dockerized test environments

the problem



Wanted to use the muppetforge.
With puppet 3.6 == babum!

Forge API changed since 3.2!
(latest release when muppetforge was developed)


the problem


"I'll write a suite of compatibility tests!"

Version on my system ->3.6
Versions on prod systems -> 3.2, 2.7

"Oh, shi..."

the problem


Change system version? "And the other versions?"

Parallel installs? "Yeah, whatnot. Was annoying enough when I did with Ruby."

Virtual machines? "SLLLLLOOOWWWW!!! And cloning VMs is a tad painful."

In the meantime...



Same day, I was toying with Docker...


"Let's try this."




What is it?



Frontend for LXC containers

+ versioning
+ build tool
+ repository/sharing

lxc containers


LXC is often considered as something in the middle between a chroot on steroids and a full fledged virtual machine



(inspired by Solaris domains and BSD jails)

why docker?

Fast. Milliseconds to boot an isolated environment

(Actually, first run of a container is slower due to image  download.)

why docker?

Easy to repeatedly build a reproducible environment
 
(Be careful about pinned vs. latest versions from repos, though.)

why docker?

Versioned, can start again from clean state.
  

why docker?

Repository of ready images, linkable to GitHub
 

why docker?

Security: container is isolated from host

  • kernel namespaces + cgroups
  • attack surface: unsecured access to the docker daemon || kernel bugs
  • beware of guest root

how docker?


Some use cases from the Docker site and around...

  • One-artifact builds ( w/ ecosystem)
  • Container-per-service 
  • Isolated build environments
  • HA clusters (+serf+HAproxy or similar stuff)
  • ?

nice stories



Sounds useful and versatile,
but requires further investigation and some PoC s.

So this is just one possible use case where I found it great.

back to the forge



So, had to test the forge VS. different versions of the puppet module tool.

the setup


"Test fixture container"

Running muppetforge w/  a preloaded puppet module.

Rebuilt every suite run with the latest compiled forge.

the setup


"Version test container"

With a pinned puppet version

Running a ruby test/unit suite

Built once

the setup


"Some Makefile magic"

Makefile uses Docker to build a test container for each version.

Runs them all, linking to fixture container

Fixture is stopped/re run each time (means clean state)

Overall green/red result via collecting exit codes.

the result


System version of puppet untouched.

Compile forge + build containers + run tests (3 versions) takes 18 seconds*.

Fully automated.

No VM that accumulates "dirty state" over time.

(*after the first run that downloads the base images and without dialyzer that takes other 25 seconds alone)

caveats/challenges


  • Cool stuff requires scripting
  • 1 process per container, must have own init process
  • Init must handle signals, orphaned processes & more 
  • DB handling?
  • Growth of number of images?
  • Not everything is easily configurable about the networking


next ?



  • replace mock?
  • lightweight webapps containers?
  •  ?




thanks





dockerized test environments

By Tsukihara Caligin

dockerized test environments

  • 1,399