From 446c8848517954361f4e019a9c4cb4864c4ece3c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <joerg.sachse@slub-dresden.de>
Date: Wed, 2 Oct 2024 15:44:30 +0200
Subject: [PATCH] test: increase Molecule test coverage by checking for
specific ESXi hypervisor only on tasks that absolutely need it
---
tasks/main.yml | 8 +--
tasks/migrate_ntpd_to_esxi_timesync.yml | 68 ++++++++++++++-----------
2 files changed, 44 insertions(+), 32 deletions(-)
diff --git a/tasks/main.yml b/tasks/main.yml
index 7d5f2cb..23134a8 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -25,9 +25,11 @@
- name: NTP-Client
ansible.builtin.import_tasks: "migrate_ntpd_to_esxi_timesync.yml"
- when: # implicit AND when passing a list
- - ansible_facts.virtualization_role == "guest"
- - ansible_facts.virtualization_type == "VMware"
+ # We want to keep Chrony/NTPd von physical machines, so this will only ever
+ # need to be executed on VMs. Physical hosts will have
+ # ansible_facts.virtualization_role: "host"
+ # in their facts.
+ when: ansible_facts.virtualization_role == "guest"
tags: [ntp, ntpd, time]
- name: Systempakete installieren
diff --git a/tasks/migrate_ntpd_to_esxi_timesync.yml b/tasks/migrate_ntpd_to_esxi_timesync.yml
index ff32482..3ec28e8 100644
--- a/tasks/migrate_ntpd_to_esxi_timesync.yml
+++ b/tasks/migrate_ntpd_to_esxi_timesync.yml
@@ -27,35 +27,45 @@
- "/etc/ntp.conf"
- "/etc/ntpsec/ntp.conf"
-# details can be found at sdvgubs10 project, issue #2
-# https://git.slub-dresden.de/slub-referat-2-4/sdvgubs10
-- name: make sure open-vm-tools are installed
- ansible.builtin.package:
- name: "open-vm-tools"
- state: latest
+- name: configure ESXi based time synchronisation
+ when: ansible_facts.virtualization_type == "VMware"
+ # This whole set of tasks is skipped in Molecule tests, because they
+ # usually don't run on ESXi hypervisors here at SLUB during local tests or
+ # in CI. It is indeed tempting to check for other hypervisors here, but it
+ # doesn't make any sense, because the tasks are strictly bound to technolo-
+ # gies that work ONLY with ESXi, so using something like:
+ # ansible_facts.virtualization_type == "virtualbox"
+ # will not save you. Just don't.
+ block:
+ # details can be found at sdvgubs10 project, issue #2
+ # https://git.slub-dresden.de/slub-referat-2-4/sdvgubs10
+ - name: make sure open-vm-tools are installed
+ ansible.builtin.package:
+ name: "open-vm-tools"
+ state: latest
-- name: make sure that 'vmware-toolbox-cmd' exists
- ansible.builtin.stat:
- path: "/usr/bin/vmware-toolbox-cmd"
- follow: true
- register: vmtools
+ - name: make sure that 'vmware-toolbox-cmd' exists
+ ansible.builtin.stat:
+ path: "/usr/bin/vmware-toolbox-cmd"
+ follow: true
+ register: vmtools
-- name: get current ESXi timesync status
- ansible.builtin.command: "/usr/bin/vmware-toolbox-cmd timesync status"
- when:
- - vmtools.stat.exists
- - vmtools.stat.isreg
- - vmtools.stat.xusr
- register: timesync
- failed_when: ( timesync.rc != 0 ) and ( timesync.rc != 69 )
- changed_when: false
+ - name: get current ESXi timesync status
+ ansible.builtin.command: "/usr/bin/vmware-toolbox-cmd timesync status"
+ when:
+ - vmtools.stat.exists
+ - vmtools.stat.isreg
+ - vmtools.stat.xusr
+ register: timesync
+ failed_when: ( timesync.rc != 0 ) and ( timesync.rc != 69 )
+ changed_when: false
-- name: enable ESXi timesync if necessary
- ansible.builtin.command: "/usr/bin/vmware-toolbox-cmd timesync enable"
- when:
- - ( timesync.stdout not in "Aktiviert" ) or
- ( timesync.stdout not in "Enabled" )
- - vmtools.stat.exists
- - vmtools.stat.isreg
- - vmtools.stat.xusr
- changed_when: false
+ - name: enable ESXi timesync if necessary
+ ansible.builtin.command: "/usr/bin/vmware-toolbox-cmd timesync enable"
+ when:
+ - ( timesync.stdout not in "Aktiviert" ) or
+ ( timesync.stdout not in "Enabled" )
+ - vmtools.stat.exists
+ - vmtools.stat.isreg
+ - vmtools.stat.xusr
+ changed_when: false
--
GitLab