Ansible Molecule for DevOps Kirill Satarin Senior Software Engineer Red Hat

"In a dark place we find ourselves, and a little more Ansible automation light can guide us out." - inspired by Master Yoda and Ansible Contents ■ Quick introduction to Ansible Molecule ○ Some basic knowledge of Ansible is required ■ Ansible Molecule driver for the cloud and how to use it ■ How did we use Ansible Molecule driver ■ Benefits

Ansible Molecule Molecule project is designed to aid in the development and testing of Ansible roles. https://molecule.readthedocs.io/en/latest/ https://github.com/ansible-community/molecule Molecule uses plugins to provide functionality for different infrastructure providers https://github.com/ansible-community/molecule-plugins We wrote our own molecule driver to manage infrastructure in cloud providers (Azure, AWS, IBM Cloud) Quick introduction "I solemnly swear that I am up to no manual configuration." - inspired by Harry Potter and Ansible

Molecule installation and usage > pip install molecule Install Ansible Molecule driver > pip install molecule-driver-azure > molecule init role > molecule init scenario -d Installation > molecule dependency > molecule create > molecule prepare > molecule converge - apply content > molecule verify > molecule destroy All together > molecule test - complete test cycle Molecule commands (per scenario) "The first rule of Ansible is: you do not manually configure infrastructure." - inspired by Fight Club and Ansible

- you actually do not need ansible role to use molecule ├── molecule │ ├── │ │ ├── molecule.yml - file that describes molecule scenario landscape and configuration │ │ ├── create.yml - this is create playbook - defined by driver, can be extended │ │ ├── prepare.yml - this is prepare playbook - you change what it does │ │ ├── converge.yml - this is converge playbook - you change what it does │ │ └── verify.yml - this is verify playbook - you change what it does │ │ ├── destroy.yml - this is destroy playbook - defined by driver, can be extended │ │ ├── side_effect.yml - `ACTION={backup, restore, deallocate} molecule side-effect` Molecule folder structure and molecule commands "The second rule of Ansible is: you DO NOT manually configure infrastructure." - inspired by Fight Club and Ansible

Molecule commands configuration molecule.yml scenario: dependency_sequence : [] create_sequence : - create converge_sequence : - converge test_sequence: - dependency - create - converge - verify - side_effect deallocate.yml destroy_sequence : - side_effect deallocate.yml Can be any playbook in scenario folder! provisioner: name: ansible playbooks: create: create.yml prepare: prepare.yml converge: converge.yml side-effect: side_effect.yml verify: verify.yml destroy: destroy.yml "This is your Ansible playbook. There are many like it, but this one is yours." - inspired by US Marines and Ansible `molecule create`

Molecule.yml file structure --- dependency: name: shell command:... driver: name: platforms: - platforms: - name: instance vm_size: Standard_D8s_v3 marketplace_image: publisher: "RedHat" offer: "RHEL-SAP-HA" sku: "86sapha-gen2" version: "latest" data_disks: - lun: 0 path: /hana filesystem: xfs disk_size_gb: 256 "It takes a Ansible playbook to make a change." - inspired by The Shawshank Redemption and Ansible location: resourcegroup_name: molecule virtualnetwork_name: virtualnetwork_address_prefixes: subnet_name: subnet_address_prefix_cidr: ssh_user: zones: public_ip_allocation_method: open_ports:

Molecule Driver Architecture with Collections molecule -> molecule driver (python package) Ansible collection molecule.driver Ansible collections azure.azcollection amazon.aws ibm.cloudcollection community.crypto community.general ansible.posix molecule create molecule destroy molecule side-effect ACTION= molecule side-effects action= stop create destroy deallocate backup restore compute infra disks filesystems / mounts shared storage ssh keys All molecule commands are idempotent "If you put your mind to it, you can automate anything with Ansible." - inspired by Back to the Future and Ansible

How we use Ansible Molecule SAP modules and roles development as part of sap.sap_operations ansible collection https://galaxy.ansible.com/sap/sap_operations Development: SAP Landscape creation / deallocation / preparation (installation, system start) Trial and error while developing Ansible roles and modules Backup and restore complete landscape so we can destroy systems while developing Save costs by deallocating the landscape "Copy and paste" infrastructure to test other RHEL versions / other configurations No need to automate all infrastructure from the start, works with manually created infrastructure Testing: Continuous integration testing - all you need is cloud provider access - all actions are idempotent "Size matters not when it comes to Ansible automation. Even the smallest team can achieve great things with it." - inspired by Master Yoda and Ansible

TL; DR ● It is actually not that hard to create Ansible Molecule driver for your specific needs ● Development speedup ● Easy to add to CI - just one command - `molecule test` ● Soft move from manual configuration to Ansible automation ● Quick switch from one configuration to another for testing / development ● "Copy and paste" infrastructure allows quick adoption for other roles / modules Benefits ● If you are creating Ansible content and want to test it on cloud infrastructure ● If you want to manage your dev / test compute cloud environments with Ansible When and Why ? "Always pass on what you have learned about Ansible automation to others. This is the way of the Ansible engineer." - inspired by Master Yoda and Ansible https://github.com/redhat-sap/molecule.driver https://github.com/redhat-sap/molecule-driver-azure