Testing Dockerfiles with Serverspec
While there are many ways to test your code under Docker, for example puppet modules with dockunit, discussions about how to run acceptance checks against docker image and container creation are less common. In this post we’ll present one approach using the docker api and serverspec to test the creation and execution of a dockerised Redis.
As our first step we’ll create the directory we’ll be testing under and
a basic Dockerfile. For our examples we’ll go with a stock CentOS 7
container.
$ mkdir docker-serverspec-redis
$ cd blog-docker-serverspec-redis
$ cat <<EOF > Dockerfile
FROM centos:7
MAINTAINER Dean Wilson <dean.wilson@gmail.com>
EOFNow we have a basic, if uninteresting, Dockerfile we could run docker build . and manually explore inside the container to confirm everything’s
correct. Instead we’re going to be a little more lazy/ambitious and
automate the acceptance of the new image and containers started from it.
Before we run our tests we’ll install our testing requirements.
$ cat <<EOF > Gemfile
source 'https://rubygems.org'
gem 'docker-api', :require => 'docker'
gem 'serverspec'
EOF
$ bundle install
Fetching gem metadata from https://rubygems.org/.......
Resolving dependencies...
...
Your bundle is complete!
$ mkdir spec
$ cat <<EOF > .rspec
--format documentation
EOFBoilerplate complete we add the simplest check we can to test all our
dependencies are working. As we’re building a CentOS container we’ll
test to ensure /etc/centos-release is present. Add the following code to
spec/Dockerfile_spec.rb.
require "docker"
require "serverspec"
describe "Dockerfile" do
before(:all) do
@image = Docker::Image.build_from_dir('.')
set :os, family: :redhat
set :backend, :docker
set :docker_image, @image.id
end
describe file('/etc/centos-release') do
it { should be_file }
end
endIn our spec file we’re using the Docker api, via the docker gem, to
build our container from the Dockerfile located in our current
directory. Because this is done in the before(:all) block this will
happen only once and before any of our specs run. We then run our spec, using the Docker backend added to serverspec v0.4.0
and confirm we’re building a CentOS image as planned.
$ bundle exec rspec spec/Dockerfile_spec.rb
Dockerfile
File "/etc/centos-release"
should be file
Finished in 0.45969 seconds (files took 0.44155 seconds to load)
1 example, 0 failuresIf you have everything installed correctly then you should also see 1 example, 0 failure. Now we’re happy with our basic container let’s make
it actually do something. In our case we’ll install and run redis. If
you’re planning on running Redis in Docker anywhere other than this
little test case I’d suggest the
official redis docker image.
Taking a baby step we’ll add the redis package to our container.
$ cat <<EOF > Dockerfile
FROM centos:7
MAINTAINER Dean Wilson <dean.wilson@gmail.com>
RUN yum install -y epel-release
RUN yum install -y redis
EOFThen we add a test to ensure it gets installed. If you’re following along put the spec below
in spec/Dockerfile_spec.rb on line 16 and then rerun the spec tests.
describe package('redis') do
it { should be_installed }
end $ bundle exec rspec spec/Dockerfile_spec.rb
Dockerfile
File "/etc/centos-release"
should be file
Package "redis"
should be installed
Finished in 41.45 seconds (files took 0.42084 seconds to load)
2 examples, 0 failuresWe now reach the more complicated, and interesting, part of our
testing. We want to run redis inside the container and check that we can
connect to it. Below you can see the final version of our Dockerfile.
This will run redis inside our CentOS 7 container and bind it to port 6379 on all
interfaces.
$ cat <<EOF > Dockerfile
FROM centos:7
MAINTAINER Dean Wilson <dean.wilson@gmail.com>
RUN yum install -y epel-release
RUN yum install -y redis
EXPOSE 6379
ENTRYPOINT ["/usr/bin/redis-server", "/etc/redis.conf"]
CMD ["--bind", "0.0.0.0"]To test redis starts correctly, and presents a port to clients, we’ll need to actually start a container and test against it. The docker gem does the heavy lifting and manages the container itself. All we need to do is call it in the correct places inside our spec file.
REDIS_PORT = 6379
describe 'Dockerfile#running' do
before(:all) do
@container = Docker::Container.create(
'Image' => @image.id,
'HostConfig' => {
'PortBindings' => { "#{REDIS_PORT}/tcp" => [{ 'HostPort' => "#{REDIS_PORT}" }] }
}
)
@container.start
end
############################
# tests go here
############################
after(:all) do
@container.kill
@container.delete(:force => true)
end
endThese two chunks of code, as the names imply, run before and after
(respectively) all the specs inside this scope. This ensures that we have
a running container to test against. The container itself is started
by Docker::Container.create inside the before(:all) do block. We
clean everything back up, including stopping the container and removing
the image, in the after(:all) do block. If you need to retain an image
after your specs have run, for example to perform exploratory testing,
remove the @container.delete(:force => true) line and you can manually
spin the container back up and use your normal tools against it.
Now we’ve seen the interesting parts of the code let’s increase our spec
coverage a little and add checks to ensure we can read and write a key
in the redis data store and confirm redis-cli runs against it. We’ll
also check we expose the Redis port from our container as an example of
testing the containers configuration.
require 'docker'
require 'serverspec'
require 'redis'
REDIS_PORT = 6379
describe "Dockerfile" do
before(:all) do
@image = Docker::Image.build_from_dir('.')
set :os, family: :redhat
set :backend, :docker
set :docker_image, @image.id
end
describe 'Dockerfile#config' do
it 'should expose the redis port' do
expect(@image.json['ContainerConfig']['ExposedPorts']).to include("#{REDIS_PORT}/tcp")
end
end
describe file('/etc/centos-release') do
it { should be_file }
end
describe package('redis') do
it { should be_installed }
end
describe 'Dockerfile#running' do
before(:all) do
@container = Docker::Container.create(
'Image' => @image.id,
'HostConfig' => {
'PortBindings' => { "#{REDIS_PORT}/tcp" => [{ 'HostPort' => "#{REDIS_PORT}" }] }
}
)
@container.start
end
describe 'round trip a key' do
it 'should be able to write and read a key' do
redis = Redis.new(:host => '127.0.0.1')
redis.set('test_key', 'hello world')
expect(redis.get('test_key') == 'hello world')
end
end
# doesn't work
#describe port("6379") do
# it { should be_listening.on('0.0.0.0') }
#end
describe command('redis-cli info') do
its(:stdout) { should match /redis_version:/ }
end
after(:all) do
@container.kill
@container.delete(:force => true)
end
end
endIn the full example file above you might notice the commented out
describe port("6379") spec. I’m unsure why but I couldn’t get this to
work in my testing. Instead we explicitly call out to the redis gem
and use it to test both the connection and that the datastore is
read/write. To do this we need to add redis to our Gemfile.
$ cat <<EOF > Gemfile
source 'https://rubygems.org'
gem 'docker-api', :require => 'docker'
gem 'serverspec'
gem 'redis'
EOF
$ bundle installRunning the final version of our spec file we can now create, run and exercise our redis container.
$ bundle exec rspec spec/Dockerfile_spec.rb
Dockerfile
Dockerfile#config
should expose the redis port
File "/etc/centos-release"
should be file
Package "redis"
should be installed
Dockerfile#running
round trip a key
should be able to write and read a key
Command "redis-cli info"
stdout
should match /redis_version:/
Finished in 1.23 seconds (files took 0.42603 seconds to load)
5 examples, 0 failuresIf you’re already using ruby and serverspec then this can be a simple way to add some repeatable acceptance tests to your containers. If you’re more of a python person all of the presented concepts will work with testinfra and the native python Docker API client. Now, to go add a few of these to my jenkins deploy.