fix(molecule): working again, added test for provisioner load_vars

2025-03-11 00:00:00 +00:00 · 2025-03-11 00:00:00 +00:00 · c6670c1c5f
commit c6670c1c5f
parent 6707ece8e0
8 changed files with 38 additions and 4 deletions
--- a/ansible_collections/nullified/infrastructure/extensions/molecule/default/converge.yml
+++ b/ansible_collections/nullified/infrastructure/extensions/molecule/default/converge.yml
@ -15,21 +15,45 @@
  vars_files:
    - ../../../../../../inventory/group_vars/all/vars.yml
    - ../../../../../../inventory/group_vars/all/vault.yml
+    - ../../../../../../inventory/group_vars/provisioner/vars.yml
    - ./platform_vars.yml
+  handlers:
+    - name: reboot vm
+      become: true
+      changed_when: false
+      ansible.builtin.reboot:
+        reboot_timeout: 10
  tasks:
    - include_vars: ../../../../../../inventory/group_vars/all/vars.yml
    - include_vars: ../../../../../../inventory/group_vars/all/vault.yml
+    - include_vars: ../../../../../../inventory/group_vars/provisioner/vars.yml
    - include_vars: ./platform_vars.yml
    - name: Platform hostvars
      ansible.builtin.debug:
        msg: "{{ hostvars[inventory_hostname] }}"
        verbosity: 1
+    - name: Upgrade system since vagrant boxes are often outdated
+      become: true
+      notify:
+        - reboot vm
+      ansible.builtin.apt:
+        update_cache: true
+        force_apt_get: true
+        cache_valid_time: 3600
+        autoremove: true
+        install_recommends: false
+        upgrade: full
+    - meta: flush_handlers
    - name: Enable guest console access
      become: true
      ansible.builtin.systemd_service:
        name: serial-getty@ttyS0.service
        enabled: true
        state: restarted
+    - name: Testing provisioner variables loading
+      ansible.builtin.include_role:
+        name: nullified.infrastructure.provisioner
+        tasks_from: load_facts.yml
    - name: Testing security role
      ansible.builtin.include_role:
        name: nullified.infrastructure.security
--- a/ansible_collections/nullified/infrastructure/extensions/molecule/default/molecule.yml
+++ b/ansible_collections/nullified/infrastructure/extensions/molecule/default/molecule.yml
@ -31,6 +31,7 @@ platforms:
    provider_raw_config_args: []
    groups:
      - molecule
+      - provisioner
 provisioner:
  name: ansible
  config_options:
@ -39,3 +40,5 @@ provisioner:
  inventory:
    group_vars:
      molecule:
+        provisioner_hostname: 'debian-bookworm'
+      provisioner:
--- a/ansible_collections/nullified/infrastructure/extensions/molecule/default/platform_vars.yml
+++ b/ansible_collections/nullified/infrastructure/extensions/molecule/default/platform_vars.yml
@ -2,3 +2,10 @@ custom_base_user_account: 'vagrant'
 security_firewall_mangle_drop_privatenets: false
 security_configure_resolve_conf: true
 global_ip_dualstack: false
+external_provisioner_source_ips:
+  - '10.0.0.0/8'
+  - '100.64.0.0/10'
+  - '172.16.0.0/12'
+  - '192.0.0.0/24'
+  - '192.168.0.0/16'
+  - '198.18.0.0/15'
--- a/ansible_collections/nullified/infrastructure/roles/development/tasks/main.yml
+++ b/ansible_collections/nullified/infrastructure/roles/development/tasks/main.yml
@ -243,6 +243,7 @@
  become_user: "{{ development_user_account }}"
  ansible.builtin.command:
    cmd: "pipx inject {{ item.venv }} {{ item.extension }}"
+    # @todo not portable, will not work as expected, replace with actual python version
    creates:
      "{{ ansible_facts['getent_passwd'][development_user_account][4] }}/.local/pipx/venvs/{{ item.venv }}/lib/python3.11/site-packages/{{ item.creates }}"
  loop:
--- a/ansible_collections/nullified/infrastructure/roles/helm/tasks/main.yml
+++ b/ansible_collections/nullified/infrastructure/roles/helm/tasks/main.yml
@ -23,7 +23,6 @@
  register: helm_local_version_exec

 - name: find latest available version
-  connection: local
  ansible.builtin.shell: |-
    curl -sSL https://api.github.com/repos/helm/helm/releases/latest | jq -r '.tag_name'
  register: latest_helm_version_exec
--- a/ansible_collections/nullified/infrastructure/roles/kubectl/tasks/main.yml
+++ b/ansible_collections/nullified/infrastructure/roles/kubectl/tasks/main.yml
@ -23,7 +23,6 @@
  register: kubectl_local_version_exec

 - name: find latest available version
-  connection: local
  ansible.builtin.command: curl -L -s https://dl.k8s.io/release/stable.txt
  register: latest_kubectl_version_exec
  when: kubectl_install_version is falsy or kubectl_install_version == "latest"
--- a/ansible_collections/nullified/infrastructure/roles/provisioner/tasks/load_facts.yml
+++ b/ansible_collections/nullified/infrastructure/roles/provisioner/tasks/load_facts.yml
@ -3,7 +3,7 @@
  block:
    - name: save current provisioner hostname
      ansible.builtin.set_fact:
-        provisioner_hostname: '{{ lookup("ansible.builtin.pipe", "hostname") }}'
+        provisioner_hostname: '{{ provisioner_hostname | default(lookup("ansible.builtin.pipe", "hostname"), true) }}'
    - name: retrieve hostnames and IP addresses of all provisioners
      ansible.builtin.set_fact:
        provisioner_controllers_list:
--- a/ansible_collections/nullified/infrastructure/roles/workstation/tasks/main.yml
+++ b/ansible_collections/nullified/infrastructure/roles/workstation/tasks/main.yml
@ -148,9 +148,10 @@
    - { path: '/srv/git/work' }
    - { path: '/srv/storage' }

- name: '[emacs] fetch emacs configuration files'
+- name: 'DISABLED: [emacs] fetch emacs configuration files'
  become: true
  become_user: "{{ workstation_user_account }}"
+  when: false
  ansible.builtin.git:
    repo: "https://gitlab.0x2a.ninja/naeikindus/emacsd.git"
    dest: "{{ ansible_facts['getent_passwd'][workstation_user_account][4] }}/.emacs.d"