Improve Ansible Roles with Molecule

Luis Cacho

Security Systems Administrator

@Rackspace

luiscachog.io | @luiscachog | github.com/luiscachog

Agenda

  • Ansible Review
    • YAML Review
  • Test Automation
    • Testing options for Ansible
  • Molecule
  • Demo!!

Ansible (1/4)

Use Cases Attributes
Configuration Management Simple
Software Provisioning Powerful
Security and Compliance Agentless
Application Deployment Cross Platform
Orchestration Over 450 Modules
Continuous Delivery Big Community

Ansible (2/4)

Ansible (3/4)

Ansible (4/4)

  • Playbooks contain/connect roles
  • Roles contain plays
  • Plays contain tasks
  • Tasks execute a module
  • Tasks run sequencially
  • Handlers are triggered by tasks, runs once at the end of the play

Test Automation (1/2)

  • Reliable Code
  • Quality (Fast feedback)
  • Time and cost saving
  • Faster Development Cycle (CI/CD)
  • Repeatability (Test same change accross multiple environments (OS, Providers); multiple data sets)

Test Automation (2/2)

Testing options for Ansible

  • Ansible tasks - Test Ansible w/ Ansible
  • Test Kitchen - Test Ansible w/ Ruby
  • ansible-test - Test Ansible w/ Unmaintained Python
  • Molecule - Test Ansible w/ Python

Molecule (1/5)

Testing Ansible with Molecule

  • Tool designed to aid in the development and testing of Ansible roles.
  • Provides support for testing with multiple instances, operating systems, providers, test frameworks and testing scenarios.
  • Encourages an approach that results in consistently developed roles that are well-written, easily understood and maintained.

github.com/ansible/molecule | molecule.readthedocs.io

Molecule (2/5)

Testing Ansible with Molecule

Pros Cons
- Written in Python - No Windows support
- Ansible-Native - No Dinamyc Inventory support
- Established community
- Open Source

Molecule (3/5)

Testing Ansible with Molecule

  • Creates nodes for testing
  • Run the playbook on the nodes
  • Run the playbook again to test idempotence
  • Lints the Ansible code with ansible-lint
  • Lint the Python code with flake8
  • Runs the verifier tests on the nodes to ensure the desired state

Molecule (4/5)

Testing Ansible with Molecule

Molecule (5/5)

Testing Ansible with Molecule

  • What can I test?
    • Files exists and permissions
    • Service are running
    • User exists and is member of the correct groups
    • Package installed
    • Basic Software interaction (Test web server basic authentication)

Molecule Demo (1/3)

  • Let’s try it!!
    • Creates 2 nodes
    • Converge both nodes
    • Check for idempotence
    • Lint the Ansible and Python code
    • Verify the role against some tests
  • Github Repo: github.com/luiscachog/elastic_stack (Thanks to GaRaGeD for provide a playbook to test)

Molecule Demo (2/3)

Terminal time!!

Molecule Demo (3/3)

TO-DO

  • Ansible-Vault implementation
  • Integrating Molecule into Travis CI, Circle CI, Jenkins, etc

Conclusion

  • There are different testing solutions for Ansible, but Molecule is an Ansible-native and the robust option.
  • Molecule allows you to create, converge, check idempotence, lint and verify your Ansible code.
  • Molecule help you to create the best playbooks possible.

Questions?

Talk links, references and resources can be found at: luiscachog.io/talk/improve-ansible-roles-with-molecule

Thank you

You can find me on:

luiscachog [at] gmail.com | luiscachog.io | github.com/luiscachog | @luiscachog