InSpec的说明可以在这里找到:https://downloads.chef.io/inspec。在Linux平台上,可以通过运行以下命令安装Goss和Container Structure Test二进制文件:
curl -L https://github.com/aelsabbahy/goss/releases/download/v0.3.6/goss-linux-amd64 -o goss && chmod +x goss curl -L https://raw.githubusercontent.com/aelsabbahy/goss/master/extras/dgoss/dgoss -o dgoss && chmod +x dgoss curl -L https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64 -o container-structure-test && chmod +x container-structure-test安装好所有二进制文件并将它们添加到系统路径中,然后就可以通过shell脚本运行测试。
测试配置
为了比较配置和测试执行过程的不同之处,我们提供了用于测试这三个框架的MySQL Server Docker镜像的示例文件:https://github.com/neumayer/mysql-server-image-tests。
可以通过以下命令来克隆它:
git clone https://github.com/neumayer/mysql-server-image-tests.git存储库中包含的配置文件:
mysql-server-inspec.rb
goss.yaml
mysql-server-container-structure-test.yml
让我们来依次查看这些文件,先从InSpec配置文件开始:
control 'container' do impact 0.5 describe docker_container('mysql-server') do it { should exist } it { should be_running } its('repo') { should eq 'mysql/mysql-server' } its('ports') { should eq '3306/tcp, 33060/tcp' } its('command') { should match '/entrypoint.sh mysqld' } end end control 'server-package' do impact 0.5 describe package('mysql-community-server-minimal') do it { should be_installed } its ('version') { should match '8.0.12.*' } end end control 'shell-package' do impact 0.5 describe package('mysql-shell') do it { should be_installed } its ('version') { should match '8.0.12.*' } end endInSpec通过profile和control来组织测试用例,其中control是较小的单元,是与给定主题相关的一组测试。第一个control叫“container”,针对宿主机器运行,与运行在localhost上的Docker守护进程通信,验证容器是否正在运行。另外两个control检查容器内的包。这种区别很重要,因为后两个control可以针对localhost、ssh主机或Docker容器运行。在我们的例子中,我们让它们针对容器运行,这样可以带来非常好的可重用性和灵活性。虽然我们在示例中只使用了Docker和包资源,但实际上control可以使用任何现有的InSpec资源。
下面是运行流程:
启动容器
针对localhost运行 “container” control
针对容器运行剩余的control
脚本看起来是这样的:
docker run -d --name mysql-server mysql/mysql-server inspec exec mysql-server-inspec.rb --controls container inspec exec mysql-server-inspec.rb -t docker://mysql-server --controls server-package如果运行成功,InSpec将输出以下内容:
Profile: tests from mysql-server-inspec.rb (tests from mysql-server-inspec.rb) Version: (not specified) Target: local:// ✔ container: Docker Container mysql-server ✔ Docker Container mysql-server should exist ✔ Docker Container mysql-server should be running ✔ Docker Container mysql-server repo should eq "mysql/mysql-server" ✔ Docker Container mysql-server ports should eq "3306/tcp, 33060/tcp" ✔ Docker Container mysql-server command should match "/entrypoint.sh mysqld" Profile Summary: 1 successful control, 0 control failures, 0 controls skipped Test Summary: 5 successful, 0 failures, 0 skipped Profile: tests from mysql-server-inspec.rb (tests from mysql-server-inspec.rb) Version: (not specified) Target: docker://d06da2588b80a4ee9b839b55c2f719ab9e860904eeb831b71488704f50f8b994 ✔ server-package: System Package mysql-community-server-minimal ✔ System Package mysql-community-server-minimal should be installed ✔ System Package mysql-community-server-minimal version should match "8.0.12.*" Profile Summary: 1 successful control, 0 control failures, 0 controls skipped Test Summary: 2 successful, 0 failures, 0 skipped