feat!(molecule): switch from docker to vagrant to test system related roles like firewall

.gitignore

@@ -9,3 +9,5 @@ collections/ansible_collections/*/*/logs/*
 vault.yml
 inventory/inventory.yml
 !.gitkeep
+galaxy_cache
+galaxy_token

collections/ansible_collections/nullified/infrastructure/extensions/ansible.cfg

@@ -6,5 +6,3 @@ local_tmp               = /tmp
 inject_facts_as_vars    = False
 
 [privilege_escalation]
-become_method   = su
-become_flags    = "-l"

collections/ansible_collections/nullified/infrastructure/extensions/molecule/default/converge.yml

@@ -17,6 +17,12 @@
   hosts: molecule
   gather_facts: true
   tasks:
+    - name: Enable guest console access
+      become: true
+      ansible.builtin.systemd_service:
+        name: serial-getty@ttyS0.service
+        enabled: true
+        state: restarted
     - name: Testing common role
       ansible.builtin.include_role:
         name: nullified.infrastructure.common

collections/ansible_collections/nullified/infrastructure/extensions/molecule/default/create.yml

@@ -3,92 +3,45 @@
 - name: Create
   hosts: localhost
   gather_facts: false
-  vars:
+  connection: local
-    molecule_inventory:
-      all:
-        hosts: {}
-        molecule: {}
   tasks:
-    - name: Create a container
+    - name: Create instances
-      community.docker.docker_container:
+      vagrant:
-        name: "{{ item.name }}"
+        instances: "{{ molecule_yml.platforms }}"
-        image: "{{ item.image }}"
+        default_box: "{{ molecule_yml.driver.default_box | default('debian/bookworm64') }}"
-        detach: true
+        provider_name: "{{ molecule_yml.driver.provider.name | default(omit, true) }}"
-        state: started
+        provision: "{{ molecule_yml.driver.provision | default(omit) }}"
-        log_driver: json-file
+        cachier: "{{ molecule_yml.driver.cachier | default(omit) }}"
-        cgroupns_mode: private
+        parallel: "{{ molecule_yml.driver.parallel | default(omit) }}"
-        cgroup_parent: docker.slice
+        state: up
-        mounts:
+      register: server
-          - target: /run
+    - name: VMs info
-            type: tmpfs
-          - target: /run/lock
-            type: tmpfs
-          - target: /tmp:exec
-            type: tmpfs
-      register: result
-      loop: "{{ molecule_yml.platforms }}"
-
-    - name: Print some info
       ansible.builtin.debug:
-        msg: "{{ result.results }}"
+        msg: "{{ server.results }}"
-
+    - name: Create molecule instances configuration
-    - name: Fail if container is not running
+      when: server is changed # noqa no-handler
-      when: >
+      block:
-        item.container.State.ExitCode != 0 or
+        - name: Populate instance config dict
-        not item.container.State.Running
-      ansible.builtin.include_tasks:
-        file: tasks/create-fail.yml
-      loop: "{{ result.results }}"
-      loop_control:
-        label: "{{ item.container.Name }}"
-
-    - name: Add container to molecule_inventory
-      vars:
-        inventory_partial_yaml: |
-          all:
-            children:
-              molecule:
-                hosts:
-                  "{{ item.name }}":
-                    ansible_connection: community.docker.docker
-                    custom_base_user_account: root
-                    custom_common:
-                      apt:
-                        deb822_format: true
           ansible.builtin.set_fact:
-        molecule_inventory: >
+            instance_conf_dict:
-          {{ molecule_inventory | combine(inventory_partial_yaml | from_yaml) }}
+              {
-      loop: "{{ molecule_yml.platforms }}"
+                "instance": "{{ item.Host }}",
+                "address": "{{ item.HostName }}",
+                "user": "{{ item.User }}",
+                "port": "{{ item.Port }}",
+                "identity_file": "{{ item.IdentityFile }}",
+              }
+          loop: "{{ server.results }}"
           loop_control:
-        label: "{{ item.name }}"
+            label: "{{ item.Host }}"
+          register: instance_config_dict
 
-    - name: Dump molecule_inventory
+        - name: Convert instance config dict to a list
+          ansible.builtin.set_fact:
+            instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
+
+        - name: Dump instance config
           ansible.builtin.copy:
-        content: |
+            content: "{{ instance_conf | to_json | from_json | to_yaml }}"
-          {{ molecule_inventory | to_yaml }}
+            dest: "{{ molecule_instance_config }}"
-        dest: "{{ molecule_ephemeral_directory }}/inventory/molecule_inventory.yml"
+            mode: "0600"
-        mode: 0600
-
-    - name: Force inventory refresh
-      ansible.builtin.meta: refresh_inventory
-
-    - name: Fail if molecule group is missing
-      ansible.builtin.assert:
-        that: "'molecule' in groups"
-        fail_msg: |
-          molecule group was not found inside inventory groups: {{ groups }}
-      run_once: true # noqa: run-once[task]
-
-# we want to avoid errors like "Failed to create temporary directory"
-- name: Validate that inventory was refreshed
-  hosts: molecule
-  gather_facts: false
-  tasks:
-    - name: Check uname
-      ansible.builtin.raw: uname -a
-      register: result
-      changed_when: false
-
-    - name: Display uname info
-      ansible.builtin.debug:
-        msg: "{{ result.stdout }}"

collections/ansible_collections/nullified/infrastructure/extensions/molecule/default/destroy.yml

@@ -1,21 +1,28 @@
 ---
-# destroying the instances and removing them from instance-config
+- name: Destroy
-- name: Destroy molecule containers
-  hosts: molecule
-  gather_facts: false
-  tasks:
-    - name: Stop and remove container
-      delegate_to: localhost
-      community.docker.docker_container:
-        name: "{{ inventory_hostname }}"
-        state: absent
-        auto_remove: true
-
-- name: Remove dynamic molecule inventory
   hosts: localhost
+  connection: local
   gather_facts: false
   tasks:
-    - name: Remove dynamic inventory file
+    - name: Destroy molecule instance(s) # noqa fqcn[action]
-      ansible.builtin.file:
+      vagrant:
-        path: "{{ molecule_ephemeral_directory }}/inventory/molecule_inventory.yml"
+        instances: "{{ molecule_yml.platforms }}"
-        state: absent
+        default_box: "{{ molecule_yml.driver.default_box | default('debian/bookworm64') }}"
+        provider_name: "{{ molecule_yml.driver.provider.name | default(omit, true) }}"
+        cachier: "{{ molecule_yml.driver.cachier | default(omit) }}"
+        force_stop: "{{ item.force_stop | default(true) }}"
+        state: destroy
+      register: server
+
+    - name: Populate instance config
+      ansible.builtin.set_fact:
+        instance_conf: {}
+
+    - name: Dump instance config # noqa no-handler
+      ansible.builtin.copy:
+        content: |
+          # Molecule managed
+          {{ instance_conf | to_json | from_json | to_yaml }}
+        dest: "{{ molecule_instance_config }}"
+        mode: "0600"
+      when: server.changed | bool

collections/ansible_collections/nullified/infrastructure/extensions/molecule/default/molecule.yml

@@ -4,6 +4,36 @@ dependency:
   name: galaxy
   options:
     requirements-file: requirements.yml
+driver:
+  name: vagrant
+  provider:
+    name: libvirt
+  provision: false
+  cachier: machine
+  parallel: true
+  default_box: debian/bookworm64
 platforms:
   - name: debian-bookworm
-    image: pouncetech/molecule:debian-bookworm
+    box: debian/bookworm64
+    memory: 2048
+    cpus: 4
+    hostname: debian-bookworm
+    interfaces:
+      - auto_config: true
+        network_name: private_network
+        type: dhcp
+    instance_raw_config_args: []
+    config_options:
+      ssh.keep_alive: yes
+      ssh.remote_user: 'vagrant'
+    provider_options:
+      video_type: vga
+    provider_raw_config_args: []
+    groups:
+      - molecule
+provisioner:
+  name: ansible
+  inventory:
+    group_vars:
+      all:
+        custom_base_user_account: 'vagrant'

collections/ansible_collections/nullified/infrastructure/roles/development/tasks/main.yml

@@ -52,6 +52,15 @@
       - libsecret-1-0 # draw.io
       - libssl-dev
       - libtool
+      - libvirt0
+      - libvirt-clients
+      - libvirt-clients-qemu
+      - libvirt-daemon
+      - libvirt-daemon-config-network
+      - libvirt-daemon-driver-lxc
+      - libvirt-daemon-driver-vbox
+      - libvirt-daemon-system
+      - libvirt-daemon-system-systemd
       - libxss1 # draw.io
       - libxtst6 # draw.io
       - linux-headers-amd64
@@ -277,13 +286,6 @@
       when: development.docker.userns is truthy
       notify:
         - 'development : [docker] restart service'
-
-    - name: '[docker] add default user to docker group'
-      ansible.builtin.user:
-        name: "{{ development.user_account }}"
-        append: true
-        groups: docker
-        state: present
   notify:
     - 'development : [docker] restart service'
 
@@ -388,3 +390,15 @@
       script:
         cmd: /tmp/rustup.sh -qy
         creates: "{{ ansible_facts['getent_passwd'][development.user_account][4] }}/.cargo/bin/rustc"
+
+- name: '[user] add default user to groups'
+  become: true
+  ansible.builtin.user:
+    name: "{{ development.user_account }}"
+    append: true
+    groups:
+      - docker
+      - kvm
+      - libvirt
+      - libvirt-qemu
+    state: present

requirements.txt

@@ -9,6 +9,6 @@ molecule==6.0.1
 molecule-plugins==23.5.0
 paramiko==3.3.1
 pycurl==7.45.2
-Pygments==2.16.1
 pylint==2.17.5
+python-vagrant==1.0.0
 yamllint==1.32.0