chore: change GitLab-CI pipeline to VM based

.gitlab-ci.yml

----
 # A pipeline is composed of independent jobs that run scripts, grouped into stages.
 # Stages run in sequential order, but jobs within stages run in parallel.
 #
 # For more information, see: https://docs.gitlab.com/ee/ci/yaml/index.html#stages
 
 stages:          # List of stages for jobs, and their order of execution
-  - build
   - test
-  - cleanup
-
-variables:
-  IMAGE_TARGET: "$CI_REGISTRY_IMAGE/bullseye_ansible"
-#  CI_DEBUG_TRACE: "true"
 
 default:
-  image:
-    name: "${IMAGE_TARGET}:latest"
   before_script:
     - source /opt/molecule/bin/activate
     - ansible --version
     - molecule --version
-    - docker --version
-
-build-env-job:       # This job runs in the build stage, which runs first.
-  stage: build
-  timeout: 30m
-  tags:
-    - "docker"
-  image:
-    name: gcr.io/kaniko-project/executor:debug
-    entrypoint: [""]
-  before_script: []
-  script:
-    - mkdir -p /kaniko/.docker
-    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(printf "%s:%s" "$CI_REGISTRY_USER" "$CI_REGISTRY_PASSWORD" | base64 | tr -d '\n')\"},\"$(printf "%s" "$CI_DEPENDENCY_PROXY_SERVER" | cut -d':' -f1)\":{\"auth\":\"$(printf "%s:%s" "$CI_DEPENDENCY_PROXY_USER" "$CI_DEPENDENCY_PROXY_PASSWORD" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
-    - >-
-      /kaniko/executor
-      --context "${CI_PROJECT_DIR}"
-      --dockerfile "${CI_PROJECT_DIR}/molecule/resources/playbooks/Dockerfile"
-      --destination "${IMAGE_TARGET}:latest"
 
-test-job:        # This job runs in the test stage.
-  stage: test    # It only starts when the job in the build stage completes successfully.
+test-job:
+  stage: test
   tags:
     - "shell"
   script:
     # make sure that Ansible Vaults are present and can be decrypted
-    # - sudo chown -R lza /builds/sachse/
     - echo "${VAULT_LZA_PROXY}" > ../lza_proxy.pass
     - export ANSIBLE_VAULT_PASSWORD_FILE=../lza_proxy.pass
     - rm -rf ../ansible_vaults/
-    - git clone https://gitlab+deploy-token-25:${VAULT_ACCESS_TOKEN}@git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git ../ansible_vaults/
-    # - sudo chmod o-w "${CI_PROJECT_DIR}"
+    - git clone https://gitlab+deploy-token-25:${VAULT_ACCESS_TOKEN}@git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git ../ansible_vaults/; \
     # run Molecule tests
     - molecule syntax --scenario-name default
     - molecule lint --scenario-name default
+    - molecule create --scenario-name default
     - molecule converge --scenario-name default
     - molecule idempotence --scenario-name default
       #- molecule verify --scenario-name default
     - molecule destroy --scenario-name default
-
-cleanup-job:
-  stage: cleanup
-  tags:
-    - "shell"
-  script:
-    - rm -rf "%CACHE_PATH%/%CI_PIPELINE_ID%"
-  when: always

handlers/main.yml

@@ -22,5 +22,3 @@
   ansible.builtin.systemd:
     name: "squid.service"
     state: restarted
-  # Don't run systemd restart handler, because SystemD isn't available in the Docker container during Molecule tests.
-  tags: [molecule-notest]

molecule/default/molecule.yml

 ---
-prerun: false
 dependency:
   name: galaxy
-  enabled: false
 driver:
-  name: docker
+  name: vagrant
 platforms:
-  - name: instance
-    dockerfile: ../resources/playbooks/Dockerfile
-    image: registry.git.slub-dresden.de/sachse/mytestrole/bullseye_ansible:latest
-    pre_build_image: false
+  - name: vm-runner
+    box: debian/bullseye64
+    memory: 1024
 provisioner:
   name: ansible
   playbooks:
@@ -20,7 +17,3 @@ provisioner:
     verify: ../resources/playbooks/verify.yml
 verifier:
   name: ansible
-lint: |
-  set -e
-  yamllint .
-  ansible-lint -x no-loop-var-prefix,command-instead-of-module

molecule/resources/playbooks/Dockerfile

-FROM debian:stable-slim
-
-RUN adduser lza;
-
-### configure SLUB Debian Repository
-RUN apt-get update; \
-    apt-get install -y --no-install-recommends gnupg wget git python3 ansible sudo; \
-    wget -O - http://sdvdebianrepo.slub-dresden.de/deb-repository/pub.gpg.key | apt-key add - ; \
-    echo "deb http://sdvdebianrepo.slub-dresden.de/deb-repository bullseye main" > /etc/apt/sources.list.d/slub.list; \
-    apt-get update;
-    #apt-get -y --no-install-recommends install python3-pip python3-virtualenv;
-
-RUN echo "lza     ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/lza-user
-
-USER lza

molecule/resources/playbooks/INSTALL.rst

+*********************************
+Vagrant driver installation guide
+*********************************
+
+Requirements
+============
+
+* Vagrant
+* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop
+
+Install
+=======
+
+Please refer to the `Virtual environment`_ documentation for installation best
+practices. If not using a virtual environment, please consider passing the
+widely recommended `'--user' flag`_ when invoking ``pip``.
+
+.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
+.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
+
+.. code-block:: bash
+
+    $ pip install 'molecule_vagrant'

molecule/resources/playbooks/converge.yml

 ---
 - name: Converge
   hosts: all
-  tasks:
-    - name: "Include role"
-      ansible.builtin.include_role:
-        name: "ansible_lza_proxy"
+  pre_tasks:
+    - name: update apt cache
+      ansible.builtin.apt:
+        update_cache: true
+        upgrade: dist
       become: true
+  roles:
+    - {name: "ansible_lza_proxy", become: true}

molecule/resources/playbooks/verify.yml

@@ -6,5 +6,5 @@
   gather_facts: false
   tasks:
   - name: Example assertion
-    ansible.builtin.assert:
+    assert:
       that: true

tasks/main.yml

@@ -19,5 +19,4 @@
 
 - name: configure iptables firewall
   ansible.builtin.import_tasks: "configure-iptables.yml"
-  # don't run iptables tasks, because iptables can't be used in an unprivileged Docker container
-  tags: [iptables, molecule-notest]
+  tags: [iptables]