Ansible with with Molecule

Transcript

1. Ansible Testing with Molecule

2. Advantages • Quality gate for Infrastructure as Code • Isolated

   test environment • Early feedback during development • Fail fast before application in real systems • Encourages separation of concerns in Ansible Roles

3. Python setup with pyenv

4. Create your Environment $> virtualenv project/venv # creates env $>

   source project/venv/bin/activate # activates env $> deactivate # deactivates env

5. Install Molecule $> pip install molecule ansible $> pip docker

   # virtualization driver

6. Create new Ansible role $> molecule init role --role-name user.rolename

   -d docker $> molecule init role -r user.rolename -d docker # choose driver from one below... # azure, docker, ec2, gce, lxc, lxd, openstack, vagrant, # delegated

7. Add Molecule to existing Ansible role $> ansible-galaxy init user.rolename

   $> cd user.rolename $> molecule init scenario -r user.rolename

8. Add new scenarios to Molecule $> molecule init scenario \

   # long --scenario-name special \ -r user.rolename $> molecule init scenario \ # short -s special \ -r user.rolename

9. Molecule configurations • Test run ◦ molecule.yml # Molecule configuration

   file ◦ playbook.yml # Test case definition • Syntax checks ◦ yamllint # Linter for Yaml files / Ansible, Molecole ◦ flake8 # Linter for Python code / Testinfra ◦ ansible-lint # Linter for Ansible playbooks

10. Molecule test run $> molecule test # bare metal $>

    docker run --rm -it \ # docker -v '$(pwd)':/tmp/$(basename "${PWD}"):ro \ -v /var/run/docker.sock:/var/run/docker.sock \ -w /tmp/$(basename "${PWD}") \ retr0h/molecule:latest \ sudo molecule test

11. Molecule test matrix └── default ├── lint # flake8, yamllint,

    ansible-lint syntax check ├── destroy # deletes pre-existing containers ├── dependency # installs python dependencies ├── syntax # Playbook syntax check ├── create # creates the docker container ├── prepare # prepares the docker container / pre-configuration ├── converge # executes the test playbook ├── idempotence # executes the test playbook a second time ├── side_effect # Occurs additional effects to the environment ├── verify # executes the Testinfra tests └── destroy # deletes new containers

12. Demo Time • IaC sample project • From scratch

13. end of presentation Author Markus Hanses Date 2019-03-02

14. Sources • pyenv, https://github.com/pyenv/pyenv • Virtualenv, https://docs.python-guide.org/dev/virtualenvs/ • Molecule, https://molecule.readthedocs.io/en/latest/index.html

    • Testinfra, https://testinfra.readthedocs.io/en/latest/# • flake8, http://flake8.pycqa.org/en/latest/ • yamllint, https://yamllint.readthedocs.io/en/stable/ • ansible-lint, https://github.com/ansible/ansible-lint • Digital Ocean Blog Post, http://bit.do/eJXD3 • Demo project, https://github.com/marhan/ansible-role-fail2ban • Demo pipeline, https://travis-ci.org/marhan/ansible-role-fail2ban