|
I like to think to myself "If I had to verify this server manually what would I check?" and write automated tests for those. Usually, it's a few high level/important checks for critical services, ports, packages, and users. For configuration files I check for one setting and if it's there assume the rest are correct. Ultimately, it's mostly going by gut and balancing level of effort in maintaining a test vs increased level of confidence in the deployment from having said test. Some tools out there: * https://github.com/aelsabbahy/goss - YAML, simple, self-contained binary, extremely fast. * https://github.com/indusbox/goss-ansible - Ansible module for goss, never used this, but you might find it useful * http://serverspec.org/ - Ruby, most popular infra testing tool * https://github.com/chef/inspec - Ruby, looks like an improved serverspec, almost same syntax, made by the chef guys * https://github.com/philpep/testinfra - Python, don't know much about it, but mentioning it since Ansible is Python. Spend a little bit of time experimenting with all of them, see which one you like. Full disclosure: I'm the author of goss. |