv.git ~/.rbenv | |
| echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc | |
| echo 'eval "$(rbenv init -)"' >> ~/.bashrc | |
| exec $SHELL | |
| git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build | |
| echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc | |
| exec $SHELL | |
| rbenv install 2.5.1 | |
| rbenv global 2.5.1 | |
| ruby -v | |
| gem install bundler | |
| bundle exec kitchen version | |
| # sample Gemfile | |
| mkdir ansible-kitchen | |
| cd ansible-kitchen/ | |
| sudo vi Gemfile | |
| bundle install --path vendor/bundle | |
| ============================================================================ | |
| #2nd method, Install chef DK (Host is unix/linux) | |
| wget https://packages.chef.io/files/stable/chefdk/3.5.13/ubuntu/16.04/chefdk_3.5.13-1_amd64.deb | |
| sudo dpkg -i chefdk_3.5.13-1_amd64.deb | |
| chef --version | |
| bundle update -> to download the serverspec dependency | |
| bundle exec kitchen -> create toboot up the machinebundle exec | |
| bundle exec kitchen login -> log in and check what’s on the machine | |
| bundle exec kitchen converge -> Runs your Ansible playbook inside the created environment | |
| bundle exec kitchen verify -> Runs your ServerSpec tests against the environment | |
| bundle exec kitchen destroy -> Destroys your environment, meaning that the next converge will be run in a clean environment | |
| bundle exec kitchen destroy -> A helper method that runs kitchen create && kitchen converge && kitchen verify && kitchen destroy . | |
| If your tests do not pass, the environment will still be available to kitchen login to examine. If your tests do pass, the environment | |
| is automatically destroyed. | |
| ============================================================================ | |
| Kitchen Workflow | |
| •kitchen create | |
| •kitchen converge | |
| •kitchen verify | |
| •kitchen destroy | |
| All at once with | |
| kitchen test | |
| ============================================================================ | |
| # Test Kitchen drivers are gem libraries available for download from http://rubygems.org | |
| # list all the Test Kitchen gems currently available | |
| kitchen driver discover | |
| kitchen login INSTANCE | |
| # Add Test Kitchen support to the project using the default kitchen-vagrant driver by running kitchen init | |
| kitchen init --create-gemfile | |
| # Run the following kitchen init command to add Test Kitchen support to your project using the kitchen-docker driver | |
| kitchen init --driver=kitchen-docker --create-gemfile | |
| # two environment variables can be used that instruct respectively test kitchen and Vagrant to be more verbose about their output: | |
| export KITCHEN_LOG=‘debug’ | |
| export VAGRANT_LOG=‘debug’ | |
| ============================================================================ | |
| #2nd method, Install chef DK (Host is windows 10x) | |
| Install the latest chef development kit from here. https://downloads.chef.io/chef-dk/ | |
| chef --version | |
| Create a repo,chef-repo is the custom name given by the user | |
| chef generate repo chef-repo | |
| Test Driven Workflow | |
| create a cookbook,a cookbook named webserver | |
| chef generate cookbook webserver | |
| find the kitchen.yml file in the webserver folder | |
| # | |
| install Rspec | |
| gem install rspec | |
| RVM stands for Ruby enVironment Manager,difficult to have more than one version of Ruby on your computer. | |
| create a project folder and a Gemfile, | |
| source :rubygems | |
| gem "sinatra" | |
| gem "shotgun" | |
| gem "cucumber" | |
| gem "capybara" | |
| gem "rspec" | |
| in the project folder, run "bundle install" | |
| ============================================================================ | |
| test/integration | |
| |_ do_something <-- suite name (more on this later) | |
| |_ bats <-- busser (AKA the "tester") | |
| |_ my_test.bats <-- a test | |
| ============================================================================ | |
| @test "the thing is done correctly" { | |
| grep "some content" /var/my_file | |
| } | |
| ============================================================================ | |
| Run the following kitchen init command to add Test Kitchen support to your project using the kitchen-docker driver: | |
| $ kitchen init --driver=kitchen-docker --create-gemfile | |
| Run bundle install to download and install any required gems. | |
| $ bundle install | |
| ============================================================================ | |
| run a serverspec test using rake simply run the following | |
| rake spec | |
| view all your application’s rake tasks | |
| rake -T --all | |
| rake -T | |
| Creating a cron job that calls a rake task is almost as easy as typing the rake command into the command line. | |
| cd /Users/you/projects/myrailsapp && /usr/local/bin/rake RAILS_ENV=production myrailsapp:monthly_report | |
| ============================================================================ | |
| Ruby environment | |
| git clone https://github.com/sstephenson/rbenv.git ~/.rbenv | |
| echo ‘export PATH=“$HOME/.rbenv/bin:$PATH”’ >> ~/.bashrc | |
| echo ‘eval “$(rbenv init -)”’ >> ~/.bashrc | |
| exec $SHELL | |
| git clone https://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build | |
| rbenv install ruby_version | |
| ============================================================================ | |
| # list information about the operating system. | |
| inspec detect | |
| # execute your profile directly against your workstation. | |
| inspec exec /root/auditd | |
| # run a profile remotely | |
| inspec exec auditd -t ssh://root:password@target | |
| # run the auditd profile on your target system and format the output as JSON | |
| "inspec exec auditd -t ssh://root:password@target --reporter=json | jq ." | |
| "cat linux-baseline-results.json | jq . | tee linux-baseline-results-clean.json" | |
| # verify your profile is free of errors | |
| inspec check auditd | |
| # archive your profile | |
| inspec archive auditd | |
| # run test stored on Github locally | |
| inspec exec https://github.com/dev-sec/windows-patch-baseline | |
| # run test stored on Github on remote windows host on WinRM | |
| inspec exec https://github.com/dev-sec/windows-patch-baseline -t winrm://Administrator@windowshost --password 'your-password' | |
| # run InSpec directly from an archive | |
| inspec exec auditd-0.1.0.tar.gz -t ssh://root:password@target | |
| # publish your archive to a location where your systems can access it. | |
| # run the archived profile from that archive location | |
| inspec exec https://github.com/learn-chef/auditd/releases/download/v0.1.0/auditd-0.1.0.tar.gz -t ssh://root:password@target | |
| # get more info about a profile | |
| inspec supermarket info dev-sec/linux-baseline | |
| inspec supermarket info sliim/chef-client-hardening | |
| # Run the linux-baseline profile.Let's try this profile on your container | |
| inspec supermarket exec dev-sec/linux-baseline -t ssh://root:password@target | |
| # run the profile directly from the GitHub sources. | |
| inspec exec https://github.com/dev-sec/linux-baseline -t ssh://root:password@target | |
| # Run only certain controls.This approach still requires you to run the entire profile. | |
| inspec exec https://github.com/dev-sec/linux-baseline -t ssh://root:password@target | grep -A 7 package-08 | |
| # A better way might be to specify the --controls argument to run only certain controls | |
| inspec exec https://github.com/dev-sec/linux-baseline -t ssh://root:password@target --controls package-08 | |
| ============================================================================ | |
| create serverspec + inspect + RakeFile + Ansible + Test-kitchen project | |
| ============================================================================ | |
| # Install ruby on ubuntu 18.04 (via rbenv package manager) | |
| # Install rbenv and Dependencies | |
| sudo apt install autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm5 libgdbm-dev -y | |
| git clone https://github.com/rbenv/rbenv.git ~/.rbenv | |
| #add ~/.rbenv/bin to your $PATH so that you can use rbenv's command line utility. | |
| sed -i -e '$a\' -e 'export PATH="$HOME/.rbenv/bin:$PATH"' ~/.bashrc | |
| # adding ~/.rbenv/bin/rbenv init to your ~/.basrc file will let you load rbenv automatically | |
| sed -i -e '$a\' -e 'eval "$(rbenv init -)"' ~/.bashrc | |
| exec $SHELL (or source ~/.bashrc) | |
| type rbenv | |
| git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build | |
| echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc | |
| exec $SHELL | |
| rbenv install 2.5.1 | |
| rbenv global 2.5.1 | |
| ruby -v | |
| wget https://packages.chef.io/files/stable/chefdk/3.5.13/ubuntu/16.04/chefdk_3.5.13-1_amd64.deb | |
| sudo dpkg -i chefdk_3.5.13-1_amd64.deb | |
| chef --version | |
| sudo chef generate repo chef-repo | |
| cd chef-repo | |
| sudo chef generate cookbook webserver4 | |
| cd webserver4 | |
| # Bundler is a tool that manages gem dependencies for projects. | |
| sudo gem install bundler | |
| gem env home | |
| sudo vi Gemfile | |
| source 'https://rubygems.org' | |
| gem 'test-kitchen' | |
| gem 'kitchen-docker' | |
| gem 'kitchen-ansible' | |
| gem 'kitchen-inspec' | |
| gem 'serverspec' | |
| sudo chmod -R o+w webserver4 | |
| bundle install | |
| sudo serverspec-init | |
| Vagrant instance y/n: n | |
| Input target host name:<EMPTY> | |
| sudo rake -T --all | |
| sudo rake spec:unit | |
| sudo rake spec:default | |
| sudo rake spec:all | |
| sudo kitchen init --driver=kitchen-docker --create-gemfile | |
| Overwrite /opt/test7/chef-repo/webserver3/chefignore? (enter "h" for help) [Ynaqdhm] n | |
| !! | |
| sudo rm kitchen.yml | |
| sudo vi .kitchen.yml | |
| driver: | |
| name: docker | |
| We remove the chefignore file, as we don’t use chef in this case. | |
| sudo rm chefignore | |
| #turn off local documentation generation by creating a file called ~/.gemrc | |
| echo "gem: --no-document" > ~/.gemrc | |
| $ sudo rake -T --all | |
| rake default # | |
| rake kitchen:all # Run all test instances | |
| rake kitchen:converge # | |
| rake kitchen:converge:all # Run all converge instances | |
| rake kitchen:converge:default-centos-7 # | |
| rake kitchen:converge:default-ubuntu-1604 # | |
| rake kitchen:create # | |
| rake kitchen:create:all # Run all create instances | |
| rake kitchen:create:default-centos-7 # | |
| rake kitchen:create:default-ubuntu-1604 # | |
| rake kitchen:default-centos-7 # Run default-centos-7 test instance | |
| rake kitchen:default-ubuntu-1604 # Run default-ubuntu-1604 test instance | |
| rake kitchen:destroy # | |
| rake kitchen:destroy:all # Run all destroy instances | |
| rake kitchen:destroy:default-centos-7 # | |
| rake kitchen:destroy:default-ubuntu-1604 # | |
| rake kitchen:setup # | |
| rake kitchen:setup:all # Run all setup instances | |
| rake kitchen:setup:default-centos-7 # | |
| rake kitchen:setup:default-ubuntu-1604 # | |
| rake kitchen:verify # | |
| rake kitchen:verify:all # Run all verify instances | |
| rake kitchen:verify:default-centos-7 # | |
| rake kitchen:verify:default-ubuntu-1604 # | |
| rake spec # | |
| rake spec:all # | |
| rake spec:default # | |
| rake spec:unit # Run serverspec tests to unit | |
| ============================================================================ | |
| .kitchen.yml | |
| ============================================================================ | |
| driver_plugin: vagrant | |
| driver_config: | |
| require_chef_omnibus: true | |
| platforms: | |
| - name: ubuntu-12.04 | |
| driver_config: | |
| box: opscode-ubuntu-12.04 | |
| box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_ | |
| ubuntu-12.04_provisionerless.box | |
| ============================================================================ | |
| .kitchen.yml | |
| ============================================================================ | |
| --- | |
| driver: | |
| name: docker | |
| binary:docker | |
| use_sudo:false | |
| provisioner: | |
| name: chef_solo | |
| environments_path: environments | |
| coobooks_path: | |
| -cookbooks | |
| ohai: | |
| disabled_plugins: ["passwd"] | |
| platforms: | |
| - name:centos-7 | |
| driver_config: | |
| privileged: true | |
| memory:1512m | |
| volume: | |
| -/sys/fs/cgroup:/sys/fs/cgroup:ro | |
| provision_command: | |
| - echo"root:password" | chpasswd | |
| - sed-i 's/Defaults requiretty/#Defaults requiretty/g' /etc/sudoers | |
| suites: | |
| - name:default | |
| run_list: | |
| -recipe[c2b2_website::installapache] | |
| ============================================================================ | |
| .kitchen.yml | |
| ============================================================================ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment