Ansible: testing playbooks (part 2)

    So, in our last article, we looked at how to quickly and easily set up an environment for testing Ansible playbooks and roles. This is all, of course, very good and convenient, but why don't we automate the entire process of making changes to the infrastructure from writing a playbook to making changes to the servers?

    image

    Let me remind you of several conditions under which we will perform configuration testing:

    1. The entire configuration is stored in the git repository;
    2. Jenkins periodically polls the git repository with our roles / playbooks for changes;
    3. When changes occur, Jenkins launches a job with configuration testing. Tests consist of two stages:
    3.1 Kitchen-CI takes the updated code from the repository, launches a completely fresh docker container, uploads updated playbooks from the repository to them and launches Ansible locally, in the docker container;
    3.2 If the first stage was successful, serverspec starts in the docker container and checks if the new configuration has correctly risen;
    4. If all tests were successful in Kitchen-CI, then Jenkins will initiate a new configuration fill.

    Ideally, the whole process from writing a playbook and commit to the repository to making changes to the server should take place without our participation. It is not planned to delve deeply into the Jenkins installation and describe in detail about pipelines in this article. The first is done without problems from standard repositories, and the second is purely individual.

    Jenkins


    So what is it and what is it eaten with? Jenkins is a continuous integration service that is actively used to build and automate the development process from writing code to rolling out into production. This is a fairly flexible tool with a long history and extensive community support. For him, there are countless plugins and add-ons. I bring to your attention that version 2.0 will be released soon. If we use the infrastructure as code, then why don’t we take this path?

    As I mentioned earlier, Jenkins can be installed from the standard repository (Debian in our case, but there are repositories for other OSs as well )
    sudo apt-get install jenkins
    

    Next, we need to give Jenkins the ability to run kitchen and docker containers:
    Edit sudoers:
    visudo -f /etc/sudoers.d/jenkins
    

    We give the opportunity to run docker
    jenkins ALL=(ALL) NOPASSWD: /usr/bin/docker
    

    Restarting Jenkins:
    service jenkins restart

    And we go the browser on a dashboard.

    Now we need to script for Jenkins to do all the work for us. First, create an Item with a free configuration:



    In the version control system settings, select git, specify the path to the git repository and credentials for connection. If you store the entire configuration in one repository, then it may be convenient to use sparse with the project folder that you will test and deploy.



    In assembly triggers we specify to periodically poll SCM and set the interval at which we will poll our git. In this case, the next steps of the task will begin only if changes have been made to the repository.

    Next, in the side steps, indicate “Executing the shell command” and simply indicate the steps that are necessary to run the playbook test and casting:

    sudo kitchen test
    

    At this point, kitchen-ci launches our docker containers, starts Ansible with the playbook locally, then launches serverspec inside the container. If desired, the steps can be divided into converge and verify.

    ansible-playbooksite.yml


    Starts casting the configuration specified in the role / playbook. The last step is also optional. Someone may not trust the machine to spill the configuration and do it manually, provided that the tests were successful. To do this, you can install the plugin for sending notifications (e-mail, IRC, XMPP, since there are many of them) and add a post-build action. Thus, after the tests, a notification about the successful or unsuccessful assembly will be sent.

    Thanks for attention. Successful tests and automation!
    Posted by DevOps Southbridge Administrator Victor Batuev

    References


    Ansible
    Jenkins
    Kitchen-CI
    Serverspec

    Also popular now: