dockerized test environments
the problem
Forge API changed since 3.2!
(latest release when muppetforge was developed)
the problem
"I'll write a suite of compatibility tests!"
Version on my system ->3.6
Versions on prod systems -> 3.2, 2.7
"Oh, shi..."
the problem
Change system version? "And the other versions?"
Parallel installs? "Yeah, whatnot. Was annoying enough when I did with Ruby."
Virtual machines? "SLLLLLOOOWWWW!!! And cloning VMs is a tad painful."
In the meantime...
Same day, I was toying with Docker...
"Let's try this."
What is it?
Frontend for LXC containers
+ versioning
+ build tool
+ repository/sharing
lxc containers
LXC is often considered as something in the middle between a chroot on steroids and a full fledged virtual machine
[from LXC official site]
(inspired by Solaris domains and BSD jails)
why docker?
Fast. Milliseconds to boot an isolated environment
(Actually, first run of a container is slower due to image download.)
why docker?
Easy to repeatedly build a reproducible environment
(Be careful about pinned vs. latest versions from repos, though.)
why docker?
Versioned, can start again from clean state.
why docker?
Repository of ready images, linkable to GitHub
why docker?
Security: container is isolated from host
- kernel namespaces + cgroups
- attack surface: unsecured access to the docker daemon || kernel bugs
- beware of guest root
how docker?
Some use cases from the Docker site and around...
- One-artifact builds ( w/ ecosystem)
- Container-per-service
- Isolated build environments
- HA clusters (+serf+HAproxy or similar stuff)
- ?
nice stories
Sounds useful and versatile,
but requires further investigation and some PoC s.
So this is just one possible use case where I found it great.
back to the forge
So, had to test the forge VS. different versions of the puppet module tool.
the setup
"Test fixture container"
Running muppetforge w/
a preloaded puppet module.
Rebuilt every suite run with the latest compiled forge.
the setup
"Version test container"
With a pinned puppet version
Running a ruby test/unit suite
Built once
the setup
"Some Makefile magic"
Makefile uses Docker to build a test container for each version.
Runs them all, linking to fixture container
Fixture is stopped/re run each time (means clean state)
Overall green/red result via collecting exit codes.
the result
System version of puppet untouched.
Compile forge + build containers + run tests (3 versions) takes 18 seconds*.
Fully automated.
No VM that accumulates "dirty state" over time.
(*after the first run that downloads the base images and without dialyzer that takes other 25 seconds alone)
caveats/challenges
-
Cool stuff requires scripting
- 1 process per container, must have own init process
- Init must handle signals, orphaned processes & more
- DB handling?
- Growth of number of images?
- Not everything is easily configurable about the networking
next ?
- replace mock?
- lightweight webapps containers?
- ?
thanks
dockerized test environments
By Tsukihara Caligin
