Testing Ansible Roles with Molecule

Role over, lay down
Testing Roles With Molecule
Ton Kersten
Antwerp / Belgium / 2018

View Slide

Agenda
1 Introduction
2 Why
3 Question Time!
ans-v1.25-2

View Slide

$ who am i
---
- name: Ton Kersten
creds:
work: UNIX/Linux consultant and Trainer @ AT Computing
linux: UNIX/Linux Geek (UNIX since 1986, Linux since 1992)
scripting: Scripting / programming Freak
cfgmgmt: Configuration Management Addict
- ansible:
- Ansible user and contributor since 2012
- Red Hat Certified Specialist in Ansible Automation
- Ansible Ambassador since 2015
foss: Free and Open Source Software Enthusiast
things: Big fan of things that just work
ans-v1.25-3

View Slide

Why test roles
Ansible playbooks and roles are production code
Check installation of required packages
Process and check needed templates
Check files for contents
Check running and enabled services
Trigger handlers
· · ·
ans-v1.25-4

View Slide

Return of investment
Higher role and playbook quality
Improved reliability ⇒ Less interruptions
Ensuring consistency
Improve Robustness
Automatic testing ⇒ Continues Integration / Deployment
· · ·
ans-v1.25-5

View Slide

Molecule
Open Source (of course)
Designed to test Ansible roles
Uses Ansible to test Ansible roles
Supports different OS’s / test scenarios
Supports different test frameworks
Supports multiple virtualization providers
Setup The tools
Molecule
Testinfra
Docker
ansible-lint
flake8
ans-v1.25-6
# apt-get install docker-engine
# pip install ansible
# pip install ansible-lint
# pip install 'docker-py<3.0'
# pip install molecule
# pip install yamllint
# pip install flake8
# pip install testinfra

View Slide

Get started
Version 1
$ molecule init --role chrony --driver docker
Version 2
$ molecule init role \
--role-name=chrony \
--driver-name=docker \
--verifier-name=testinfra
ans-v1.25-7

View Slide

Configure linter
molecule/default/molecule.yml (Part 1)
lint:
name: yamllint
options:
config-file: molecule/default/yamllint.cfg
molecule/default/yamllint.cfg
extends: default
rules:
line-length:
max: 132
level: warning
allow-non-breakable-words: true
allow-non-breakable-inline-mappings: false
truthy: disable
ans-v1.25-8

View Slide

Configure provisioner
#
# Ansible provisioner and variables
#
provisioner:
name: ansible
inventory:
group_vars: # Mock data for Ansible group_vars
all:
name: Wile E. Coyote
company: ACME
domain: acme.net
host_vars: # Mock data for Ansible host_vars
centos7:
foo: bar
lint:
name: ansible-lint
ans-v1.25-9

View Slide

Configure verifier
verifier:
name: testinfra
options:
verbose: False
debug: False
lint:
name: flake8
options:
ignore: "E201,E202,E203,E211,E223,E224"
ans-v1.25-10
E201: whitespace after char
E202: whitespace before char
E203: whitespace before char
E211: whitespace before text
E223: tab / multiple spaces before operator
E224: tab / multiple spaces after operator

View Slide

Configure CentOS
- name: centos7
hostname: centos7
image: couchbase/centos7-systemd
image_version: latest
privileged: True
groups:
- chrony
- centos
command: "/usr/sbin/init"
# Mount cgroup volumes on Debian 9 host
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
ans-v1.25-11
Run /sbin/init to startup systemd

View Slide

Configure Ubuntu
- name: ubuntu1604
hostname: ubuntu1604
image: solita/ubuntu-systemd
image_version: latest
privileged: True
groups:
- chrony
- ubuntu
command: "/sbin/init"
ans-v1.25-12
Run /sbin/init to startup systemd

View Slide

Create tests 1
molecule/default/tests/test_default.py
import testinfra.utils.ansible_runner as ti
# Get all hosts from the Ansible inventory
# The inventory is generated from the molecule.yml file
inventory = '.molecule/ansible_inventory'
hosts = ti.AnsibleRunner(inventory).get_hosts('all')
ans-v1.25-13
Setup framework and get all Ansible hosts

View Slide

Create tests 2
def test_services(host):
try:
facts = host.ansible("setup")["ansible_facts"]
except host.ansible.AnsibleException as exc:
assert exc.result['failed'] is True
assert exc.result['msg'] == 'Error getting facts'
osfam = facts['ansible_os_family'].lower()
if osfam == 'debian':
present = [ host.service('chrony') ]
elif osfam == 'redhat':
present = [ host.service('chronyd') ]
else:
raise EnvironmentError("'%s' is an unsupported OS" % osfam)
ans-v1.25-14
Get all Ansible facts and check OS family

View Slide

Create tests 3
if present:
for this in present:
assert this.is_installed
ans-v1.25-15
Check if all packages are installed

View Slide

Create tests 4
if present:
assert this.exists
assert this.is_file
assert this.uid == 0
assert this.gid == 0
assert this.mode == 0o644
assert this.contains("# Copyright (c) 2012-today by ACME")
ans-v1.25-16
Check if files have the correct content and credentials

View Slide

Create tests 5
if present:
assert this.is_running
assert this.is_enabled
ans-v1.25-17
Check if all services are running and enabled

View Slide

Running tests
molecule create
molecule converge
molecule verify
Fix
molecule login
molecule destroy
Correct?
No
Yes
molecule test
ans-v1.25-18

View Slide

Problems
Fragile environment
Versions of tools must match
Sudden, unexpected breaking of test line
Needs Python Docker < 3.0
Large difference between version 1 and 2
Documentation not always clear
· · ·
ans-v1.25-19

View Slide

Question Time!
Questions??
Contact me
[email protected]
http://www.atcomputing.nl
https://github.com/tonk
https://speakerdeck.com/tonk
@TonKersten on Twitter
TKersten on IRC
Created with
L
A
TEX Beamer
Vim
Poppler Tools
ImageMagick
Evince
ans-v1.25-20

View Slide

Testing Ansible Roles with Molecule

Testing Ansible Roles with Molecule

Ton Kersten

More Decks by Ton Kersten

Other Decks in Technology

Featured

Transcript