When testing an ansible role using molecule tool and verifying the result with testinfra(pytest), I am not able to print or debug certain output or an ansible variable.
============================= test session starts ==============================
platform linux2 -- Python 2.7.5, pytest-4.6.6, py-1.8.0, pluggy-0.13.0 -- /root/test1/myenv/bin/python2
using: pytest-4.6.6 pylib-1.8.0
setuptools registered plugins:
testinfra-3.2.1 at /root/test1/myenv/lib/python2.7/site-packages/testinfra/plugin.py
rootdir: /root/test1/server_manager/molecule/default
plugins: testinfra-3.2.1
collected 1 item
tests/test_default.py::test_Ansible_variable[ansible://instance] PASSED [100%]
=========================== 1 passed in 3.29 seconds ===========================
Is there is a way to do that?
Under the testinfra verifier component in molecule.yml file, enable the 's' option. For example:
---
dependency:
name: galaxy
driver:
name: docker
lint:
name: yamllint
platforms:
- name: instance
image: centos:7
provisioner:
name: ansible
lint:
name: ansible-lint
verifier:
name: testinfra
lint:
name: flake8
options:
s: true
Related
I'm using AWX ansible ver 20.0 with kubernetes
My playbook:
---
- name: Install 7zip with offline package chocolatey
hosts: all
become: true
gather_facts: false
tasks:
- name: Create folder
win_file:
path: 'C:/Instalki'
state: directory
- name: Copy installer
become: true
win_copy:
src: "../playbooksWindows/installers/7zip.22.01.nupkg"
dest: "C:/Instalki/7zip.22.01.nupkg"
- name: install 7zip packages
win_chocolatey:
name: "7zip"
state: present
source: "C:/Instalki/7zip.22.01.nupkg"
- name : clear folder
win_file:
path: "C:/Instalki/7zip.22.01.nupkg"
state: absent
Error:
/usr/local/lib/python3.8/site-packages/paramiko/transport.py:236: CryptographyDeprecationWarning: Blowfish has been deprecated
"class": algorithms.Blowfish,
No config file found; using defaults
SSH password:
BECOME password[defaults to SSH password]:
ERROR! couldn't resolve module/action 'win_chocolatey'. This often indicates a misspelling, missing collection, or incorrect module path.
The error appears to be in '/runner/project/playbooksWindows/Install_7zip.yml': line 27, column 7, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: install 7zip packages
^ here
My actual ansible collection on awx-ee container
# /usr/share/ansible/collections/ansible_collections
Collection Version
----------------------- -------
amazon.aws 4.1.0
ansible.posix 1.4.0
ansible.windows 1.11.1
awx.awx 21.5.0
azure.azcollection 1.13.0
community.vmware 2.9.1
google.cloud 1.0.2
kubernetes.core 2.3.2
openstack.cloud 1.9.1
ovirt.ovirt 2.2.3
redhatinsights.insights 1.0.7
theforeman.foreman 3.6.0
# /home/runner/.ansible/collections/ansible_collections
Collection Version
--------------------- -------
ansible.windows 1.11.1
chocolatey.chocolatey 1.3.0
I was installing collection with:
ansible-galaxy collection install chocolatey.chocolatey
Any ideas how to fix it on docker in ver AWX 17.01 everything works fine :/
I've being trying to run find good repositories or examples of using molecule with kvm. But so far all of them gets this.
{'lint': ['must be of string type']}
I have no clue how to fix this. Like this
---
dependency:
name: galaxy
driver:
name: docker
lint:
name: yamllint
platforms:
- name: instance
image: centos:7
provisioner:
name: ansible
lint:
name: ansible-lint
verifier:
name: testinfra
lint:
name: flake8
This error is because your molecule has been updated to version 3 while your test code is still with version 2.
For version 3, use
lint: |
ansible-lint
Molecule 3 allows multiple linting tools at the same time, and you can specify them as array.
I'm running the below ansible playbook, and am getting the following message
TASK [Set up pipeline] ***********************************************************************************************************************************************************************************************************************
fatal: [35.153.53.5]: FAILED! => {"changed": false, "msg": "python-jenkins required for this module. see http://python-jenkins.readthedocs.io/en/latest/install.html"}
to retry, use: --limit #~/Repositories/terraform-jenkins/ansible/jenkins.retry
Funny thing is.. it's actually present
[ec2-user#ip-172-31-43-13 ~]$ pip list |grep jenkins
jenkins-python 1.1
python-jenkins 1.3.0
[ec2-user#ip-172-31-43-13 ~]$ sudo !!
sudo pip list |grep jenkins
jenkins-python 1.1
python-jenkins 1.3.0
Ansible Version
ansible 2.6.4
config file = None
configured module search path = [u'/Users/jddaniel/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python2.7/site-packages/ansible
executable location = /usr/local/bin/ansible
python version = 2.7.15 (default, Jul 23 2018, 21:27:06) [GCC 4.2.1 Compatible Apple LLVM 9.1.0 (clang-902.0.39.2)]
Verbose log
https://gist.github.com/ehime/ee08545fcb8e13d16ca801d1771d7461
Here's my playbook
#
# Ansible to provision Jenkins on remote host
#
- name: Install Jenkins and its plugins
hosts: all
become: yes
become_method: sudo
gather_facts: yes
pre_tasks:
- name: CA-Certificates update command line execution
command: /bin/update-ca-trust
vars:
jenkins_hostname: localhost
jenkins_http_port: 8080
roles:
- geerlingguy.repo-epel # required for pip
- geerlingguy.java
- geerlingguy.jenkins
tasks:
# TODO fix upstream
- name: Make Groovy folder writable
file:
path: /var/lib/jenkins/init.groovy.d
state: directory
# TODO verify this is what it should be
mode: 0777
- name: Install dependencies
yum:
name:
- git
- python2-pip
- name: Force upgrade pip
pip:
name: pip
extra_args: --upgrade
- name: Install dependencies for Jenkins modules
pip:
name: python-jenkins
- name: Install build pipeline
jenkins_plugin:
name:
- build-pipeline-plugin
- workflow-aggregator
url_username: "{{ jenkins_admin_username }}"
url_password: "{{ jenkins_admin_password }}"
- name: Set up pipeline
jenkins_job:
config: "{{ lookup('file', '_files/jobs.xml') }}"
name: test-auto
user: "{{ jenkins_admin_username }}"
password: "{{ jenkins_admin_password }}"
.... What could possibly be going on here? ...
Here's the jobs.xml if you want to try it on your lonesome
<?xml version='1.0' encoding='UTF-8'?>
<flow-definition plugin="workflow-job#2.10">
<actions/>
<description></description>
<keepDependencies>false</keepDependencies>
<properties>
<org.jenkinsci.plugins.workflow.job.properties.PipelineTriggersJobProperty>
<triggers/>
</org.jenkinsci.plugins.workflow.job.properties.PipelineTriggersJobProperty>
</properties>
<definition class="org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition" plugin="workflow-cps#2.30">
<script>
node { echo 'You get a pipeline, she gets a pipeline... you all get pipelines...' }
</script>
<sandbox>true</sandbox>
</definition>
<triggers/>
</flow-definition>
OS info
[ec2-user#ip-172-31-43-13 ~]$ hostnamectl
Static hostname: ip-172-31-43-13.ec2.internal
Icon name: computer
Chassis: n/a
Machine ID: 8df22ad8f77c4d84bc36f0456b1fd0d7
Boot ID: 4981022b5a1c4d0d8bd659ca4ceeb071
Operating System: Red Hat Enterprise Linux Server 7.0 (Maipo)
CPE OS Name: cpe:/o:redhat:enterprise_linux:7.0:GA:server
Kernel: Linux 3.10.0-123.8.1.el7.x86_64
Architecture: x86_64
OS info is probably sketch as lsb_release isn't available... I'm using ami-a8d369c0 on AWS, which says it's RHEL 7.0 ... prob a stripped AMI? idk
No idea what the issue really was but yum installing instead of pip worked?
Using Molecule v.2 to test Ansible roles, I faced an issue with the check for a role to be idempotent.
How can I disable this check?
As documented, Molecule configuration parameters are required to be set in molecule.yml file, but I could not find how to disable idempotence check.
---
# molecule.yml file
dependency:
name: galaxy
driver:
name: docker
lint:
name: ansible-lint
options:
x: ANSIBLE0006,ANSIBLE0010,ANSIBLE0012,ANSIBLE0013
platforms:
- name: mongo01
image: mongo:3.2
privileged: yes
groups:
- mongodb
- mongodb_master
- name: mysql_server
image: mysql
environment:
MYSQL_ROOT_PASSWORD: some_password
groups:
- mysql
- name: elasticsearch
image: molecule_local/centos:6
command: sleep infinity
dockerfile: Dockerfile
privileged: yes
groups:
- elastic
- name: esb
image: molecule_local/centos:6
command: sleep infinity
dockerfile: Dockerfile
links:
- "elasticsearch-default:elasticsearch elasticsearch01"
- "mongo01-default:mongo mongo_b2b mongo01"
- "mysql_server-default:mysql mysql_server"
groups:
- fabric
provisioner:
name: ansible
config_options:
defaults:
vault_password_file: /path/to/vault/file
diff: yes
scenario:
name: default
# Probably something like below should disable idempotency check.
idempotent: false
# Uncomment when developing locally to
# keep instances running when tests are completed.
# Must be kept commented when building on CI/CD.
# test_sequence:
# - destroy
# - create
# - converge
# - lint
# - verify
verifier:
name: testinfra
I want to get rid of idempotency check altogether and rely on my own tests.
You should uncomment the test_sequence and include only the tests you want, for example:
test_sequence:
- destroy
- create
- converge
# - idempotence
- lint
- verify
I'm using kitchen and ansible to test-drive server configurations. Every example I can find has a .kitchen.yml file in the same folder as the ansible role. I would like to execute multiple tests but there doesn't seem to be an in-built way of doing this - kitchen test expects a single .kitchen.yml file in the folder it's run in (along with the serverspec ruby spec files and a default.yml file that wraps the actual role) e.g.
roles
- role_1
- tasks
mail.yml
- test/integration/default/serverspec/localhost
role_spec.rb
default.yml
.kitchen.yml
I would rather separate out the files used for testing from the files used to configure the servers and to that end I have created a suite per role and specified the provisioner playbook in the suite config:
suites:
- name: role_1
provisioner:
playbook: test/integration/role_1/default.yml
- name: role_2
provisioner:
playbook: test/integration/role_2/default.yml
My *_spec.rb files then have to be in a folder named test/integration/role_1/serverspec
This also allows me to run multiple role tests via a single kitchen test but I'm not sure if this is the way to be going. If I had a playbook that had multiple roles, I can't see how I can re-use the *_spec.rb files.
How is this meant to be done?
This now available with the latest busser-ansiblespec see:
https://github.com/neillturner/busser-ansiblespec
https://github.com/neillturner/ansible_repo
https://github.com/neillturner/kitchen-ansible
What I do with my Ansible roles is the following.
My .kitchen.yml file in the "root" of the role:
---
driver:
name: docker
provision_command: sed -i '/tsflags=nodocs/d' /etc/yum.conf
provisioner:
name: ansible_playbook
ansible_yum_repo: "http://mirror.logol.ru/epel/6/x86_64/epel-release-6-8.noarch.rpm"
hosts: localhost
requirements_path: requirements.yml
platforms:
- name: centos-6.6
verifier:
ruby_bindir: '/usr/bin'
suites:
- name: zabbix-server-mysql
playbook: zabbix-server-mysql.yml
provisioner:
name: ansible_playbook
playbook: test/integration/zabbix-server-mysql.yml
- name: zabbix-server-pgsql
provisioner:
name: ansible_playbook
playbook: test/integration/zabbix-server-pgsql.yml
In the "test/integration" directory I have the following setup:
./zabbix-server-mysql/serverspec/localhost/ansible-zabbix-server_spec.rb
./zabbix-server-mysql/serverspec/spec_helper.rb
./zabbix-server-mysql.yml
./zabbix-server-pgsql/serverspec/localhost/ansible-zabbix-server_spec.rb
./zabbix-server-pgsql/serverspec/spec_helper.rb
./zabbix-server-pgsql.yml
The zabbix-server-pgsql.yml and zabbix-server-mysql.yml files are the playbooks that is calling the role itself, like this:
- hosts: localhost
roles:
- role: geerlingguy.mysql
- role: ansible-zabbix-server
zabbix_url: zabbix.example.com
zabbix_version: 2.4
database_type: mysql
database_type_long: mysql
Hope this helps you.
I don't know how to reuse the _spec.rb files, so I can't give an answer on that one. (Do want to know the answer, so I'll bookmark this page ;-))
Kind regards,
Werner