Ansible Testing with Molecule 

Advantages ● Quality gate for Infrastructure as Code ● Isolated test environment ● Early feedback during development ● Fail fast before application in real systems ● Encourages separation of concerns in Ansible Roles 

Python setup with pyenv 

Create your Environment $> virtualenv project/venv # creates env $> source project/venv/bin/activate # activates env $> deactivate # deactivates env 

Install Molecule $> pip install molecule ansible $> pip docker # virtualization driver 

Create new Ansible role $> molecule init role --role-name user.rolename -d docker $> molecule init role -r user.rolename -d docker # choose driver from one below... # azure, docker, ec2, gce, lxc, lxd, openstack, vagrant, # delegated 

Add Molecule to existing Ansible role $> ansible-galaxy init user.rolename $> cd user.rolename $> molecule init scenario -r user.rolename 

Add new scenarios to Molecule $> molecule init scenario \ # long --scenario-name special \ -r user.rolename $> molecule init scenario \ # short -s special \ -r user.rolename 

Molecule configurations ● Test run ○ molecule.yml # Molecule configuration file ○ playbook.yml # Test case definition ● Syntax checks ○ yamllint # Linter for Yaml files / Ansible, Molecole ○ flake8 # Linter for Python code / Testinfra ○ ansible-lint # Linter for Ansible playbooks 

Molecule test run $> molecule test # bare metal $> docker run --rm -it \ # docker -v '$(pwd)':/tmp/$(basename "${PWD}"):ro \ -v /var/run/docker.sock:/var/run/docker.sock \ -w /tmp/$(basename "${PWD}") \ retr0h/molecule:latest \ sudo molecule test 

Molecule test matrix └── default ├── lint # flake8, yamllint, ansible-lint syntax check ├── destroy # deletes pre-existing containers ├── dependency # installs python dependencies ├── syntax # Playbook syntax check ├── create # creates the docker container ├── prepare # prepares the docker container / pre-configuration ├── converge # executes the test playbook ├── idempotence # executes the test playbook a second time ├── side_effect # Occurs additional effects to the environment ├── verify # executes the Testinfra tests └── destroy # deletes new containers 

Demo Time ● IaC sample project ● From scratch 

end of presentation Author Markus Hanses Date 2019-03-02 

Sources ● pyenv, https://github.com/pyenv/pyenv ● Virtualenv, https://docs.python-guide.org/dev/virtualenvs/ ● Molecule, https://molecule.readthedocs.io/en/latest/index.html ● Testinfra, https://testinfra.readthedocs.io/en/latest/# ● flake8, http://flake8.pycqa.org/en/latest/ ● yamllint, https://yamllint.readthedocs.io/en/stable/ ● ansible-lint, https://github.com/ansible/ansible-lint ● Digital Ocean Blog Post, http://bit.do/eJXD3 ● Demo project, https://github.com/marhan/ansible-role-fail2ban ● Demo pipeline, https://travis-ci.org/marhan/ansible-role-fail2ban