Search⌘ K
Home
Courses
Go for DevOps

Validating Images With Goss

Explore how to use the Goss tool to validate server configurations via YAML spec files and integrate these checks into Packer workflows. Learn to create spec files, automate validations for services, files, and processes, and ensure your AMI images meet expectations before deployment.

We'll cover the following...

Goss is a tool for checking server configurations using a spec file written in YAML. This way, we can test that the server is working as expected. This can be from testing access to the server over SSH using expected keys to validating that various processes are running.

Not only can Goss test our server for compliance, but it can be integrated with Packer. That way, we can test that our server is running as expected during the provisioning step and before deployment.

Let's have a look at making a Goss spec file.

Creating a spec file

A spec file is a set of instructions that tells Goss what to test for.

There are a couple of ways to make a spec file for Goss. The spec file is used by Goss to understand what it needs to test.

While we could write it by hand, the most efficient way is to use one of two Goss commands:

  • goss add

  • goss autoadd

The most efficient way to use Goss is to launch a machine with our custom AMI, log in using the ubuntu user, and use autoadd to generate the YAML file.

Once logged onto our AMI instance, let's run the following:

C++
goss -g process.yaml autoadd sshd

This will generate a process.yaml file with the following content:

YAML
service:
  sshd:
    enabled: true
    running: true
user:
  sshd:
    exists: true
    uid: 110
    gid: 65534
    groups:
    - nogroup
    home: /var/run/sshd
    shell: /usr/sbin/nologin
process:
  sshd:
    running: true

This states that we expect the following: ...