From d25d07725339d59e8f21559585280f44bfc55e50 Mon Sep 17 00:00:00 2001 From: NaeiKinDus Date: Mon, 25 Dec 2023 00:00:00 +0000 Subject: [PATCH] feat!(molecule): switch from docker to vagrant to test system related roles like firewall --- .gitignore | 2 + .../infrastructure/extensions/ansible.cfg | 2 - .../extensions/molecule/default/converge.yml | 6 + .../extensions/molecule/default/create.yml | 123 ++++++------------ .../extensions/molecule/default/destroy.yml | 41 +++--- .../extensions/molecule/default/molecule.yml | 32 ++++- .../roles/development/tasks/main.yml | 28 +++- requirements.txt | 2 +- 8 files changed, 123 insertions(+), 113 deletions(-) diff --git a/.gitignore b/.gitignore index 4f2a81e..6c9f051 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,5 @@ collections/ansible_collections/*/*/logs/* vault.yml inventory/inventory.yml !.gitkeep +galaxy_cache +galaxy_token diff --git a/collections/ansible_collections/nullified/infrastructure/extensions/ansible.cfg b/collections/ansible_collections/nullified/infrastructure/extensions/ansible.cfg index 9889cf9..96e5b91 100644 --- a/collections/ansible_collections/nullified/infrastructure/extensions/ansible.cfg +++ b/collections/ansible_collections/nullified/infrastructure/extensions/ansible.cfg @@ -6,5 +6,3 @@ local_tmp = /tmp inject_facts_as_vars = False [privilege_escalation] -become_method = su -become_flags = "-l" diff --git a/collections/ansible_collections/nullified/infrastructure/extensions/molecule/default/converge.yml b/collections/ansible_collections/nullified/infrastructure/extensions/molecule/default/converge.yml index e4234c9..124f9bf 100644 --- a/collections/ansible_collections/nullified/infrastructure/extensions/molecule/default/converge.yml +++ b/collections/ansible_collections/nullified/infrastructure/extensions/molecule/default/converge.yml @@ -17,6 +17,12 @@ hosts: molecule gather_facts: true tasks: + - name: Enable guest console access + become: true + ansible.builtin.systemd_service: + name: serial-getty@ttyS0.service + enabled: true + state: restarted - name: Testing common role ansible.builtin.include_role: name: nullified.infrastructure.common diff --git a/collections/ansible_collections/nullified/infrastructure/extensions/molecule/default/create.yml b/collections/ansible_collections/nullified/infrastructure/extensions/molecule/default/create.yml index 552da68..6b1178e 100644 --- a/collections/ansible_collections/nullified/infrastructure/extensions/molecule/default/create.yml +++ b/collections/ansible_collections/nullified/infrastructure/extensions/molecule/default/create.yml @@ -3,92 +3,45 @@ - name: Create hosts: localhost gather_facts: false - vars: - molecule_inventory: - all: - hosts: {} - molecule: {} + connection: local tasks: - - name: Create a container - community.docker.docker_container: - name: "{{ item.name }}" - image: "{{ item.image }}" - detach: true - state: started - log_driver: json-file - cgroupns_mode: private - cgroup_parent: docker.slice - mounts: - - target: /run - type: tmpfs - - target: /run/lock - type: tmpfs - - target: /tmp:exec - type: tmpfs - register: result - loop: "{{ molecule_yml.platforms }}" - - - name: Print some info + - name: Create instances + vagrant: + instances: "{{ molecule_yml.platforms }}" + default_box: "{{ molecule_yml.driver.default_box | default('debian/bookworm64') }}" + provider_name: "{{ molecule_yml.driver.provider.name | default(omit, true) }}" + provision: "{{ molecule_yml.driver.provision | default(omit) }}" + cachier: "{{ molecule_yml.driver.cachier | default(omit) }}" + parallel: "{{ molecule_yml.driver.parallel | default(omit) }}" + state: up + register: server + - name: VMs info ansible.builtin.debug: - msg: "{{ result.results }}" + msg: "{{ server.results }}" + - name: Create molecule instances configuration + when: server is changed # noqa no-handler + block: + - name: Populate instance config dict + ansible.builtin.set_fact: + instance_conf_dict: + { + "instance": "{{ item.Host }}", + "address": "{{ item.HostName }}", + "user": "{{ item.User }}", + "port": "{{ item.Port }}", + "identity_file": "{{ item.IdentityFile }}", + } + loop: "{{ server.results }}" + loop_control: + label: "{{ item.Host }}" + register: instance_config_dict - - name: Fail if container is not running - when: > - item.container.State.ExitCode != 0 or - not item.container.State.Running - ansible.builtin.include_tasks: - file: tasks/create-fail.yml - loop: "{{ result.results }}" - loop_control: - label: "{{ item.container.Name }}" + - name: Convert instance config dict to a list + ansible.builtin.set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" - - name: Add container to molecule_inventory - vars: - inventory_partial_yaml: | - all: - children: - molecule: - hosts: - "{{ item.name }}": - ansible_connection: community.docker.docker - custom_base_user_account: root - custom_common: - apt: - deb822_format: true - ansible.builtin.set_fact: - molecule_inventory: > - {{ molecule_inventory | combine(inventory_partial_yaml | from_yaml) }} - loop: "{{ molecule_yml.platforms }}" - loop_control: - label: "{{ item.name }}" - - - name: Dump molecule_inventory - ansible.builtin.copy: - content: | - {{ molecule_inventory | to_yaml }} - dest: "{{ molecule_ephemeral_directory }}/inventory/molecule_inventory.yml" - mode: 0600 - - - name: Force inventory refresh - ansible.builtin.meta: refresh_inventory - - - name: Fail if molecule group is missing - ansible.builtin.assert: - that: "'molecule' in groups" - fail_msg: | - molecule group was not found inside inventory groups: {{ groups }} - run_once: true # noqa: run-once[task] - -# we want to avoid errors like "Failed to create temporary directory" -- name: Validate that inventory was refreshed - hosts: molecule - gather_facts: false - tasks: - - name: Check uname - ansible.builtin.raw: uname -a - register: result - changed_when: false - - - name: Display uname info - ansible.builtin.debug: - msg: "{{ result.stdout }}" + - name: Dump instance config + ansible.builtin.copy: + content: "{{ instance_conf | to_json | from_json | to_yaml }}" + dest: "{{ molecule_instance_config }}" + mode: "0600" diff --git a/collections/ansible_collections/nullified/infrastructure/extensions/molecule/default/destroy.yml b/collections/ansible_collections/nullified/infrastructure/extensions/molecule/default/destroy.yml index f449508..10b7ca7 100644 --- a/collections/ansible_collections/nullified/infrastructure/extensions/molecule/default/destroy.yml +++ b/collections/ansible_collections/nullified/infrastructure/extensions/molecule/default/destroy.yml @@ -1,21 +1,28 @@ --- -# destroying the instances and removing them from instance-config -- name: Destroy molecule containers - hosts: molecule - gather_facts: false - tasks: - - name: Stop and remove container - delegate_to: localhost - community.docker.docker_container: - name: "{{ inventory_hostname }}" - state: absent - auto_remove: true - -- name: Remove dynamic molecule inventory +- name: Destroy hosts: localhost + connection: local gather_facts: false tasks: - - name: Remove dynamic inventory file - ansible.builtin.file: - path: "{{ molecule_ephemeral_directory }}/inventory/molecule_inventory.yml" - state: absent + - name: Destroy molecule instance(s) # noqa fqcn[action] + vagrant: + instances: "{{ molecule_yml.platforms }}" + default_box: "{{ molecule_yml.driver.default_box | default('debian/bookworm64') }}" + provider_name: "{{ molecule_yml.driver.provider.name | default(omit, true) }}" + cachier: "{{ molecule_yml.driver.cachier | default(omit) }}" + force_stop: "{{ item.force_stop | default(true) }}" + state: destroy + register: server + + - name: Populate instance config + ansible.builtin.set_fact: + instance_conf: {} + + - name: Dump instance config # noqa no-handler + ansible.builtin.copy: + content: | + # Molecule managed + {{ instance_conf | to_json | from_json | to_yaml }} + dest: "{{ molecule_instance_config }}" + mode: "0600" + when: server.changed | bool diff --git a/collections/ansible_collections/nullified/infrastructure/extensions/molecule/default/molecule.yml b/collections/ansible_collections/nullified/infrastructure/extensions/molecule/default/molecule.yml index 207a846..227b4a1 100644 --- a/collections/ansible_collections/nullified/infrastructure/extensions/molecule/default/molecule.yml +++ b/collections/ansible_collections/nullified/infrastructure/extensions/molecule/default/molecule.yml @@ -4,6 +4,36 @@ dependency: name: galaxy options: requirements-file: requirements.yml +driver: + name: vagrant + provider: + name: libvirt + provision: false + cachier: machine + parallel: true + default_box: debian/bookworm64 platforms: - name: debian-bookworm - image: pouncetech/molecule:debian-bookworm + box: debian/bookworm64 + memory: 2048 + cpus: 4 + hostname: debian-bookworm + interfaces: + - auto_config: true + network_name: private_network + type: dhcp + instance_raw_config_args: [] + config_options: + ssh.keep_alive: yes + ssh.remote_user: 'vagrant' + provider_options: + video_type: vga + provider_raw_config_args: [] + groups: + - molecule +provisioner: + name: ansible + inventory: + group_vars: + all: + custom_base_user_account: 'vagrant' diff --git a/collections/ansible_collections/nullified/infrastructure/roles/development/tasks/main.yml b/collections/ansible_collections/nullified/infrastructure/roles/development/tasks/main.yml index 3c86599..662cfa5 100644 --- a/collections/ansible_collections/nullified/infrastructure/roles/development/tasks/main.yml +++ b/collections/ansible_collections/nullified/infrastructure/roles/development/tasks/main.yml @@ -52,6 +52,15 @@ - libsecret-1-0 # draw.io - libssl-dev - libtool + - libvirt0 + - libvirt-clients + - libvirt-clients-qemu + - libvirt-daemon + - libvirt-daemon-config-network + - libvirt-daemon-driver-lxc + - libvirt-daemon-driver-vbox + - libvirt-daemon-system + - libvirt-daemon-system-systemd - libxss1 # draw.io - libxtst6 # draw.io - linux-headers-amd64 @@ -277,13 +286,6 @@ when: development.docker.userns is truthy notify: - 'development : [docker] restart service' - - - name: '[docker] add default user to docker group' - ansible.builtin.user: - name: "{{ development.user_account }}" - append: true - groups: docker - state: present notify: - 'development : [docker] restart service' @@ -388,3 +390,15 @@ script: cmd: /tmp/rustup.sh -qy creates: "{{ ansible_facts['getent_passwd'][development.user_account][4] }}/.cargo/bin/rustc" + +- name: '[user] add default user to groups' + become: true + ansible.builtin.user: + name: "{{ development.user_account }}" + append: true + groups: + - docker + - kvm + - libvirt + - libvirt-qemu + state: present diff --git a/requirements.txt b/requirements.txt index 4594287..72b89b2 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9,6 +9,6 @@ molecule==6.0.1 molecule-plugins==23.5.0 paramiko==3.3.1 pycurl==7.45.2 -Pygments==2.16.1 pylint==2.17.5 +python-vagrant==1.0.0 yamllint==1.32.0