Cucumber-puppet is a tool for specifying Puppet catalog behavior. It allows the specification of a catalog-wide policy and ensures compliance with it.
Cucumber-puppet is distributed as a gem and can be installed as usual.
$ gem install cucumber-puppet
Before writing your first feature, you have to setup the infrastructure in your Puppet directory. Assuming you develop your Puppet manifests in ~/puppet/.
$ cd ~/puppet $ cucumber-puppet-gen world
This installs some example step definitions for cucumber to ./features/steps/ and ensures the cucumber-puppet glue code is available. You can adapt cucumber-puppet to your needs in the
Before block in ./features/support/hooks.rb with the following variables:
@confdir Puppet's confdir defaults to /etc/puppet @manifest full path to the manifest to use defaults to @confdir + /manifests/site.pp @facts this is a hash of facter facts defaults to 'architecture' => '' 'domain' => 'no.domain' 'environment' => 'production' 'hostname' => 'testnode' 'lsbdistcodename' => '' 'network_eth0' => '127.0.0.0' 'operatingsystem' => ''
Facts can either be set globally as described above or from
Given steps which makes them specific to that scenario. It is also possible to load a node’s yaml file and compile a catalog for that specific node. See provided step definitions for further details.
Writing a catalog policy¶
A catalog policy is a list of rules that apply to all catalogs. Here is a simple policy that is distributed with cucumber-puppet:
$ cucumber-puppet-gen policy $ cat features/catalog/policy.feature Feature: General catalog policy In order to ensure applicability of a host's catalog As a manifest developer I want all catalogs to obey some general rules Scenario Outline: Compile and verify catalog Given a node specified by "features/yaml/<hostname>.example.com.yaml" When I compile its catalog Then compilation should succeed And all resource dependencies should resolve Examples: | hostname | | localhost |
There is one
Scenario per node and all policy rules (
Then steps) apply equally to all of them.
For catalog policies it makes sense to specify facts from a node file, so that Puppet compiles exactly the catalog that is later used by that node. Node files can be copied from your Puppet master, on Ubuntu systems they reside in /var/lib/puppet/yaml/node/.
If you have many nodes, it makes sense to generate Scenarios from a script and to limit scenario creation to unique nodes, that is if you have 100 identical desktop PCs, just verify the catalog against one of them. Catalog compilation is quite CPU-intense, so you want to keep the amount of catalogs to compile to a minimum.
Applying the policy¶
To apply the policy, execute it with
$ cucumber-puppet features/catalog/policy.feature
When you add further rules to your policy, cucumber-puppet will complain about missing step definitions. Add these to your step files as necessary and make your policy green.
For more information about writing cucumber features, see cucumber tutorials.
Source code is available from github.
Gems are available from rubygems.