Molecule - Testing Ansible Roles
Good day. On Habré I was repeatedly mentioned ansible, but I didn’t find any articles about testing his roles using a molecule, however I find this framework extremely convenient and would like to share this with Habr’s audience.
But first, a little about what I used before.
Before, I used vagrant to test the roles that I create, which I create, by driving straightforward ones:
Creating virtual machines, after which I wrote inventory and playbook to start the role, until one day I had a chance to get acquainted with the molecule.
In the case of specifying a new role, creates a typical structure for the ansible role.
Molecule allows us to use either a Docker container or a virtual machine as a guinea pig using a Vagrant, which is determined by specifying the driver during initialization, or in molecule.yml. Because I have to test the roles of orchestrating containers, then Vagrant remains the preferred driver for me as a driver. Selecting Vagrant as a driver also allows you to select a Provider.
The following are available:
Further, the Vagrant variant with VirtualBox as a provider will be considered.
According to wiki:
With regard to roles ansible - when you restart the role should not be made any changes.
In order to make sure that the role has worked properly - not to overwhelm any of the tasks is not enough. After all, it is necessary to check that the services have started, the ports are open, etc.
The following frameworks are available for verification:
I have tested Goss and Testinfra. For myself, I chose Testinfra.
Example of use:
After executing this command, we get the sample-role directory with the typical ansible structure and the necessary yaml files:
You can run without specifying the --role key, in this case, the molecule.yml and playbook.yml files will be created in the current directory.
It happens that it is required to ensure the work of the role on several distributions in this case in molecyle.yml it is necessary to specify the names of the vagrant boxes (in platforms):
Next, add the necessary actions / variables, etc. in the role, after which we test on all specific platforms:
After this molecule:
You may need to change the behavior of a molecule when you run test, for example, do not test for idempotency, for this you should add the following to molecule.yml:
You can also call each of the corresponding steps separately using the appropriate command, example:
As one of the options - do not delete / create a new virtual machine before each converge.
You can specify a specific platform and test it separately:
Thanks for attention!
Before, I used vagrant to test the roles that I create, which I create, by driving straightforward ones:
$ vagrant init debian/jessie64
$ vagrant upCreating virtual machines, after which I wrote inventory and playbook to start the role, until one day I had a chance to get acquainted with the molecule.
What can a molecule offer?
- Initial role initialization
- Driver / Provider
- Idempotency tests
- Verification
Initial role initialization
In the case of specifying a new role, creates a typical structure for the ansible role.
Driver / Provider
Molecule allows us to use either a Docker container or a virtual machine as a guinea pig using a Vagrant, which is determined by specifying the driver during initialization, or in molecule.yml. Because I have to test the roles of orchestrating containers, then Vagrant remains the preferred driver for me as a driver. Selecting Vagrant as a driver also allows you to select a Provider.
The following are available:
- Libvirt
- Parallels
- VirtualBox (default)
- VMware Fusion
Further, the Vagrant variant with VirtualBox as a provider will be considered.
Idempotency tests
According to wiki:
property of an object or operation when re-applying an operation to an object to give the same result as with a single.
With regard to roles ansible - when you restart the role should not be made any changes.
Verification
In order to make sure that the role has worked properly - not to overwhelm any of the tasks is not enough. After all, it is necessary to check that the services have started, the ports are open, etc.
The following frameworks are available for verification:
- Goss
- Serverspec
- Testinfra (default)
I have tested Goss and Testinfra. For myself, I chose Testinfra.
Example of use:
$ molecule init --role sample-roleAfter executing this command, we get the sample-role directory with the typical ansible structure and the necessary yaml files:
defaults
handlers
meta
molecule.yml // конфиг-файл для molecule
playbook.yml // плэйбук для запуска нашей роли
README.md
tasks
tests // скрипты для верификации
varsYou can run without specifying the --role key, in this case, the molecule.yml and playbook.yml files will be created in the current directory.
It happens that it is required to ensure the work of the role on several distributions in this case in molecyle.yml it is necessary to specify the names of the vagrant boxes (in platforms):
vagrant:
platforms:
- name: jessie64
box: debian/jessie64
- name: centos7
box: centos/7Next, add the necessary actions / variables, etc. in the role, after which we test on all specific platforms:
$ molecule test --platform allAfter this molecule:
- in the case of already created virtual machines will stop and delete them
- will lift the necessary virtual machines
- check our role with ansible-lint
- fulfill our role but newly created containers
- will test idempotency
- run testinfra tests
- will delete the created virtual machines
You may need to change the behavior of a molecule when you run test, for example, do not test for idempotency, for this you should add the following to molecule.yml:
molecule:
test:
sequence:
- destroy
- syntax
- create
- converge
- verify
- destroyYou can also call each of the corresponding steps separately using the appropriate command, example:
$ molecule create --platform all
$ molecule syntax
$ molecule create
$ molecule converge
$ molecule verifyAs one of the options - do not delete / create a new virtual machine before each converge.
You can specify a specific platform and test it separately:
$ molecule create --platform jessie64
$ molecule syntax
$ molecule create
$ molecule converge
$ molecule verifyThanks for attention!