Skip to content
Snippets Groups Projects
Commit 624ad926 authored by Jörg Sachse's avatar Jörg Sachse
Browse files

test: adapt Molecule setup to suit peculiarities from the latest Molecule v6 release

parent 361bce80
No related branches found
No related tags found
1 merge request!1test: adapt Molecule setup to suit peculiarities from the latest Molecule v6 release
Hide whitespace changes
Inline Side-by-side
.gitignore
+ 1
0
View file @ 624ad926
...@@ -53,6 +53,7 @@ Thumbs.db ...@@ -53,6 +53,7 @@ Thumbs.db
*.vault *.vault
inventory.* inventory.*
inv.* inv.*
*.pass
# Vim # # Vim #
####### #######
......
.gitlab-ci.yml
+ 15
8
View file @ 624ad926
...@@ -12,26 +12,33 @@ default: ...@@ -12,26 +12,33 @@ default:
- source /opt/molecule/bin/activate - source /opt/molecule/bin/activate
- ansible --version - ansible --version
- molecule --version - molecule --version
variables:
SCENARIO: "default"
# ANSIBLE_VAULT_PASSWORD_FILE: "molecule/lza_server_hardening.pass"
ANSIBLE_VAULT_PASSWORD_FILE: "../../../lza_server_hardening.pass"
test-job: test-job:
stage: test stage: test
tags: tags:
- "shell" - "shell"
script: script:
- echo "CURRENT PATH= '$(pwd)'"
# make sure that Ansible Vaults are present and can be decrypted # make sure that Ansible Vaults are present and can be decrypted
- echo "${VAULT_SERVER_HARDENING}" > ../lza_server_hardening.pass - echo "${VAULT_SERVER_HARDENING}" > ${ANSIBLE_VAULT_PASSWORD_FILE}
- export ANSIBLE_VAULT_PASSWORD_FILE=../lza_server_hardening.pass - export ANSIBLE_VAULT_PASSWORD_FILE
- tree
- rm -rf ../ansible_vaults/ - rm -rf ../ansible_vaults/
- git clone https://gitlab+deploy-token-25:${VAULT_ACCESS_TOKEN}@git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git ../ansible_vaults/; \ - git clone https://gitlab+deploy-token-25:${VAULT_ACCESS_TOKEN}@git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git ../ansible_vaults/; \
# run Molecule tests # run Molecule tests
- molecule syntax --scenario-name default - molecule syntax --scenario-name ${SCENARIO}
# We cannot use `molecule lint` anymore because: # We cannot use `molecule lint` anymore because:
# - https://github.com/ansible-community/molecule/pull/3802 "Remove lint command" # - https://github.com/ansible-community/molecule/pull/3802 "Remove lint command"
# - https://github.com/ansible-community/molecule/discussions/3825#discussioncomment-4908366 # - https://github.com/ansible-community/molecule/discussions/3825#discussioncomment-4908366
- yamllint --strict --format colored ./ - yamllint --strict --format colored ./
- ansible-lint --format full --profile production --strict --force-color ./ - ansible-lint --format full --profile production --strict --force-color ./
- molecule create --scenario-name default - molecule create --scenario-name ${SCENARIO}
- molecule converge --scenario-name default - molecule converge --scenario-name ${SCENARIO}
- molecule idempotence --scenario-name default - molecule idempotence --scenario-name ${SCENARIO}
# - molecule verify --scenario-name default # - molecule verify --scenario-name ${SCENARIO}
- molecule destroy --scenario-name default - molecule destroy --scenario-name ${SCENARIO}
molecule/resources/playbooks/prepare.yml
+ 20
0
View file @ 624ad926
...@@ -20,3 +20,23 @@ ...@@ -20,3 +20,23 @@
update_cache: true update_cache: true
mode: "0644" mode: "0644"
become: true become: true
# This Ansible role installs a multitude of firewall rules, some of which
# will lock us out of our Molecule test VM if we don't take precautions.
# As Molecule itself uses SSH just like Ansible, we need to open port
# tcp/22 to the private /24 subnet that Vagrant uses when provisioning the
# VM. As we don't know for sure what the address for this subnet is and it
# can change across servers/platforms, we gather this information
# dynamically and filter it through `ipaddr` to get the address of the
# whole subnet. The rule is inserted right on top of the list to make sure
# we always get access.
- name: add firewall rule to allow access from Molecule host into testing VM
ansible.builtin.iptables:
action: insert
rule_num: 1
chain: INPUT
comment: "molecule access"
jump: "ACCEPT"
protocol: tcp
source: "{{ ansible_default_ipv4.address | ansible.utils.ipaddr('network') }}/24"
destination_port: "22"
become: true
molecule/virtualbox/molecule.yml
+ 4
3
View file @ 624ad926
...@@ -21,7 +21,7 @@ platforms: ...@@ -21,7 +21,7 @@ platforms:
# Dictionary of `config` options. # Dictionary of `config` options.
config_options: config_options:
ssh.keep_alive: yes ssh.keep_alive: yes
ssh.remote_user: "'lza'" ssh.remote_user: "lza"
provisioner: provisioner:
name: ansible name: ansible
log: true log: true
...@@ -29,13 +29,14 @@ provisioner: ...@@ -29,13 +29,14 @@ provisioner:
defaults: defaults:
# https://stackoverflow.com/questions/57435811/ansible-molecule-pass-multiple-vault-ids # https://stackoverflow.com/questions/57435811/ansible-molecule-pass-multiple-vault-ids
#vault_identity_list: "@$HOME/.ansible/roles/lza_install_common.pass, @$HOME/.ansible/roles/passfile_1.pass" #vault_identity_list: "@$HOME/.ansible/roles/lza_install_common.pass, @$HOME/.ansible/roles/passfile_1.pass"
vault_identity_list: "../lza_server_hardening.pass" #vault_identity_list: "${MOLECULE_PROJECT_DIRECTORY}/../../lza_server_hardening.pass"
vault_identity_list: "../lza_server_hardening.pass, ../../../lza_server_hardening.pass"
vvv: false vvv: false
playbooks: playbooks:
# create: ../resources/playbooks/create.yml # create: ../resources/playbooks/create.yml
# destroy: ../resources/playbooks/destroy.yml # destroy: ../resources/playbooks/destroy.yml
converge: ../resources/playbooks/converge.yml converge: ../resources/playbooks/converge.yml
# prepare: ../resources/playbooks/prepare.yml prepare: ../resources/playbooks/prepare.yml
verify: ../resources/playbooks/verify.yml verify: ../resources/playbooks/verify.yml
verifier: verifier:
name: ansible name: ansible
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

DE: Impressum · Datenschutzerklärung | EN: Legal Notice · Privacy Policy