1 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
2 .. http://creativecommons.org/licenses/by/4.0
3 .. Copyright 2021 Samsung Electronics Co., Ltd.
5 Offline Installer Testing Guide
6 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
8 This testing guide describes how offline installer can be tested in local
9 development environment (laptop) without the need for actual servers.
11 Documentation refers to files/directories in ``ansible`` directory of this repository.
16 Offline installer uses Molecule_ for testing all roles.
18 Molecule is tool for ansible roles development and testing. In this project
19 Molecule is used for integration type of testing for both roles and playbooks.
20 Role code is tested against simulated host.
22 Molecule is designed to test single Ansible_ role in isolation. Offline installer however
23 has many small roles that are dependent on each other and also execution order for roles
24 is meaningful. In that respect Molecule's design does not offer sufficient level
25 of testing as it's lacking playbook level of scenario testing by default.
26 Luckily Molecule is highly configurable and it is possible to achieve a higher level of
27 testing scenarios for the offline installer.
29 Testing with Molecule is divided to two levels of testing:
30 1) role level testing (as per Molecule design)
31 2) playbook level testing (offline installer own setup)
36 The purpose of using testing framework like Molecule is to make possible for developer to
37 verify ansible code changes locally in own laptop without the need for big resources.
39 Developer is also expected to do development of the Ansible code and the Molecule test
40 code at the same time.
41 Offline installer does not have unittest level of testing for the ansible code.
43 Any commit made to ansible code base needs to first pass Molecule tests before
49 To cover both testing levels (role and playbook) with maximum benefit and minimum
50 copy-pasting, the testing code should be written in reusable way.
52 Reusable test code can be achieved by writing all prepare/cleanup and other
53 helping code as a roles into main test directory.
54 Also testinfra_ test code can be shared between different roles and between different scenarios
57 Testing of role and one scenario (one execution run of molecule) is fully
58 defined by **molecule.yml** file.
60 molecule.yml file is always located in directory:
62 <tested-role>/molecule/<scenario>/molecule.yml
64 i.e. one role can have multiple scenarios (different configuration, OS etc. whatever user wants)
65 to execute tests for same role. Each scenario has own molecule.yml file and own testinfra
68 Molecule.yml file is the only file that cannot be re-used (except with symbolic links) but
69 all other resources can be reused by referencing those in molecule.yml file or/and indirectly
70 from resources molecule.yml is pointing to.
72 **tested-role** is clear in case of normal role level testing, but in playbook level testing the
73 tested-role is just an invented role name and directory with molecule directory inside but no
74 actual ansible role code.
79 The target is to test single role in isolation just like Molecule is designed.
80 Role level testing is supposed to cover:
82 - Syntax checking (Yamllint_, `Ansible lint`_, flake8_)
83 - Ansible code testing
85 - Verifying role results from target hosts (testinfra tests)
87 Ansible code testing can/should also cover all different options how this role
88 can be run (`scenario <https://molecule.readthedocs.io/en/latest/configuration.html#root-scenario>`_).
89 Different molecule runs can be implemented as own scenarios (in addition to default scenario)
90 or default scenario playbook can be extended to run role tests multiple times just adjusting
91 configuration between.
93 Single scenario example with nexus role
97 ├── infrastructure.yml
104 │ │ │ ├── molecule.yml
105 │ │ │ ├── playbook.yml
106 │ │ │ ├── prepare.yml
111 Multiple scenario example with chrony role
132 By default molecule runs just default scenario. To run specific one ``-s <scenario name>``
133 option must be used. The only subcommands supporting ``--all`` switch for playing with
134 all scenarios are ``test`` and ``destroy``. If using other ones ``-s`` must be used.
136 The cross-scenario code reuse paradigm should be rather implemented inside particular
137 scenario's ``molecule.yml`` file than by using filesystem symlinks. All provisioner
138 playbooks should be located in default scenarios directory then and referenced in
139 alternative scenarios as follows
147 ANSIBLE_ROLES_PATH: ../../../../test/roles
149 prepare: ../default/prepare.yml
150 converge: ../default/playbook.yml
152 Playbook level testing
153 ----------------------
155 Playbook level testing is this project's (offline installer) own
156 setup and way of using Molecule. The target is to raise testing level
157 from single role testing up to single playbook testing.
159 Playbook level testing can be used also to run multiple playbooks and/or
160 playbooks multiple times with different configuration.
162 The aim is to verify multiple roles working together i.e. higher level of
165 Practically the **tested-role** is just a wrapper directory to conform
166 molecule required directory structure and provide a name for the test.
167 Directory itself does not contain any ansible role code, but just
168 molecule files configured to run multiple other roles.
170 Playbook level test directories should be named consistently according to
171 tested playbook and prefix string ``play`` and with optional description
172 if there are multiple scenarios for single playbook:
174 play-<playbookname>[-<description>]
178 - ``play-infrastructure``
181 As role's are tested with own molecule tests in isolation, playbook level tests
182 should focus to integration of the roles and should avoid of repeating same tests
183 as done already for individual roles.
185 Playbook level testing is supposed to cover:
186 - Ansible code testing
188 Basically it's easier to highlight what is supposed to be **avoided** in playbook level
189 testing for the reason not to repeat the same that is done already in role level testing.
191 - Syntax checking is left out already by default as molecule does linting only for the
192 role code where molecule is run, and in this case tested-role is empty.
194 - Idempotence can be tested, but should be disabled (by default) in molecule.yml because
195 it takes too much time and was tested already for individual roles.
197 - Verifying target hosts with testinfra tests can be done but then something else
198 should be tested as in role based tests. And if those 2 would overlap it's better
201 Example with infrastructure playbook level test files
205 ├── infrastructure.yml
207 ├── play-infrastructure
215 Test code reuse and naming
216 ===========================
218 As both testing levels test the same Ansible roles, there are a need
219 to share common code for both of them.
221 Testinfra_ Python code should be shared when also playbook level
222 tests verify target hosts. However sharing is not limited only for the 2 test levels
223 but also between different roles.
225 Individual role have testinfra tests on directory:
227 roles/<role>/molecule/<scenario>/tests
229 and any commonly usable testinfra Python code should be placed to directory:
233 Ansible role testing uses several resources defined by provisioner section of
235 https://molecule.readthedocs.io/en/latest/configuration.html#provisioner
237 Most common resources that are written for role testing are:
239 - playbook.yml (mandatory but can include specific code)
245 all of which can be just placed to scenario directory together with playbook.yml
246 (without editing molecule.yml when in default directory) and all of which can
247 include ansible code to do something e.g. prepare role for testing.
249 Example molecule files:
251 Role level tests for nexus role:
252 - roles/nexus/molecule/default/molecule.yml
253 - roles/nexus/molecule/default/playbook.yml
254 - roles/nexus/molecule/default/prepare.yml
255 playbook level tests for infrastructure playbook:
256 - test/play-infrastructure/molecule/default/molecule.yml
257 - test/play-infrastructure/molecule/default/playbook.yml
258 - test/play-infrastructure/molecule/default/prepare.yml
260 Sharing all test code should be done by writing them in the form of ansible
261 roles and placing commonly usable roles into:
263 test/roles/<testrole>
265 Test roles should be named consistently according to action it's needed and
266 role for it's for together with optional description:
268 <action>-<role>[-<description>]
270 Examples of commonly used test roles
274 ├── infrastructure.yml
276 ├── play-infrastructure
278 ├── post-certificates
285 Molecule platform images
286 ========================
288 Molecule can build images of the tested hosts on the fly with default
289 Dockerfile template (docker driver) or from a Dockerfile provided by user.
290 In case of Vagrant driver used box image can be also fully customized by user.
292 To speed up testing and lessen the footprint of code for image preparation it's
293 preferred to use unmodified images from Docker Registry whenever possible (can be
294 pulled prior to running Molecule) or pre-build images created from Dockerfiles
295 listed below. Most significant feature of those is support for Systemd, so they
296 should be used in cases where ansible's 'systemd' module is used.
298 Used Dockerfiles/Box definitions are kept in following directory structure
314 ``Build-all.sh`` is a script for building all images, ``build.sh`` scripts in
315 particular platforms subdirs are for building just specific images. Keep in mind
316 that while images from Docker Registry will be downloaded automatically at run
317 time, the above ones **must** be built manually prior to launching Molecule.
322 Build all platforms images before running Molecule tests. Building can be done
323 with the following single command:
325 test/images/docker/build-all.sh
330 Molecule can be installed in multiple ways and in this guide 2 different ways is
333 - Install Molecule with pip in virtual environment
334 - Use Molecule provided docker container to run Molecule
339 This is a OS dependent and some prerequisites needs to be installed, but after
340 prerequisites are installed installing Molecule can be done by calling following
343 source test/bin/install-molecule.sh
345 As for the required OS packages, see example for Ubuntu in the install-molecule.sh
346 script's comments or from Molecule_ pages.
348 Note that sourcing the script is not needed to get Molecule installed but it leaves
349 you already into virtual environment and ready to run Molecule.
351 To get out from virtual environment issue:
355 And next time to activate virtual environment again before running Molecule, issue:
357 source ~/molecule_venv/bin/activate
359 And here the directory ``~/molecule_venv`` is just the default virtual environment
360 path that install-molecule.sh script is using and can be overridden with
361 ``VENV_PATH`` environment variable.
363 Use Molecule docker container
364 -----------------------------
366 Molecule provides docker containers images via quay.io_ where Molecule, Ansible
367 and all needed dependencies are build to the image.
369 In this way of using Molecule, no installation is needed and only docker is the
370 prerequisite for running Molecule.
372 For using provided image to test offline-installer roles, following scripts are
375 Build container image:
376 ``test/molecule-docker/build.sh``
378 This will build image named ``molecule-dev`` with strict version tag.
380 Set molecule into the PATH:
381 ``source test/bin/set_molecule_paths.sh``
383 That will add the actual Molecule run wrapper script test/bin/molecule.sh to path
384 usable from everywhere similarly than molecule with pip and virtual environment.
386 Run Molecule wrapper script:
387 ``test/bin/molecule.sh``
389 For running Molecule. Using ``molecule-dev`` image and the exact version defined by
390 test/docker/build.sh script.
395 Basic usage of molecule tests. See more detailed instructions from Molecule_
397 Run complete testing for a role or a playbook:
399 1. cd roles/<role> or cd test/play-<playbook-name>
402 Develop a role code and run testing during the coding:
405 2. Edit ansible code and molecule test code when needed
407 4. Repeat steps 2 and 3 until code is ready and molecule tests are passing
410 .. _Molecule: https://molecule.readthedocs.io
411 .. _quay.io: https://quay.io/repository/ansible/molecule
412 .. _Testinfra: https://testinfra.readthedocs.io
413 .. _Flake8: http://flake8.pycqa.org
414 .. _Yamllint: https://github.com/adrienverge/yamllint
415 .. _Ansible Lint: https://github.com/ansible/ansible-lint
416 .. _Ansible: https://www.ansible.com/