As configuration management software has matured, engineers have recognized the importance of testing and validation. A comprehensive set of tools has been been developed around configuration management software such as Chef, Puppet, Ansible and others that allow you to test your configuration management scripts.

One of these tools is Serverspec, which is an RSpec testing framework for checking that servers are configured correctly by testing their actual state.

Serverspec can execute its tests on a remote host (such as a Cumulus Linux switch) via. SSH. The tests express how the system should be configured and Serverspec will test that the current system configuration meets those expectations.

Using Serverspec to validate your switch configuration means that you can make changes to your configuration management scripts and be confident that the changes have been applied correctly and worked as intended.

Getting started

Because Serverspec natively supports Cumulus Linux, all you have to do is install Serverspec and create your tests. If you’ve never used Serverspec before, the serverspec-init command will create an example called sample_spec.rb. Adding your own files is very simple; just make sure the filename ends in _spec.rb and the first line of the file is require 'spec_helper'

Writing tests

Individual Serverspec tests are short sections of code that express:

  • The resource being tested
  • The configuration to which the resource is expected to conform

Different tests can be applied, depending on which resource type (such as a bridge, route or interface) is being tested.

Serverspec supports a large number of resources but we’ll focus on the ones that are probably more interesting when you’re testing a switch.

Testing Interfaces

The interface resource can be used to test the existence of a network interface or switch port, its speed and the IP address(es) associated with it. For example, to check that the switch port swp40 was configured with the IP address 192.168.0.4, run:

describe interface('swp40') do
  it { should exist }
  it { should have_ipv4_address('192.168.0.4') }
end

Testing Bridges

We contributed a bridge resource that can be used to test if a Linux bridge exists and that the correct interfaces or switch ports belong to it. For example, to check that the bridge br0 exists and the switch ports swp12 and swp13 were both connected to it, run:

describe bridge('br0') do
  it { should exist }
  it { should have_interface('swp12') }
  it { should have_interface('swp13') }
end

Testing Routes

The routing_table resource can be used to test static routing table entries. For example, to check that the routing table contains a route for the 192.168.0.0/24 network on the switch port swp12, run:

describe routing_table do
  it do
    should have_entry(
      :destination => '192.168.0.0/24',
      :interface => 'swp12',
      :gateway => '192.168.0.1'
    )
  }
end

Putting it all together

Let’s assume we have a simple switch that is configured as follows

  1. A single port with the IP address 172.16.2.4
  2. One bridge, with two ports attached to it.
  3. A route for the 172.16.2.0/24 network.

Our tests could look something like the following:

require 'spec_helper'

describe interface('swp2') do
  it { should exist }
  it { should have_ipv4_address('172.16.2.4') }
end

describe bridge('bridge0') do
  it { should exist }
  it { should have_interface('swp38') }
  it { should have_interface('swp39') }
end

describe routing_table do
  it do
    should have_entry(
      :destination => '172.16.2.0/24',
      :interface => 'swp2'
    )
  end
end

Running Serverspec tests on a remote switch

Serverspec can run tests remotely via. SSH, provided you have a valid username and SSH key on the switch you want to test. Serverspec runs tests using sudo on the remote switch so the remote user must have either password-less sudo or you have to supply the sudo password to Serverspec.

Further information

Cumulus Networks maintains a series of Serverspec tests for the various demos we produce. These tests are a useful source of examples for writing your own tests.

There is a Knowledge Base article with more information on how to install and configure Serverspec for testing Cumulus Linux.

Related Links