Integration testing with Chef

Question

I didn't see a great solution for this elsewhere and I think integration testing is necessary because:

1. Chef solo doesn't support all features like encrypted databags which is a crucial advantage that Chef has over other config mgmt.
2. ChefSpec is good for unit testing but not integration testing.
3. Using the production Chef Server for testing runs the risk that production machines run chef-client and get buggy configuration

Answer 1

chef Zero is the answer to this very old question. It does handle encrypted databags.

In the suite you can provide the below

data_bags_path: <<Data_Bags_PATH>>
encrypted_data_bag_secret_key_path: <<Secret_Key_PATH>>

Answer 2

You are probably looking for linting + integration testing.

1. Linting : Use Foodcritic. It also goes well with your CI tool. If you would like to be more adventurous and would like to test it against ruby best practices, use Rubocop.

2. Unit Testing : Chef Spec as you mentioned

3. Test Kitchen: This is purely integration testing. Its actually a framework and you could choose which driver to use (vm, cloud etc.) which provisioner to use (chef, pupept, ansible etc. ) , and which test suite to use (bash/bats, serverspec) etc.

Apart from this, Chef Zero is awesome to test against chef-server when you dont have access to a real one. Its in memory, ephemeral server simulator of types logically.

Answer 3

1. Setup a free chef test server on opscode.com (download the starter kit).
2. Change your knife.rb connect to different servers depending on a simple environment variable, i.e. CHEF_TEST=true
3. While testing with vagrant or other test environments, export CHEF_TEST=true
4. Update your new test server with your Chef stuffs ./update_all.bash
5. Run knife bootstrap as per usual to test with vagrant.

knife.rb

current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT

if ENV['CHEF_TEST'] == 'true'
  puts 'Running knife on test chef server...'
  node_name                "acmetest"
  client_key               "#{current_dir}/acmetest.pem"
  validation_client_name   "acmetest-validator"
  validation_key           "#{current_dir}/acmetest-validator.pem"
  chef_server_url          "https://api.opscode.com/organizations/acmetest"
  cache_type               'BasicFile'
  cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
  cookbook_path            ["#{current_dir}/../cookbooks"]
else
  puts 'Running knife on production chef server...'
  node_name                "acme"
  client_key               "#{current_dir}/acme.pem"
  validation_client_name   "acme-validator"
  validation_key           "#{current_dir}/acme-validator.pem"
  chef_server_url          "https://api.opscode.com/organizations/acme"
  cache_type               'BasicFile'
  cache_options            path: "#{ENV['HOME']}/.chef/checksums"
  cookbook_path            ["#{current_dir}/../cookbooks"]
end

update_all.bash

#!/bin/bash
knife cookbook upload --all
knife role from file roles/*.rb
knife data bag from file --all
knife environment from file --all