Molecule is a framework to run automated tests for Ansible playbooks/roles.
Here I will go into how to set it up and use it. (basically)
Install testing tools:
pip3 install molecule molecule-dockercd PATH/TO/ROLE # p.e. "cd /home/guy/ansible/roles/infra_wireguard"
# to run build the test instances, run the tests and clean up afterwards
molecule test
# for troubleshooting
molecule create
# now we can run the actual playbook as many times as we need/want
molecule converge
# test it
molecule verify
# clean it up when we finished troubleshooting
molecule destroyAnsibleGuy Roles use Docker as testing-platform.
These steps have to be performed before running the tests:
-
You need to install molecule version '4.0.1'
python3 -m pip install molecule==4.0.1!Why?
I use YAML-anchors to keep my molecule configuration to a minimum - the current version of molecule does not allow those to be defined. See: molecule issue 3689
-
Add the 'molecule-docker.local' DNS-Record to your '/etc/hosts' file and point it to your docker-server to use.
-
You will have to add the 'DOCKER_HOST' environmental variable:
export DOCKER_HOST="tcp://molecule-docker.local:2375"Run in debug mode and enable command-logging:
MOLECULE_NO_LOG=false molecule --debug createMolecule dynamically creates VMs or Containers that are used as target for you Ansible playbook to test.
There are some options to choose from:
-
Official community drivers
-
Additional drivers
There are some usage differences between those platforms.
I'll only go into the details of platforms I've experience with.
You need a docker server/instance to deploy the test-servers to.
Install docker as described here
sudo apt-get update
sudo apt-get -y install ca-certificates curl gnupg lsb-releaseAdd the repository
# ubuntu
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# debian
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get updateEither way - the docker server must have the following setting configured in '/etc/docker/daemon.json':
{"cgroup-parent": "docker.slice"}Restart docker after adding that setting. This allows systemd to work inside the container without mapping cgroup manually.
For further information see: serverfault.com
This is only recommended if you have powerful hardware and/or very simple role-tests.
Some of my roles use 10+ containers and therefor use a good amount of RAM/CPU at peak times.
You will have to set-up docker as described here.
Switch the docker_host to your local one. (${role}/molecule/default/molecule.yml)
docker_host: 'unix://var/run/docker.sock' # localhostInstallation
sudo apt-get -y install docker-ce-cliAs mentioned before/above - we recommend running the testing on a server.
You might want to consider using the docker role to provision a docker server as a vm.
You will have to configure the ip-address to your docker-server. (${role}/molecule/default/molecule.yml)
docker_host: 'tcp://IP:PORT' # p.e. tcp://172.17.0.50:2375But it seems like the docker module does not get the molecule config. (Still connecting to localhost)
Therefore, you will have to set this environmental variable in addition:
export DOCKER_HOST='tcp://IP:PORT'