tests: update to template 1.0.0

Author: duck-rh

.ansible-lint

@@ -0,0 +1,23 @@
+---
+exclude_paths:
+  - .git
+  - __pycache__
+  - .venv
+
+parseable: true
+
+# E204: Ansible is not a programming language and using (global) variables
+#       to make things beautiful may have consequences
+# E503: if /.changed/ is used, even if you loop on a registered variable
+#       and happens to check item.changed, which cannot be converted in to
+#       a handler, this rule is not clever enough to understand
+# E602: https://github.com/ansible/ansible-lint/issues/457
+#       https://github.com/ansible/ansible/pull/51030
+skip_list:
+  - '204'
+  - '403'
+  - '405'
+  - '503'
+  - '602'
+  - '702'
+

.flake8

@@ -1,3 +1,7 @@
 [flake8]
 ignore = E126,E131,E501,E303,E302,W391
+exclude =
+    .git,
+    __pycache__,
+    .venv
 

.yamllint

@@ -1,5 +1,11 @@
+---
 extends: default
 
+ignore: |
+  .git
+  __pycache__
+  .venv
+
 rules:
   braces:
     max-spaces-inside: 1

molecule/.gitignore

@@ -1,2 +1,3 @@
 __pycache__
 *.pyc
+pytestdebug.log

molecule/_resources/Dockerfile.j2

@@ -6,10 +6,5 @@ FROM {{ item.registry.url }}/{{ item.image }}
 FROM {{ item.image }}
 {% endif %}
 
-# on Red Hat systems using dnf, Python 3 is already installed
-# the package is versioned and there is no 'python3' dependency package, so better do nothing
-RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
-    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python3-devel python3-dnf bash && dnf clean all; \
-    elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
-    elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \
-    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; fi
+RUN {{ image_setup }}
+

molecule/_resources/playbook.yml renamed to molecule/_resources/converge.yml

@@ -3,11 +3,14 @@
   hosts: localhost
   connection: local
   gather_facts: false
-  no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}"
+  no_log: "{{ molecule_no_log }}"
+  vars:
+    molecule_labels:
+      owner: molecule
   tasks:
     - name: Apply global default parameters
       set_fact:
-        final_platforms: "{{ final_platforms | default([]) | union([platform_base.docker|combine(item)]) }}"
+        final_platforms: "{{ final_platforms | default([]) | union([hostvars[item.name].platform_base.docker|combine(item)]) }}"
       loop: "{{ molecule_yml.platforms }}"
 
     - name: Log into a Docker registry
@@ -17,75 +20,157 @@
         email: "{{ item.registry.credentials.email | default(omit) }}"
         registry: "{{ item.registry.url }}"
         docker_host: "{{ item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}"
+        cacert_path: "{{ item.cacert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/ca.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        cert_path: "{{ item.cert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/cert.pem')  if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        key_path: "{{ item.key_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/key.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        tls_verify: "{{ item.tls_verify | default(lookup('env', 'DOCKER_TLS_VERIFY')) or false }}"
       with_items: "{{ final_platforms }}"
       when:
         - item.registry is defined
         - item.registry.credentials is defined
         - item.registry.credentials.username is defined
 
+    - name: Check presence of custom Dockerfiles
+      stat:
+        path: "{{ molecule_scenario_directory + '/' + (item.dockerfile | default( 'Dockerfile.j2')) }}"
+      loop: "{{ final_platforms }}"
+      register: dockerfile_stats
+
     - name: Create Dockerfiles from image names
+      vars:
+        # TODO(ssbarnea): expose module dir so it can also be used by plugins
+        molecule_module_directory: "{{ playbook_dir + '/../../../..' }}"
       template:
-        # use a common recipe
-        src: "{{ molecule_scenario_directory }}/../_resources/Dockerfile.j2"
+        src: >-
+          {%- if dockerfile_stats.results[i].stat.exists -%}
+          {{ molecule_scenario_directory + '/' + (item.dockerfile | default( 'Dockerfile.j2')) }}
+          {%- else -%}
+          {{ molecule_module_directory + '/data/Dockerfile.j2' }}
+          {%- endif -%}
         dest: "{{ molecule_ephemeral_directory }}/Dockerfile_{{ item.image | regex_replace('[^a-zA-Z0-9_]', '_') }}"
-      with_items: "{{ final_platforms }}"
+      loop: "{{ final_platforms }}"
+      loop_control:
+        index_var: i
       when: not item.pre_build_image | default(false)
       register: platforms
 
     - name: Discover local Docker images
-      docker_image_facts:
+      docker_image_info:
         name: "molecule_local/{{ item.item.name }}"
         docker_host: "{{ item.item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}"
+        cacert_path: "{{ item.cacert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/ca.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        cert_path: "{{ item.cert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/cert.pem')  if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        key_path: "{{ item.key_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/key.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        tls_verify: "{{ item.tls_verify | default(lookup('env', 'DOCKER_TLS_VERIFY')) or false }}"
       with_items: "{{ platforms.results }}"
-      when: not item.pre_build_image | default(false)
+      when:
+        - not item.pre_build_image | default(false)
       register: docker_images
 
-    - name: Build an Ansible compatible image
+    - name: Build an Ansible compatible image (new)
+      when:
+        - platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0
+        - not item.item.pre_build_image | default(false)
       docker_image:
-        path: "{{ molecule_ephemeral_directory }}"
+        build:
+          path: "{{ molecule_ephemeral_directory }}"
+          dockerfile: "{{ item.invocation.module_args.dest }}"
+          pull: "{{ item.item.pull | default(true) }}"
+          network: "{{ item.item.network_mode | default(omit) }}"
+          args: "{{ item.item.buildargs | default(omit) }}"
         name: "molecule_local/{{ item.item.image }}"
         docker_host: "{{ item.item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}"
-        dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}"
-        force: "{{ item.item.force | default(true) }}"
-        pull: "{{ item.item.pull | default(omit) }}"
+        cacert_path: "{{ item.cacert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/ca.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        cert_path: "{{ item.cert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/cert.pem')  if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        key_path: "{{ item.key_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/key.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        tls_verify: "{{ item.tls_verify | default(lookup('env', 'DOCKER_TLS_VERIFY')) or false }}"
+        force_source: "{{ item.item.force | default(true) }}"
+        source: build
       with_items: "{{ platforms.results }}"
-      when:
-        - platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0
-        - not item.item.pre_build_image | default(false)
+      loop_control:
+        label: "molecule_local/{{ item.item.image }}"
+      no_log: false
+      register: result
+      until: result is not failed
+      retries: 3
+      delay: 30
 
     - name: Create docker network(s)
       docker_network:
         name: "{{ item }}"
         docker_host: "{{ item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}"
+        cacert_path: "{{ item.cacert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/ca.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        cert_path: "{{ item.cert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/cert.pem')  if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        key_path: "{{ item.key_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/key.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        tls_verify: "{{ item.tls_verify | default(lookup('env', 'DOCKER_TLS_VERIFY')) or false }}"
+        labels: "{{ molecule_labels | combine(item.labels | default({})) }}"
         state: present
+        # Duck: we need IPv6
+        enable_ipv6: True
+        ipam_config:
+          # RFC 4193
+          - subnet: fdd1:0:0:0::/64
       with_items: "{{ final_platforms | molecule_get_docker_networks }}"
+      loop_control:
+        label: "{{ item }}"
+      no_log: false
+
+    - name: Determine the CMD directives
+      set_fact:
+        command_directives_dict: >-
+          {{ command_directives_dict | default({}) |
+             combine({ item.name: item.command | default('bash -c "while true; do sleep 10000; done"') })
+          }}
+      with_items: "{{ final_platforms }}"
+      when: item.override_command | default(true)
 
     - name: Create molecule instance(s)
       docker_container:
         name: "{{ item.name }}"
         docker_host: "{{ item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}"
-        hostname: "{{ item.hostname | default(item.name) }}"
+        cacert_path: "{{ item.cacert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/ca.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        cert_path: "{{ item.cert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/cert.pem')  if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        key_path: "{{ item.key_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/key.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        tls_verify: "{{ item.tls_verify | default(lookup('env', 'DOCKER_TLS_VERIFY')) or false }}"
+        hostname: "{{ item.hostname | default(item.name) | replace('@NAME@', item.name) }}"
         image: "{{ item.pre_build_image | default(false) | ternary('', 'molecule_local/') }}{{ item.image }}"
+        pull: "{{ item.pull | default(omit) }}"
+        memory: "{{ item.memory | default(omit) }}"
         state: started
         recreate: false
         log_driver: json-file
-        command: "{{ item.command | default('bash -c \"while true; do sleep 10000; done\"') }}"
+        command: "{{ (command_directives_dict | default({}))[item.name] | default(omit) }}"
+        user: "{{ item.user | default(omit) }}"
+        pid_mode: "{{ item.pid_mode | default(omit) }}"
         privileged: "{{ item.privileged | default(omit) }}"
         security_opts: "{{ item.security_opts | default(omit) }}"
+        devices: "{{ item.devices | default(omit) }}"
         volumes: "{{ item.volumes | default(omit) }}"
         tmpfs: "{{ item.tmpfs | default(omit) }}"
         capabilities: "{{ item.capabilities | default(omit) }}"
+        sysctls: "{{ item.sysctls | default(omit) }}"
         exposed_ports: "{{ item.exposed_ports | default(omit) }}"
         published_ports: "{{ item.published_ports | default(omit) }}"
         ulimits: "{{ item.ulimits | default(omit) }}"
         networks: "{{ item.networks | default(omit) }}"
         network_mode: "{{ item.network_mode | default(omit) }}"
+        networks_cli_compatible: "{{ item.networks_cli_compatible | default(true) }}"
+        purge_networks: "{{ item.purge_networks | default(omit) }}"
         dns_servers: "{{ item.dns_servers | default(omit) }}"
+        etc_hosts: "{{ item.etc_hosts | default(omit) }}"
         env: "{{ item.env | default(omit) }}"
         restart_policy: "{{ item.restart_policy | default(omit) }}"
         restart_retries: "{{ item.restart_retries | default(omit) }}"
+        tty: "{{ item.tty | default(omit) }}"
+        labels: "{{ molecule_labels | combine(item.labels | default({})) }}"
+        container_default_behavior: "{{ item.container_default_behavior | default('compatibility' if ansible_version.full is version_compare('2.10', '>=') else omit) }}"
+        # Duck: missing parameters
+        dns_search_domains: "{{ item.dns_search_domains | default(omit) }}"
       register: server
       with_items: "{{ final_platforms }}"
+      loop_control:
+        label: "{{ item.name }}"
+      no_log: false
       async: 7200
       poll: 0
 

molecule/_resources/create-docker.yml

@@ -7,7 +7,7 @@
   tasks:
     - name: Apply global default parameters
       set_fact:
-        final_platforms: "{{ final_platforms | default([]) | union([platform_base.docker|combine(item)]) }}"
+        final_platforms: "{{ final_platforms | default([]) | union([hostvars[item.name].platform_base.lxd|combine(item)]) }}"
       loop: "{{ molecule_yml.platforms }}"
 
     - name: Create default source variable
@@ -33,3 +33,10 @@
         wait_for_ipv4_addresses: true
         timeout: 600
       with_items: "{{ final_platforms }}"
+
+- hosts: all
+  gather_facts: False
+  tasks:
+    - name: "Setup Image"
+      raw: "{{ image_setup }}"
+      changed_when: True

molecule/_resources/create-lxd.yml

@@ -3,21 +3,30 @@
   hosts: localhost
   connection: local
   gather_facts: false
-  no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}"
+  no_log: "{{ molecule_no_log }}"
   tasks:
     - name: Apply global default parameters
       set_fact:
-        final_platforms: "{{ final_platforms | default([]) | union([platform_base.docker|combine(item)]) }}"
+        final_platforms: "{{ final_platforms | default([]) | union([hostvars[item.name].platform_base.docker|combine(item)]) }}"
       loop: "{{ molecule_yml.platforms }}"
 
     - name: Destroy molecule instance(s)
       docker_container:
         name: "{{ item.name }}"
         docker_host: "{{ item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}"
+        cacert_path: "{{ item.cacert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/ca.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        cert_path: "{{ item.cert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/cert.pem')  if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        key_path: "{{ item.key_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/key.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        tls_verify: "{{ item.tls_verify | default(lookup('env', 'DOCKER_TLS_VERIFY')) or false }}"
         state: absent
         force_kill: "{{ item.force_kill | default(true) }}"
+        keep_volumes: "{{ item.keep_volumes | default(true) }}"
+        container_default_behavior: "{{ item.container_default_behavior | default('compatibility' if ansible_version.full is version_compare('2.10', '>=') else omit) }}"
       register: server
       with_items: "{{ final_platforms }}"
+      loop_control:
+        label: "{{ item.name }}"
+      no_log: false
       async: 7200
       poll: 0
 
@@ -33,5 +42,12 @@
       docker_network:
         name: "{{ item }}"
         docker_host: "{{ item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}"
+        cacert_path: "{{ item.cacert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/ca.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        cert_path: "{{ item.cert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/cert.pem')  if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        key_path: "{{ item.key_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/key.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        tls_verify: "{{ item.tls_verify | default(lookup('env', 'DOCKER_TLS_VERIFY')) or false }}"
         state: absent
       with_items: "{{ final_platforms | molecule_get_docker_networks }}"
+      loop_control:
+        label: "{{ item }}"
+      no_log: false

molecule/_resources/destroy-docker.yml

@@ -7,12 +7,12 @@
   tasks:
     - name: Apply global default parameters
       set_fact:
-        final_platforms: "{{ final_platforms | default([]) | union([platform_base.docker|combine(item)]) }}"
+        final_platforms: "{{ final_platforms | default([]) | union([hostvars[item.name].platform_base.lxd|combine(item)]) }}"
       loop: "{{ molecule_yml.platforms }}"
 
     - name: Destroy molecule instance(s)
       lxd_container:
-        url: "{{ item.url | default(omit)}}"
+        url: "{{ item.url | default(omit) }}"
         cert_file: "{{ item.cert_file | default(omit) }}"
         key_file: "{{ item.key_file | default(omit) }}"
         trust_password: "{{ item.trust_password | default(omit) }}"