alexharv074.github.io

My blog

View on GitHub
4 December 2018

Configuring the Test Kitchen EC2 driver

by Alex Harvey

This is an update of sorts to my earlier blog post Integration testing using Ansible and Test Kitchen after I spent the day figuring out how to configure the kitchen-ec2 driver.

Use of .kitchen.local.yml

Since some of the data for configuring the EC2 plugin is likely to be somewhat sensitive, I have used the .kitchen.local.yml override mechanism and redacted data in this post.

Gemfile

To install kitchen-ec2 I had to add the following line to Gemfile:

gem 'kitchen-ec2'

I also deleted the kitchen-vagrant line for the driver it replaces.

Authentication

In the demo, I used an EC2 instance that already had the right IAM credentials to manage other EC2 instances. As such, there was no need to configure anything here.

Changes to the platform config

In the platform -> driver section, I specified an AMI ID:

platforms:
  - name: centos-7.2
    driver:
      image_id: ami-123456780abcdef12

Changes to the driver config

In order to tell AWS of the VPC to in which to launch the EC2 instance, I provided a subnet ID and a region in .kitchen.local.yml.

I also specified the Instance Type here, and the SSH Key Pair to use. Note that I had to specify both the Key Pair name on the AWS side, and the path to the actual key file, and the user to login as. Finally, I also found I could specify instance tags here. I ended up with this:

# .kitchen.yml
driver:
  name: ec2
  instance_type: t2.medium

transport:
  ssh_key: /home/alexharvey/.ssh/id_rsa
  username: ec2-user
# .kitchen.local.yml
driver:
  region: ap-southeast-2
  subnet_id: subnet-1234567890abcdef0
  iam_profile_name: instance-profile
  aws_ssh_key_id: key-pair-name
  tags:
    foo: bar
    baz: qux

Troubleshooting

I lost some time on some confusing Test Kitchen error messages. This sections documents those learnings.

The image id does not exist

At one point I encountered a confusing error message:

Failed to complete #create action: [The image id '[ami-123456780abcdef12]' does not exist] on master-centos-72

I found this thread that appeared relevant, that explained that the error message can be misleading.

Next I tried connecting directly from the Ruby SDK:

require 'aws-sdk'
client = Aws::EC2::Client.new(region: 'ap-southeast-2', credentials: Aws::InstanceProfileCredentials.new)
client.describe_images({image_ids: ['ami-123456780abcdef12']})

That proved that the SDK itself could connect and list images. Eventually I found I could just unconfigure the authorisation credentials completely and it just worked.

EC2 instance terminated outside of Test Kitchen

Also confusing: If you terminate the EC2 instance outside of the kitchen destroy workflow, this issue will be encountered. To fix up from that, it was necessary to just delete the YAML file in .kitchen. After that, kitchen list showed the not created state again.

Running the tests

After this setup, it was then possible to run the tests normally using:

bundle exec kitchen test master-centos-72
tags: test-kitchen