Testing ansible playbook in molecule with "become" #3043
Replies: 2 comments
-
|
Disclaimer: I'm relatively new to Ansible and Molecule.
No, from my own testing, if you include "localhost" in your yaml file, molecule will actually try to run your molecule playbook against that instance. I did not find much documentation on this topic, which I found strange. I think the idea is that molecule manages your inventory. I.e. it will create instances based on the platform section in your molecule.yml file and run your tests on those. However, if you import a playbook which specifically references a machine (in your case, localhost) it will add it to the inventory and run it against that too. Definitely not what you wanted. You may need to change "localhost" from your playbook and change it to "All" and manage your inventory in the config file. That way molecule will run it against "all" the instances that it creates.
I'm assuming here you're using Docker: I don't know how to pass the sudo password specifically, but I think what you are trying to test is that your playbook can run as a non-privileged user and that it would "become" when needed. By default, the docker container runs as root. This can be a problem for setup scripts that need access to the user's home directory for example (root user's home directory is usually in a different location). The way to do that is this: Unfortunately, it seems like the documentation and Molecule 3 are not quite in sync. There is no Copy In addition, I had to tell Molecule to run as the user "molecule" that was created in the Dockerfile as follows:
I'm doing the same thing - but I believe that is not exactly what molecule is for. From what I can tell, Molecule is meant to improve the developer experience for creating roles. In other words, smaller pieces of functionality, that is independent of specific inventory or composition in playbooks. Everything is centered around a role development. I had a massive playbook that installed my dev machine from start to end. I broke it down into 5 or 6 roles and each of those then get a molecule directory with the appropriate machines (Platforms), docker image and assertions. Sometimes the default docker images are fine, sometimes I run as non-root. The benefit of this approach is that each test runs fairly quickly. For example - in the past it would take about 25 minutes to run the whole playbook. Most of the time is for things like apt-get upgrade or installing larger apps like VS code. Now I can make changes to let's say my git install and configuration and only test that role. I can have a high level of confidence my playbook can just include the role and everything will work. It probably still makes sense to have CI/CD from testing the final playbook, but my sense is that Molecule may not be the best for that. Open to have my mind changed though. Hope this helps. |
Beta Was this translation helpful? Give feedback.
-
|
Hello @dodgyrabbit thanks for the answer. |
Beta Was this translation helpful? Give feedback.
-
Hello, i wrote a playbook(s) to provision my local system.
https://github.com/kentahikaru/ansible-playbook-provision-ArchLinux
The idea is, to get my system into more less current state, after reinstall.
I'm trying to write a molecule testing (and later testing in github actions).
However,
First of all, my playbooks are connecting to localhost:
connection: local
How will that work in molecule? Will hosts and connection be rewritten from converge.yml ?
Second, how can i pass "become password" from molecule to playbook ?
In my playbook i need "become" in several places, to install packages or setup something.
However molecule is failing on "sudo: a password is required\n"
Thanks for any help.
Beta Was this translation helpful? Give feedback.
All reactions