Skip to content

jwalzer/goss

 
 

Repository files navigation

Goss - Quick and Easy server validation

Build Status Github All Releases

Goss in 45 seconds

Note: For an even faster way of doing this, see: autoadd

asciicast

Introduction

What is goss?

Goss is a serverspec-like tool for validating a server's configuration. It eases the process of generating tests by assuming the user already has a properly configured machine from which they can derive system state. Once the test suite is generated they can be executed on any other host for the full TDD experience.

Why use goss?

  • Goss is EASY! - Goss in 45 seconds
  • Goss is FAST! - small-medium test suits are near instantaneous, see benchmarks
  • Goss is SMALL! - <2MB single self-contained binary
  • Goss is UNIXY! - does one thing and does it well, chainable through pipes

Installation

curl -L https://github.com/aelsabbahy/goss/releases/download/v0.1.6/goss-linux-amd64 > /usr/local/bin/goss && chmod +rx /usr/local/bin/goss

Full Documentation

Documentation is available here: https://github.com/aelsabbahy/goss/blob/master/docs/manual.md

Quick start

Writing a simple sshd test

An initial set of tests can be derived from the system state by using the add or autoadd commands.

Let's write a simple sshd test using autoadd.

$ goss autoadd sshd
Adding Group to 'goss.yaml':

sshd:
  exists: true
  gid: 74


Adding Process to 'goss.yaml':

sshd:
  running: true


Adding Service to 'goss.yaml':

sshd:
  enabled: true
  running: true


Adding User to 'goss.yaml':

sshd:
  exists: true
  uid: 74
  gid: 74
  groups:
  - sshd
  home: /var/empty/sshd

We can now run our test by using goss validate:

$ goss validate
..........

Total Duration: 0.016s
Count: 10, Failed: 0

As you can see goss tests are extremely fast, we were able to validate our system state in 16ms!

Patterns, matchers and metadata

Goss files can be manually edited to match:

  • Patterns
  • Advanced Matchers.
  • title and meta (arbitrary data) attributes are persisted when adding other resources with goss add

Some examples:

user:
  sshd:
    title: UID must be between 50-100, GID doesn't matter. home is flexible
    meta:
      desc: Ensure sshd is enabled and running since it's needed for system management
      sev: 5
    exists: true
    uid:
      # Validate that UID is between 50 and 100
      and:
        gt: 50
        lt: 100
    home:
      # Home can be any of the following
      or:
      - /var/empty/sshd
      - /var/run/sshd

package:
  kernel:
    installed: true
    versions:
      # Must have 3 kernels and none of them can be 4.4.0
      and:
      - have-len: 3
      - not:
          contain-element: 4.4.0

Supported resources

  • addr - addr is reachable
  • command - command, exit status and outputs
  • dns - dns is resolvable
  • file - file exists, owner/perm, content
  • group - group, uid
  • package - package is installed, versions
  • port - port is listening, listening ip
  • process - process is running
  • service - running, enabled
  • user - uid, home, etc..

Supported output formats

  • rspecish (default) - Similar to rspec output
  • documentation - Verbose test results
  • JSON - Detailed test result
  • TAP
  • JUnit
  • nagios - Nagios/Sensu compatible output /w exit code 2 for failures.

Community Contribuations

Limitations

Currently goss only runs on Linux.

The following tests have limitations.

Package:

  • rpm
  • deb
  • Alpine apk
  • pacman

Service:

  • systemd
  • sysV init
  • OpenRC init
  • Upstart

About

Quick and Easy server validation

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Go 96.4%
  • Shell 2.4%
  • Makefile 1.2%