Skip to content
This repository has been archived by the owner on Feb 14, 2024. It is now read-only.

Commit

Permalink
adds molecule tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@wookietreiber
wookietreiber committed Jan 11, 2024
1 parent 992d53e commit 305f94a
Show file tree
Hide file tree
Showing 7 changed files with 398 additions and 0 deletions.
31 changes: 31 additions & 0 deletions .github/workflows/ansible.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,35 @@ jobs:
- uses: actions/checkout@v4
- uses: ansible/ansible-lint-action@v6

molecule:
needs:
- ansible-lint
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
distro:
- archlinux
- centos-8
- rocky-8
- rocky-9
- ubuntu-bionic
- ubuntu-focal
- ubuntu-jammy
scenario:
- default
- alternative
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.x'
- run: pip3 install ansible molecule molecule-plugins[docker] docker
- run: ansible --version
- run: molecule --version
- run: molecule test -p ${{ matrix.distro }} -s ${{ matrix.scenario }}
env:
ANSIBLE_DIFF_ALWAYS: 'True'
PY_COLORS: '1'

...
10 changes: 10 additions & 0 deletions molecule/alternative/converge.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---

- name: Converge
hosts: all
tasks:
- name: Include idiv_biodiversity.ssh
ansible.builtin.include_role:
name: idiv_biodiversity.ssh

...
88 changes: 88 additions & 0 deletions molecule/alternative/molecule.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
---

dependency:
name: galaxy

driver:
name: docker

platforms:

- name: archlinux
image: carlodepieri/docker-archlinux-ansible:latest
command: ${MOLECULE_DOCKER_COMMAND:-""}
privileged: yes
pre_build_image: yes

- name: centos-8
image: geerlingguy/docker-centos8-ansible
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
privileged: yes
pre_build_image: yes

- name: rocky-8
image: geerlingguy/docker-rockylinux8-ansible
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
privileged: yes
pre_build_image: yes

- name: rocky-9
image: geerlingguy/docker-rockylinux9-ansible
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
privileged: yes
pre_build_image: yes

- name: ubuntu-bionic
image: geerlingguy/docker-ubuntu1804-ansible
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
privileged: yes
pre_build_image: yes

- name: ubuntu-focal
image: geerlingguy/docker-ubuntu2004-ansible
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
privileged: yes
pre_build_image: yes

- name: ubuntu-jammy
image: geerlingguy/docker-ubuntu2204-ansible
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
privileged: yes
pre_build_image: yes

provisioner:
name: ansible
inventory:
group_vars:
all:
ssh_ciphers:
- [email protected]
- aes256-ctr
ssh_macs:
- [email protected]
host_vars:
archlinux:
ansible_user: ansible

verifier:
name: ansible

...
104 changes: 104 additions & 0 deletions molecule/alternative/verify.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
---

- name: verify
hosts: all
tasks:

# -------------------------------------------------------------------------
# load vars
# -------------------------------------------------------------------------

- name: include main vars
ansible.builtin.include_vars: ../../vars/main.yml

- name: include OS-specific vars
ansible.builtin.include_vars: >-
{{ lookup("ansible.builtin.first_found", params) }}
vars:
params:
files: >-
{{
__ssh_first_found |
map('regex_replace', '$', '.yml') |
list
}}
paths: ../../vars

# -------------------------------------------------------------------------
# check package
# -------------------------------------------------------------------------

- name: check package installation
ansible.builtin.package:
name: '{{ __ssh_packages }}'
state: present
check_mode: yes
register: __ssh_installed

- name: debug package installation
ansible.builtin.debug:
var: __ssh_installed

- name: assert on package installation
ansible.builtin.assert:
that:
- not __ssh_installed.failed
- not __ssh_installed.changed
success_msg: 'package is installed'

# -------------------------------------------------------------------------
# check service
# -------------------------------------------------------------------------

- name: check service
ansible.builtin.service:
name: sshd
enabled: yes
state: started
check_mode: yes
register: __ssh_service

- name: debug service
ansible.builtin.debug:
var: __ssh_service

- name: assert on service
ansible.builtin.assert:
that:
- not __ssh_service.failed
- not __ssh_service.changed
- __ssh_service.state == 'started'
- __ssh_service.enabled
success_msg: 'service is both enabled and started'

# -------------------------------------------------------------------------
# check config
# -------------------------------------------------------------------------

- name: 'get active sshd config with `sshd -T`'
ansible.builtin.command: sshd -T
become: yes
changed_when: no
register: __ssh_sshd_t

- name: 'show `sshd -T` command result'
ansible.builtin.debug:
var: __ssh_sshd_t

- name: 'assert on `sshd -T`'
ansible.builtin.assert:
that:
- not __ssh_sshd_t.failed
- >-
__ssh_sshd_t.stdout_lines |
select('search', '^ciphers [email protected],aes256-ctr$') |
list |
length > 0
- >-
__ssh_sshd_t.stdout_lines |
select('search', '^macs [email protected]$') |
list |
length > 0
success_msg: 'sshd config looks good'

...
10 changes: 10 additions & 0 deletions molecule/default/converge.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---

- name: Converge
hosts: all
tasks:
- name: Include idiv_biodiversity.ssh
ansible.builtin.include_role:
name: idiv_biodiversity.ssh

...
81 changes: 81 additions & 0 deletions molecule/default/molecule.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
---

dependency:
name: galaxy

driver:
name: docker

platforms:

- name: archlinux
image: carlodepieri/docker-archlinux-ansible:latest
command: ${MOLECULE_DOCKER_COMMAND:-""}
privileged: yes
pre_build_image: yes

- name: centos-8
image: geerlingguy/docker-centos8-ansible
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
privileged: yes
pre_build_image: yes

- name: rocky-8
image: geerlingguy/docker-rockylinux8-ansible
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
privileged: yes
pre_build_image: yes

- name: rocky-9
image: geerlingguy/docker-rockylinux9-ansible
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
privileged: yes
pre_build_image: yes

- name: ubuntu-bionic
image: geerlingguy/docker-ubuntu1804-ansible
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
privileged: yes
pre_build_image: yes

- name: ubuntu-focal
image: geerlingguy/docker-ubuntu2004-ansible
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
privileged: yes
pre_build_image: yes

- name: ubuntu-jammy
image: geerlingguy/docker-ubuntu2204-ansible
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
privileged: yes
pre_build_image: yes

provisioner:
name: ansible
inventory:
host_vars:
archlinux:
ansible_user: ansible

verifier:
name: ansible

...
Loading

0 comments on commit 305f94a

Please sign in to comment.