Testing Ansible Roles Locally With Molecule on Linux and Windows | by DrPsychick | Jul, 2022

Ansible | Testing | Molecule | libvirt | Docker

Pace up your improvement cycles and launch with confidence

Desktop with focus on a sign saying “No bad days”.
Picture by Ryland Dean on Unsplash

Wherever I used to be crossing Ansible in my skilled life, the folks utilizing it at all times confronted the identical challenges. Whereas all people desires an Ansible setup that permits a dependable, reproducible, and versatile approach to rollout configuration and software program installations throughout server (or VM) fleets, the fact is that this usually rapidly turns into an intertwined assortment of duties, roles, and playbooks. It’s onerous to make sure prime quality and hold it clear and easy.

What I’ve skilled largely are the next conditions:

  • writing duties “blindly” after which making use of them to hosts; iterating till every thing runs by way of with out errors
  • doing small modifications to the playbooks or roles, then making use of them to hosts, after which forgetting to commit them to git
  • testing your Ansible roles on present, configured hosts, and forgetting the dependencies required for a freshly put in host
  • constructing and operating playbooks with many roles, however by no means testing roles independently and reusing variables throughout roles or international variables, making it onerous or virtually inconceivable to run particular person roles after which fixing that with tags for each position.
  • operating playbooks manually and on-demand. Inflicting configuration drift on the hosts, for instance, due to lacking git commits.

Flexibility is nice, and having the ability to react quick is a key aspect to success these days. With out some fundamental separation and tips, nevertheless, an Ansible repository can rapidly turn out to be a monolith of technical dept. I’ve been there.

Probably the most essential issues is to jot down separate, reusable roles. Even in case you don’t intend to share them inside your organization, it helps deal with the aim of that particular position. Like in a microservices world, you don’t need one position to be accountable for a number of issues. A separate repo for a job additionally permits you to develop and check it individually to make sure a high-quality customary.

  • One repository per position, check independently
  • A number of repositories for playbooks, referencing the roles

Earlier than you reinvent the wheel — take a look at ansible-galaxy for public, open supply roles that fit your wants.

In your playbook repositories, you may simply reference roles with a necessities.yml file and in addition roles pulled from git:

# ansible-galaxy set up -r necessities.yml
roles:
- title: geerlingguy.docker
model: 4.2.4
- title: https://github.com/MyOrganization/repo_name.git
sort: git
model: grasp

Identical to builders guarantee high quality of their software program tasks by way of git with pipelines that lint, run exams, and construct artifacts, DevOps — or GitOps — can use the identical rules to make sure prime quality, reproducible and automatic deployment mechanisms.

The central philosophy right here is to validate your work outcomes, normally “code,” on outlined, reproducible environments to make it possible for it additionally works on your colleagues and the outcomes are dependable and repeatable. After you have validated reproducible outcomes, you’re able to automate rollouts to make sure a constant state throughout your server fleets or detect configuration drift.

Molecule permits you to check your Ansible position towards a number of situations which can be setup for the check. Whereas Molecule can spin up Docker containers for you, it focuses on operating and testing Ansible roles and never provisioning situations to run the exams on. To make it extraordinarily straightforward to combine into Molecule, I’ve just lately printed an Ansible position that you need to use with Molecule to outline and provision the situations you want for exams simply, be it Linux (Fedora, Ubuntu, and many others.) or Home windows (through libvirt).

For the next examples, right here’s what you want:

  • A Linux host with Docker put in
  • sudo privileges
  • Python libraries molecule molecule-docker

This DrPsychick/ansible-testing position works nice for my use instances and I hope it could serve you effectively. In case your use case is totally different or requires changes, please contribute to the position by creating points and opening pull-requests.

Doing this hands-on “tutorial” takes solely 5 minutes. If you find yourself carried out, you’ve got your first Linux Ansible position that’s examined with Molecule. An entire molecule check run with an empty position on two situations takes about 30 seconds.

1. Create a job

Create a brand new, empty position with molecule.

molecule init position demo.testrolecd testrole

Position and Namespace limitations:

Namespace: https://galaxy.ansible.com/docs/contributing/namespaces.html#galaxy-namespace-limitations
Position: https://galaxy.ansible.com/docs/contributing/creating_role.html#role-names

If in case you have an present position, you may have Molecule initialize the default situation with the next command:

# creates and populates ./molecule/default/
molecule init situation default

2. Get molecule instance from GitHub

Obtain the instance recordsdata (https://github.com/DrPsychick/ansible-testing/tree/master/docs/molecule/default) from DrPsychick/ansible-testing on your position:

for f in create destroy molecule necessities vars; do 
curl -o molecule/default/$f.yml "https://raw.githubusercontent.com/DrPsychick/ansible-testing/master/docs/molecule/default/$f.yml";
carried out

Earlier than you run it, it’s possible you’ll wish to alter the molecule/default/vars.yml and molecule/default/molecule.yml to your wants which lets you configure the DrPsychick/ansible-testing position and outline the container situations you wish to check on.

vars.yml:

# a brief listing that might be deleted with 'destroy'
work_dir: "/tmp/ansible-demo.testrole-default"
containers:
- title: ubuntu2204
os: ubuntu
dockerfile: Dockerfile_Ubuntu
recordsdata:
- "entrypoint.sh"
args:
VERSION: 22.04

Make certain the container names match the platforms in molecule.yml:

[...]
platforms:
- title: ubuntu2204
[...]

3. Run molecule in your position

As you seemingly are logged in as a person, if you first run Molecule it’s possible you’ll get this error:

deadly: [localhost]: FAILED! => "modified": false, "module_stderr": "sudo: a password is requiredn", "module_stdout": "", "msg": "MODULE FAILUREnSee stdout/stderr for the precise error", "rc": 1

It’s because the ansible-testing position ensures that each one prerequisites are put in. Resolve this by operating sudo echo after which run Molecule once more.

# create situations (with DrPsychick/ansible-testing)
# this may take some time the primary time, because it builds
# the docker photographs.
# As soon as constructed, creating situations takes solely seconds.
molecule create
# checklist situations or test systemd standing
docker ps
docker exec -it ubuntu2204 systemctl standing
# run your position on the situations
molecule converge
molecule idempotence

4. Develop your position

Now you may hack away and implement your position. For one or a number of working programs or flavors. Rerun molecule converge as usually as wanted to confirm that your duties are doing what they need to. Earlier than you end issues up, make it possible for a molecule check additionally succeeds with out points, as this ensures that your position works on freshly put in situations.

What’s additionally essential is that you make sure that your position is idempotent — that means that if you run it a second time to make sure it doesn’t report any modifications. Why is that this so essential? If you later automate Ansible runs, you wish to outline the goal state for a system, and also you need all programs to have the identical configuration state.

For instance, to detect configuration drift (the configuration of a bunch diverges from the specified state), you may run an Ansible playbook in --check mode to see if any modifications can be made. That is solely doable in case your position is written in a approach that’s idempotent (and --check protected).

You need to use molecule/default/put together.yml to arrange your situations on your position, in case you want particular conditions like different roles put in. And you need to use molecule/default/confirm.yml to run duties on the finish to confirm that the configuration or set up of your position is working as anticipated.

5. Run molecule in your pipeline

Now that you’ve got your Molecule situation setup and configured, your position developed and examined, it’s time to repeatedly guarantee prime quality by operating Molecule exams in your pipeline.

As there are lots of totally different CI/CD options on the market, I’ll solely rapidly point out the necessities to run Molecule (that are already talked about above)

  • Python3 ansible ansible-lint docker molecule molecule-docker
  • Chance to run privileged Docker containers within the pipeline (probably with Docker-in-Docker, docker:dind)

Open points to sign characteristic requests, bugs, or just to indicate your curiosity and share that you just’re engaged on a particular problem or case.

Adjusting the position to your wants and utilizing your native model is straightforward:

  1. Fork the mission on GitHub
  2. Take a look at the fork in your Linux field
  3. Symlink the fork in your roles Molecule situation (i.e. molecule/default )
  4. Remark out the position in necessities.yml and delete the native copy

Now all molecule instructions in your roles listing will use your native fork.

Right here’s the detailed description: https://github.com/DrPsychick/ansible-testing#contributing.

Thanks on your time and curiosity!

More Posts