Note: For an even faster way of doing this, see: autoadd
Goss is a serverspec-like tool for validating a server's configuration. It eases the process of generating tests by assuming the user already has a properly configured machine from which they can derive system state. Once the test suite is generated they can be executed on any other host for the full TDD experience.
- Goss is EASY! - Goss in 45 seconds
- Goss is FAST! - small-medium test suits are near instantaneous, see benchmarks
- Goss is SMALL! - <4MB single self-contained binary
- Goss is UNIXY! - does one thing and does it well, chainable through pipes
curl -L https://github.com/aelsabbahy/goss/releases/download/v0.1.9/goss-linux-amd64 > /usr/local/bin/goss && chmod +rx /usr/local/bin/goss
Documentation is available here: https://github.com/aelsabbahy/goss/blob/master/docs/manual.md
An initial set of tests can be derived from the system state by using the add or autoadd commands.
Let's write a simple sshd test using autoadd.
# Running it as root will allow it to also detect ports
$ sudo goss autoadd sshd
Adding Group to './goss.yaml':
sshd:
exists: true
gid: 74
Adding Process to './goss.yaml':
sshd:
running: true
Adding Port to './goss.yaml':
tcp6:22:
listening: true
ip:
- '::'
Adding Port to './goss.yaml':
tcp:22:
listening: true
ip:
- 0.0.0.0
Adding Service to './goss.yaml':
sshd:
enabled: true
running: true
Adding User to './goss.yaml':
sshd:
exists: true
uid: 74
gid: 74
groups:
- sshd
home: /var/empty/sshd
shell: /sbin/nologin
We can now run our test by using goss validate
:
...............
Total Duration: 0.021s
Count: 15, Failed: 0
As you can see goss tests are extremely fast, we were able to validate our system state in 21ms!
Goss files can be manually edited to match:
- Patterns
- Advanced Matchers.
title
andmeta
(arbitrary data) attributes are persisted when adding other resources withgoss add
Some examples:
user:
sshd:
title: UID must be between 50-100, GID doesn't matter. home is flexible
meta:
desc: Ensure sshd is enabled and running since it's needed for system management
sev: 5
exists: true
uid:
# Validate that UID is between 50 and 100
and:
gt: 50
lt: 100
home:
# Home can be any of the following
or:
- /var/empty/sshd
- /var/run/sshd
package:
kernel:
installed: true
versions:
# Must have 3 kernels and none of them can be 4.4.0
and:
- have-len: 3
- not:
contain-element: 4.4.0
- addr - addr is reachable
- command - command, exit status and outputs
- dns - dns is resolvable
- file - file exists, owner/perm, content
- group - group, uid
- package - package is installed, versions
- port - port is listening, listening ip
- process - process is running
- service - running, enabled
- user - uid, home, etc..
- kernel-param - value
- mount - mountpoint, mount opts, fstype, etc..
- interface - network interface name and addrs
- rspecish (default) - Similar to rspec output
- documentation - Verbose test results
- JSON - Detailed test result
- TAP
- JUnit
- nagios - Nagios/Sensu compatible output /w exit code 2 for failures.
- goss-ansible - Ansible module for Goss
- kitchen-goss - A test-kitchen verifier plugin for GOSS
- goss-fpm-files - Might be useful for building goss system packages
Currently goss only runs on Linux.
The following tests have limitations.
Package:
- rpm
- deb
- Alpine apk
- pacman
Service:
- systemd
- sysV init
- OpenRC init
- Upstart