In order to handle Ansible as code you need to do testing. Without testing, there is no way that you can keep your main git branch releasable. It's neither possible for you to keep up the quality of your code or to scale out the usage of Ansible, as without proper testing, fewer people can contribute.
Take the time to apply this basic 5 step framework for testing your Ansible.
A basic framework for Ansible testing is:
START OF TEST FRAMEWORK
- Verify syntax
You can verify your Ansible syntax using:
ansible-playbook --syntax-check playbook.yml
- Verify style
You can verify the style of your playbook using:
ansible-lint playbook.yml
- Run the playbook and check for issues:
- Run the playbook manually and check for any failures (add --check for dry-run):
cd $WORK_DIR
ansible-playbook --check -i hosts problem.yml
- Or better, create a script which does this, by pasting below into a terminal:
cat << 'EOF' >$WORK_DIR/playbook-test.sh
ansible-playbook --check -i $WORK_DIR/hosts $1 >test.output 2>&1 --vault-password-file mypassword || true
if grep -q 'unreachable=0.*failed=0' test.output; then
echo "Playbook $1 executed without issues."
else
echo "Playbook $1 failed to run:"
cat test.output
exit 1
fi
EOF
chmod a+rx $WORK_DIR/playbook-test.sh
Run the script like such:
cd $WORK_DIR
./playbook-test.sh playbook.yml
- Run the playbook one more time and check for idempotency. The ability to re-run a playbook without issues is key to writing useful playbooks.
- Run the playbook manually and make sure changed equals 0 in the output:
cd $WORK_DIR
ansible-playbook -i hosts problem.yml
- Or better, create a script which does this, by pasting below into a terminal:
cat << 'EOF' >$WORK_DIR/idempotency-test.sh
ansible-playbook -i $WORK_DIR/hosts $1 >test.output 2>&1 --vault-password-file mypassword || true
if grep -q 'changed=0.*unreachable=0.*failed=0' test.output; then
echo "Playbook $1 is idempotent."
else
echo "Playbook $1 failed idempotency test:"
cat test.output
exit 1
fi
EOF
chmod a+rx $WORK_DIR/idempotency-test.sh
Run the script like such:
cd $WORK_DIR
./idempotency-test.sh playbook.yml
- Check result of change (Check webpage of http server, etc)
curl http://wildfly1:8080
- Check your playbooks against a standards baseline
sudo pip install ansible-review
ansible-review playbook.yml
END OF TEST FRAMEWORK
💥 Let's apply the above test framework on below playbook. Create a new playbook $WORK_DIR/problem.yml by copying below code into your terminal:
cd $WORK_DIR
cat << 'EOF' >problem.yml
- name: Create directory and restart NGINX
hosts: lbservers
tasks:
- name: Create directory
command: mkdir /tmp/logs
- name: Restart NGINX
shell: systemctl restart nginx
EOF
💥 Use the testing framework you learned and fix all issues in the above playbook. The playbook should pass all steps of this test framework to be deemed OK for production. Output such as below, can be ignored.
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match
'all'
❗ Have a look at other available modules, listed here: https://docs.ansible.com/ansible/latest/modules/modules_by_category.html and how to use them in a playbook.
❗ If you get stuck or want to compare with your fixed playbook, have a look here at the problem free version of the playbook: https://raw.githubusercontent.com/mglantz/ansible-roadshow/master/labs/lab-9/lab-files/problem-free.yml
⭐ As an optional exercise, if you have time, create a single script which implements the testing framework and which can be run on arbitrary playbooks. Use any language you like.
⭐ ⭐ As an additional optional exercise, if you want to learn how to implement testing on a large scale - using Molecule and containers. Try out the instructions listed in this blog: https://redhatnordicssa.github.io/test-ansible-role-molecule-podman on your Tower server, using your normal student user.
Molecule is a project designed to aid in the development and testing of Ansible roles. It's opinitated and help enforcing best practices by verifying syntax, style, idempotence... It can even run tests after your playbook was run with a framework like Testinfra.
Check the documentation for more information: https://molecule.readthedocs.io/en/latest/
End of lab