Improve Ansible Roles with Molecule
Luis Cacho
Security Systems Administrator
@Rackspace
Agenda
- Ansible Review
- YAML Review
- Test Automation
- Testing options for Ansible
- Molecule
- Demo!!
Ansible (1/4)
| Use Cases | Attributes |
|---|---|
| Configuration Management | Simple |
| Software Provisioning | Powerful |
| Security and Compliance | Agentless |
| Application Deployment | Cross Platform |
| Orchestration | Over 450 Modules |
| Continuous Delivery | Big Community |
Ansible (2/4)
Ansible (3/4)
Ansible (4/4)
- Playbooks contain/connect roles
- Roles contain plays
- Plays contain tasks
- Tasks execute a module
- Tasks run sequencially
- Handlers are triggered by tasks, runs once at the end of the play
Test Automation (1/2)
- Reliable Code
- Quality (Fast feedback)
- Time and cost saving
- Faster Development Cycle (CI/CD)
- Repeatability (Test same change accross multiple environments (OS, Providers); multiple data sets)
Test Automation (2/2)
Testing options for Ansible
- Ansible tasks - Test Ansible w/ Ansible
- Test Kitchen - Test Ansible w/ Ruby
- ansible-test - Test Ansible w/ Unmaintained Python
- Molecule - Test Ansible w/ Python
Molecule (1/5)
Testing Ansible with Molecule
- Tool designed to aid in the development and testing of Ansible roles.
- Provides support for testing with multiple instances, operating systems, providers, test frameworks and testing scenarios.
- Encourages an approach that results in consistently developed roles that are well-written, easily understood and maintained.
Molecule (2/5)
Testing Ansible with Molecule
| Pros | Cons |
|---|---|
| - Written in Python | - No Windows support |
| - Ansible-Native | - No Dinamyc Inventory support |
| - Established community | |
| - Open Source |
Molecule (3/5)
Testing Ansible with Molecule
- Creates nodes for testing
- Run the playbook on the nodes
- Run the playbook again to test idempotence
- Lints the Ansible code with ansible-lint
- Lint the Python code with flake8
- Runs the verifier tests on the nodes to ensure the desired state
Molecule (4/5)
Testing Ansible with Molecule
Molecule (5/5)
Testing Ansible with Molecule
- What can I test?
- Files exists and permissions
- Service are running
- User exists and is member of the correct groups
- Package installed
- Basic Software interaction (Test web server basic authentication)
Molecule Demo (1/3)
- Let’s try it!!
- Creates 2 nodes
- Converge both nodes
- Check for idempotence
- Lint the Ansible and Python code
- Verify the role against some tests
- Github Repo: github.com/luiscachog/elastic_stack (Thanks to GaRaGeD for provide a playbook to test)
Molecule Demo (2/3)
Terminal time!!
Molecule Demo (3/3)
TO-DO
- Ansible-Vault implementation
- Integrating Molecule into Travis CI, Circle CI, Jenkins, etc
Conclusion
- There are different testing solutions for Ansible, but Molecule is an Ansible-native and the robust option.
- Molecule allows you to create, converge, check idempotence, lint and verify your Ansible code.
- Molecule help you to create the best playbooks possible.
Questions?
Talk links, references and resources can be found at: luiscachog.io/talk/improve-ansible-roles-with-molecule
Thank you
You can find me on:
luiscachog [at] gmail.com | luiscachog.io | github.com/luiscachog | @luiscachog