@ChrisRohrer is organising a service development clinic for NRENS at the next Ubuntunet Connect conference in Addis (30-31 October). From initial discussions, this will be a bit of a mashup between DevOps Bootcamp format (previously held in Entebbe and Pretoria) and the e-Research Hackfest. Participants will be hacking their own services, and learning the tools of the trade as we go.
While we're still discussing the format and timetable, I wanted to bring one topic to the fore : testing.
I've spent the last few weeks investigating tools for running independent tests on infrastructure code, to have a better quality of deployment. Too often some provisioning code is written (say, a playbook and role), and it either misses or wrongly implements some aspect which is required down the line. In my case it was network security. I wanted to write tests independently of the deployment - with the hope that tests could be used as a concrete expression of an SLA or something. Like, if a site has a guideline on how to expose ports or usernames, or best practice benchmarks, or is monitored by Nessus or whatever.
This would better bridge the gap between Dev and Ops, and is something we really haven't taken into account yet, although we always professed to do so.
After taking a look around, the tools for testing are essentially :
These rely on ruby (Rspec) or python (pytest) frameworks, and can be mixed-and matched with various provisioners, testers, etc.
I think it would be nice to have a session where we go over the various options, to see what patterns are used, and then try to write specs for compliance with CIS benchmarks
If we're going to be using Ansible, there's a great new testing tool molecule which can be used to improve the dev cycle, where you init roles and tests at the same time, essentially implementing TDD for infrastructure.
@ChrisRohrer what do you think ?