Goss - Quick and Easy server validation
Quick and Easy server testing/validation
Under Apache License 2.0
By aelsabbahy
Quick and Easy server testing/validation
Under Apache License 2.0
By aelsabbahy
Goss - Quick and Easy server validation
**
Note: For an even faster way of doing this, see: autoadd
Note: For testing docker containers see the dgoss wrapper. Also, user submitted wrapper scripts for Kubernetes kgoss and Docker Compose dcgoss.
Note: For some Docker/Kubernetes healthcheck, health endpoint, and
container ordering examples, see my blog post
here.
Goss is a YAML based serverspec alternative tool for validating a server’s configuration. It eases the process of writing tests by allowing the user to generate tests from the current system state. Once the test suite is written they can be executed, waited-on, or served as a health endpoint.
Note: For macOS and Windows, see: platform-feature-parity.
This will install goss and dgoss.
Note: Using curl | sh is not recommended for production systems, use manual installation below.
```bash
curl -fsSL https://goss.rocks/install | sh
curl -fsSL https://goss.rocks/install | GOSS_VER=v0.3.6 GOSS_DST=~/bin sh
```
```bash
curl -L https://github.com/aelsabbahy/goss/releases/latest/download/goss-linux-amd64 -o /usr/local/bin/goss
chmod +rx /usr/local/bin/goss
curl -L https://github.com/aelsabbahy/goss/releases/latest/download/dgoss -o /usr/local/bin/dgoss
chmod +rx /usr/local/bin/dgoss
```
```bash
VERSION=v0.3.10
curl -L "https://github.com/aelsabbahy/goss/releases/download/${VERSION}/goss-linux-amd64" -o /usr/local/bin/goss
chmod +rx /usr/local/bin/goss
VERSION=v0.3.10
curl -L "https://github.com/aelsabbahy/goss/releases/download/${VERSION}/dgoss" -o /usr/local/bin/dgoss
chmod +rx /usr/local/bin/dgoss
```
bash
make build
Documentation is available here: manual
An initial set of tests can be derived from the system state by using the add or autoadd commands.
Let's write a simple sshd test using autoadd.
```txt
$ sudo goss autoadd sshd
```
Generated goss.yaml:
yaml
$ cat goss.yaml
port:
tcp:22:
listening: true
ip:
- 0.0.0.0
tcp6:22:
listening: true
ip:
- '::'
service:
sshd:
enabled: true
running: true
user:
sshd:
exists: true
uid: 74
gid: 74
groups:
- sshd
home: /var/empty/sshd
shell: /sbin/nologin
group:
sshd:
exists: true
gid: 74
process:
sshd:
running: true
Now that we have a test suite, we can:
```txt
goss validate
...............
Total Duration: 0.021s # <- yeah, it's that fast..
Count: 15, Failed: 0
```
txt
goss --vars vars.yaml validate
txt
goss validate --retry-timeout 30s --sleep 1s
```txt
goss serve &
curl localhost:8080/healthz
goss serve --format json &
curl localhost:8080/healthz
goss serve --format json &
curl -H "Accept: application/vnd.goss-rspecish" localhost:8080/healthz
```
Goss files can be manually edited to use:
title and meta (arbitrary data) attributes are persisted when adding other resources with goss addSome examples:
```yaml
user:
sshd:
title: UID must be between 50-100, GID doesn't matter. home is flexible
meta:
desc: Ensure sshd is enabled and running since it's needed for system management
sev: 5
exists: true
uid:
# Validate that UID is between 50 and 100
and:
gt: 50
lt: 100
home:
# Home can be any of the following
or:
- /var/empty/sshd
- /var/run/sshd
package:
kernel:
installed: true
versions:
# Must have 3 kernels and none of them can be 4.4.0
and:
- have-len: 3
- not:
contain-element: 4.4.0
# Loaded from --vars YAML/JSON file
{{.Vars.package}}:
installed: true
{{if eq .Env.OS "centos"}}
# This test is only when $OS environment variable is set to "centos"
libselinux:
installed: true
{{end}}
```
goss works well on Linux, but support on Windows & macOS is alpha. See platform-feature-parity.
The following tests have limitations.
Package:
Service: