Molecule - Testing Ansible Roles

Good day. On Habré I was repeatedly mentioned ansible, but I didn’t find any articles about testing his roles using a molecule, however I find this framework extremely convenient and would like to share this with Habr’s audience.
But first, a little about what I used before.

Formerly, I used vagrant to test the roles that I create, which I create, by driving straightforward ones:

$ vagrant init debian/jessie64 $ vagrant up 

Creating virtual machines, after which I wrote inventory and playbook to start the role, until one day I had a chance to get acquainted with the molecule.

What can a molecule offer?

1. Initial role initialization
2. Driver / Provider
3. Idempotency tests
4. Verification

Initial role initialization

In the case of specifying a new role creates a generic structure for the role ansible

Driver / Provider

Molecule allows us to use either a Docker container or a virtual machine as a guinea pig using a Vagrant, which is determined by specifying the driver during initialization, or in molecule.yml. Since I have to test the roles of orchestrating containers, then Vagrant remains the preferred driver for me as a driver. Selecting Vagrant as a driver also allows you to select a Provider.

The following are available:

• Libvirt
• Parallels
• VirtualBox (default)
• VMware Fusion

Further, the Vagrant variant with VirtualBox as a provider will be considered.

Idempotency tests

According to wiki:

property of an object or operation when re-applying an operation to an object to give the same result as with a single.

With regard to roles ansible - when you restart the role should not be made any changes.

Verification

In order to make sure that the role has worked properly - not to overwhelm any of the tasks is not enough. After all, it is necessary to check that the services have started, the ports are open, etc.

The following frameworks are available for verification:

• Goss
• Serverspec
• Testinfra (default)

I have tested Goss and Testinfra. For myself, I chose Testinfra.

Usage example:

 $ molecule init --role sample-role 

After executing this command, we get the sample-role directory with the typical ansible structure and the necessary yaml files:

 defaults handlers meta molecule.yml // конфиг-файл для molecule playbook.yml // плэйбук для запуска нашей роли README.md tasks tests // скрипты для верификации vars 

You can run without specifying the --role key, in this case the molecule.yml and playbook.yml files will be created in the current directory.

It happens that it is required to ensure the work of the role on several distributions in this case in molecyle.yml it is necessary to specify the names of the vagrant boxes (in platforms):

 vagrant: platforms: - name: jessie64 box: debian/jessie64 - name: centos7 box: centos/7 

Next, add the necessary actions / variables, etc. in the role, after which we test on all specific platforms:

 $ molecule test --platform all 

After this molecule:

• if there are already created virtual machines, stop and delete them
• raise the necessary virtual machines
• check our role with ansible-lint
• perform our role but newly created containers
• will test idempotency
• run testinfra tests
• will delete the created virtual machines

You may need to change the behavior of a molecule when you run test, for example, do not test for idempotency, for this you should add the following to molecule.yml:

 molecule: test: sequence: - destroy - syntax - create - converge - verify - destroy 

You can also call each of the corresponding steps separately using the appropriate command, example:

 $ molecule create --platform all $ molecule syntax $ molecule create $ molecule converge $ molecule verify 

As one of the options - do not delete / create a new virtual machine before each converge.

You can specify a specific platform and test it separately:

 $ molecule create --platform jessie64 $ molecule syntax $ molecule create $ molecule converge $ molecule verify 

Thanks for attention!