2

I'm using Terraform to automate build out of an AWS EC2 based docker host and then using its remote exec option to download a docker file, build and run it.

I'd hoped to integrate this with Serverspec but am struggling to work out two things:

  1. The best way to pass the external dns of the newly created AWS EC2 instance to Serverspec.

  2. How to configure the SSH options for Serverspec so that it executes correctly on an Amazon Linux AMI using the ec2-user account.

I would normally connect to the EC2 instance using a pre-defined key pair and never use a password however ServerSpec seems to run commands on the server with a sudo -p format.

Any advice much appreciated.

Contents of spec_helper.rb

require 'serverspec'
require 'net/ssh'

set :ssh_options, :user => 'ec2-user'

Also using edited rakefile as follows to force correct EC2 external dns (masked):

require 'rake'
require 'rspec/core/rake_task'

hosts = %w(
  ec2-nn-nn-nn-nnn.eu-west-1.compute.amazonaws.com
)

set :ssh_options, :user => 'ec2-user'

task :spec => 'spec:all'

namespace :spec do
  task :all => hosts.map {|h| 'spec:' + h.split('.')[0] }
  hosts.each do |host|
    short_name = host.split('.')[0]
    role       = short_name.match(/[^0-9]+/)[0]

    desc "Run serverspec to #{host}"
    RSpec::Core::RakeTask.new(short_name) do |t|
      ENV['TARGET_HOST'] = host
      t.pattern = "spec/Nexus/*_spec.rb"
    end
  end
end
user1229364
  • 23
  • 4
  • I've had more success replacing server spec with chef inspec. It is much easier to invoke. I'm sure there are other trade offs however for my use case it is working better. – user1229364 Jun 20 '16 at 22:09

1 Answers1

1

  1. You could make the IP address an output in Terraform. In fact, the link gives an example doing just that to get the IP address of an AWS instance, named web in this case:

    output "address" {
    value = "${aws_instance.web.public_dns}"
}

    Then you can get this value from the command line after a terraform apply with terraform output address.

  2. You can set the sudo password with the config option :sudo_password. If the ec2-user can run sudo without a password, set this to ''. (See this blog post for an example.) Or pass it in the SUDO_PASSWORD environment variable, described here: http://serverspec.org/tutorial.html

Karen B
  • 2,693
  • 1
  • 17
  • 19
  • Thanks for your help. I'm still struggling to work out the exact content I need in rakefile and spec_helper.rb for a simple test for a single host setting the Net:SSH user to ec2-user. – user1229364 Jun 19 '16 at 21:29
  • Adding the line set :ssh_options, :user => 'ec2-user' to either file does not work. It still tries to connect to the EC2 host using my mac username. – user1229364 Jun 19 '16 at 21:41