Infrastructure test becomes more important. There are several tools for continuous delivery of infrastructure layer.
KitchenCI (test-kitchen) provides a test harness to execute infrastructure code on one or more platforms in isolation.
Although KitchenCI uses Vagrant to operate virtual machines in default, kitchen-docker enables docker driver to operate on docker container.
We can realize automated infrastructure test on drone.io by this plugin.
Docker in Docker
Drone runs a test on docker container. Because KitchenCI builds container and provisions Chef recipes into it, What executing KitchenCI on drone means building container in the container. It is called Docker in Docker (dind).
We need a small work to run dind, officially dind images are provided on docker hub. A tag including “dind” is for dind usage.
Firstly, you need to write services section in .drone.yml to enable dind. Port 2375 is docker port. You need to turn on “Trusted” flag on your project because dind image requires the privileged flag.
|– kitchen test|
|command: [ "–storage-driver=vfs", "–tls=false" ]|
Because the ChefDK package does not installed kitchen-docker, you must prepare installed docker image. This article uses aberrios85/drone-kitchen.
When using docker socket of dind from other containers, set DOCKER_HOST as follows, turn reference port to what set in the service section.
|– docker info|
To use dind docker socket in KitchenCI, change config file .kitchen.yml as follows. Socket section enables to change the docker port.
It will take a long time to create, converge, setup, verify and destroy, however, automated infrastructure test will work well.
Running dind containers without the trusted flag
The trusted flag can be set only administrators, the general user feels pain.
If only reliable users access to the drone, setting the environment variable DRONE_ESCALATE to docker on drone server, drone makes privileged enable automatically.