Using Molecule v.2 to test Ansible roles, I faced an issue with the check for a role to be idempotent.
How can I disable this check?
As documented, Molecule configuration parameters are required to be set in molecule.yml file, but I could not find how to disable idempotence check.
---
# molecule.yml file
dependency:
name: galaxy
driver:
name: docker
lint:
name: ansible-lint
options:
x: ANSIBLE0006,ANSIBLE0010,ANSIBLE0012,ANSIBLE0013
platforms:
- name: mongo01
image: mongo:3.2
privileged: yes
groups:
- mongodb
- mongodb_master
- name: mysql_server
image: mysql
environment:
MYSQL_ROOT_PASSWORD: some_password
groups:
- mysql
- name: elasticsearch
image: molecule_local/centos:6
command: sleep infinity
dockerfile: Dockerfile
privileged: yes
groups:
- elastic
- name: esb
image: molecule_local/centos:6
command: sleep infinity
dockerfile: Dockerfile
links:
- "elasticsearch-default:elasticsearch elasticsearch01"
- "mongo01-default:mongo mongo_b2b mongo01"
- "mysql_server-default:mysql mysql_server"
groups:
- fabric
provisioner:
name: ansible
config_options:
defaults:
vault_password_file: /path/to/vault/file
diff: yes
scenario:
name: default
# Probably something like below should disable idempotency check.
idempotent: false
# Uncomment when developing locally to
# keep instances running when tests are completed.
# Must be kept commented when building on CI/CD.
# test_sequence:
# - destroy
# - create
# - converge
# - lint
# - verify
verifier:
name: testinfra
I want to get rid of idempotency check altogether and rely on my own tests.
You should uncomment the test_sequence and include only the tests you want, for example:
test_sequence:
- destroy
- create
- converge
# - idempotence
- lint
- verify
Related
I can't use the preview feature to add a different service account, but I do have the physical key (.json). I've uploaded this key to Secrets Manager and I intend to call it in during the build.
Is what I have done correct?
steps:
- id: 'Setup Credentials'
name: 'gcr.io/cloud-builders/gcloud'
entrypoint: '/bin/bash'
secretEnv: ['SERVICE_ACCOUNT']
args:
- '-c'
- |
echo "$$SERVICE_ACCOUNT" >> /credentials/service_account.json
volumes:
- name: 'credentials'
path: /credentials
availableSecrets:
secretManager:
- versionName: projects/$PROJECT_ID/secrets/service-account-key/versions/latest
env: 'SERVICE_ACCOUNT'
Then in a step that needs to use it I am overwriting GOOGLE_APPLICATION_CREDENTIALS:
- id: 'Do stuff as other service account'
name: 'hashicorp/terraform'
entrypoint: '/bin/bash'
args:
- '-c'
- |
GOOGLE_APPLICATION_CREDENTIALS=/credentials/service_account.json
# do things here
# terraform plan
volumes:
- name: 'credentials'
path: /credentials
Ideally we would use this cloud builds service account but they already have too much going with the other one.
I'm trying to create a playbook which configures a RHEL 8 machine with a container. It all seems to go just fine until i try to use environment variables. That gives me the following error:
FAILED! => {"changed": false, "msg": "argument env is of type <class 'list'> and we were unable to convert to dict: <class 'list'> cannot be converted to a dict"}
2021-03-06T12:09:19.0217935Z
My code is as follows:
- name: Run zookeeper container
containers.podman.podman_container:
name: zookeeper
image: bitnami/zookeeper:3.6.2
state: started
ports:
- 2181:2181
- 3181:3181
- 10001:10001
- 2888:2888
- 3888:3888
env:
- ALLOW_ANONYMOUS_LOGIN= "yes"
I've tried a lot of different combinations but i cannot seem to get it too work.
Any idea's?
Ansible version is 2.9.0.
Rick.
The error is accurate: the env keyword expects a dictionary, but you're providing a list. Just make it a dictionary and it will work fine:
- name: Run zookeeper container
containers.podman.podman_container:
name: zookeeper
image: bitnami/zookeeper:3.6.2
state: started
ports:
- 2181:2181
- 3181:3181
- 10001:10001
- 2888:2888
- 3888:3888
env:
ALLOW_ANONYMOUS_LOGIN: "yes"
The documentation shows this clearly in the example.
I've being trying to run find good repositories or examples of using molecule with kvm. But so far all of them gets this.
{'lint': ['must be of string type']}
I have no clue how to fix this. Like this
---
dependency:
name: galaxy
driver:
name: docker
lint:
name: yamllint
platforms:
- name: instance
image: centos:7
provisioner:
name: ansible
lint:
name: ansible-lint
verifier:
name: testinfra
lint:
name: flake8
This error is because your molecule has been updated to version 3 while your test code is still with version 2.
For version 3, use
lint: |
ansible-lint
Molecule 3 allows multiple linting tools at the same time, and you can specify them as array.
When testing an ansible role using molecule tool and verifying the result with testinfra(pytest), I am not able to print or debug certain output or an ansible variable.
============================= test session starts ==============================
platform linux2 -- Python 2.7.5, pytest-4.6.6, py-1.8.0, pluggy-0.13.0 -- /root/test1/myenv/bin/python2
using: pytest-4.6.6 pylib-1.8.0
setuptools registered plugins:
testinfra-3.2.1 at /root/test1/myenv/lib/python2.7/site-packages/testinfra/plugin.py
rootdir: /root/test1/server_manager/molecule/default
plugins: testinfra-3.2.1
collected 1 item
tests/test_default.py::test_Ansible_variable[ansible://instance] PASSED [100%]
=========================== 1 passed in 3.29 seconds ===========================
Is there is a way to do that?
Under the testinfra verifier component in molecule.yml file, enable the 's' option. For example:
---
dependency:
name: galaxy
driver:
name: docker
lint:
name: yamllint
platforms:
- name: instance
image: centos:7
provisioner:
name: ansible
lint:
name: ansible-lint
verifier:
name: testinfra
lint:
name: flake8
options:
s: true
I'm using kitchen and ansible to test-drive server configurations. Every example I can find has a .kitchen.yml file in the same folder as the ansible role. I would like to execute multiple tests but there doesn't seem to be an in-built way of doing this - kitchen test expects a single .kitchen.yml file in the folder it's run in (along with the serverspec ruby spec files and a default.yml file that wraps the actual role) e.g.
roles
- role_1
- tasks
mail.yml
- test/integration/default/serverspec/localhost
role_spec.rb
default.yml
.kitchen.yml
I would rather separate out the files used for testing from the files used to configure the servers and to that end I have created a suite per role and specified the provisioner playbook in the suite config:
suites:
- name: role_1
provisioner:
playbook: test/integration/role_1/default.yml
- name: role_2
provisioner:
playbook: test/integration/role_2/default.yml
My *_spec.rb files then have to be in a folder named test/integration/role_1/serverspec
This also allows me to run multiple role tests via a single kitchen test but I'm not sure if this is the way to be going. If I had a playbook that had multiple roles, I can't see how I can re-use the *_spec.rb files.
How is this meant to be done?
This now available with the latest busser-ansiblespec see:
https://github.com/neillturner/busser-ansiblespec
https://github.com/neillturner/ansible_repo
https://github.com/neillturner/kitchen-ansible
What I do with my Ansible roles is the following.
My .kitchen.yml file in the "root" of the role:
---
driver:
name: docker
provision_command: sed -i '/tsflags=nodocs/d' /etc/yum.conf
provisioner:
name: ansible_playbook
ansible_yum_repo: "http://mirror.logol.ru/epel/6/x86_64/epel-release-6-8.noarch.rpm"
hosts: localhost
requirements_path: requirements.yml
platforms:
- name: centos-6.6
verifier:
ruby_bindir: '/usr/bin'
suites:
- name: zabbix-server-mysql
playbook: zabbix-server-mysql.yml
provisioner:
name: ansible_playbook
playbook: test/integration/zabbix-server-mysql.yml
- name: zabbix-server-pgsql
provisioner:
name: ansible_playbook
playbook: test/integration/zabbix-server-pgsql.yml
In the "test/integration" directory I have the following setup:
./zabbix-server-mysql/serverspec/localhost/ansible-zabbix-server_spec.rb
./zabbix-server-mysql/serverspec/spec_helper.rb
./zabbix-server-mysql.yml
./zabbix-server-pgsql/serverspec/localhost/ansible-zabbix-server_spec.rb
./zabbix-server-pgsql/serverspec/spec_helper.rb
./zabbix-server-pgsql.yml
The zabbix-server-pgsql.yml and zabbix-server-mysql.yml files are the playbooks that is calling the role itself, like this:
- hosts: localhost
roles:
- role: geerlingguy.mysql
- role: ansible-zabbix-server
zabbix_url: zabbix.example.com
zabbix_version: 2.4
database_type: mysql
database_type_long: mysql
Hope this helps you.
I don't know how to reuse the _spec.rb files, so I can't give an answer on that one. (Do want to know the answer, so I'll bookmark this page ;-))
Kind regards,
Werner