Tests use template

.ansible-lint

@@ -0,0 +1,23 @@
+---
+exclude_paths:
+  - .git
+  - __pycache__
+  - .venv
+
+parseable: true
+
+# E204: Ansible is not a programming language and using (global) variables
+#       to make things beautiful may have consequences
+# E503: if /.changed/ is used, even if you loop on a registered variable
+#       and happens to check item.changed, which cannot be converted in to
+#       a handler, this rule is not clever enough to understand
+# E602: https://github.com/ansible/ansible-lint/issues/457
+#       https://github.com/ansible/ansible/pull/51030
+skip_list:
+  - '204'
+  - '403'
+  - '405'
+  - '503'
+  - '602'
+  - '702'
+

.flake8

@@ -1,3 +1,7 @@
 [flake8]
-ignore = E126,E131,E501,E303,E302,W391
+ignore = E126,E131,E501,E303,E302,W391,W503
+exclude =
+    .git,
+    __pycache__,
+    .venv
 

.yamllint

@@ -1,5 +1,11 @@
+---
 extends: default
 
+ignore: |
+  .git
+  __pycache__
+  .venv
+
 rules:
   braces:
     max-spaces-inside: 1

README.md

@@ -2,8 +2,8 @@ Ansible module used by OSAS to deploy a static website builder. While
 working, the role is still being written, as seen by the TODO list at the end
 of this document.
 
-Currently this role supports the following web generators:
-* Ascii Binder (http://asciibinder.org/)
+Currently this role works with the following web generators:
+* Ascii Binder (http://asciibinder.org/), should still work but not supported anymore
 * [Jekyll](https://jekyllrb.com/)
 * [Middleman](https://middlemanapp.com/)
 * [Nikola](https://getnikola.com/)

molecule/.gitignore

@@ -1,2 +1,3 @@
 __pycache__
 *.pyc
+pytestdebug.log

molecule/_resources/Dockerfile.j2

@@ -6,10 +6,5 @@ FROM {{ item.registry.url }}/{{ item.image }}
 FROM {{ item.image }}
 {% endif %}
 
-# on Red Hat systems using dnf, Python 3 is already installed
-# the package is versioned and there is no 'python3' dependency package, so better do nothing
-RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
-    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python3-devel python3-dnf bash && dnf clean all; \
-    elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
-    elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \
-    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; fi
+RUN {{ image_setup }}
+

molecule/_resources/playbook.yml → molecule/_resources/converge.yml

@@ -13,10 +13,12 @@
         rsync_server: ansible-test-web
         rsync_user: web_builder
         rsync_location: /var/www/www.example.com
+        tests_is_container: False
     - name: "Testing role (container)"
       include_role:
         name: ansible-role-web_builder
       vars:
         builder_name: testbuilder_container
         builder_username: web_builder
+        tests_is_container: True
 

molecule/_resources/create-docker.yml

@@ -3,11 +3,11 @@
   hosts: localhost
   connection: local
   gather_facts: false
-  no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}"
+  no_log: "{{ molecule_no_log }}"
   tasks:
     - name: Apply global default parameters
       set_fact:
-        final_platforms: "{{ final_platforms | default([]) | union([platform_base.docker|combine(item)]) }}"
+        final_platforms: "{{ final_platforms | default([]) | union([hostvars[item.name].platform_base.docker|combine(item)]) }}"
       loop: "{{ molecule_yml.platforms }}"
 
     - name: Log into a Docker registry
@@ -17,59 +17,98 @@
         email: "{{ item.registry.credentials.email | default(omit) }}"
         registry: "{{ item.registry.url }}"
         docker_host: "{{ item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}"
+        cacert_path: "{{ item.cacert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/ca.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        cert_path: "{{ item.cert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/cert.pem')  if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        key_path: "{{ item.key_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/key.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        tls_verify: "{{ item.tls_verify | default(lookup('env', 'DOCKER_TLS_VERIFY')) or false }}"
       with_items: "{{ final_platforms }}"
       when:
         - item.registry is defined
         - item.registry.credentials is defined
         - item.registry.credentials.username is defined
 
     - name: Create Dockerfiles from image names
+      # noqa 208
       template:
-        # use a common recipe
-        src: "{{ molecule_scenario_directory }}/../_resources/Dockerfile.j2"
+        src: "{{ item.dockerfile | default('Dockerfile.j2') }}"
         dest: "{{ molecule_ephemeral_directory }}/Dockerfile_{{ item.image | regex_replace('[^a-zA-Z0-9_]', '_') }}"
       with_items: "{{ final_platforms }}"
       when: not item.pre_build_image | default(false)
       register: platforms
+      no_log: item.failed
 
     - name: Discover local Docker images
-      docker_image_facts:
+      docker_image_info:
         name: "molecule_local/{{ item.item.name }}"
         docker_host: "{{ item.item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}"
+        cacert_path: "{{ item.cacert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/ca.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        cert_path: "{{ item.cert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/cert.pem')  if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        key_path: "{{ item.key_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/key.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        tls_verify: "{{ item.tls_verify | default(lookup('env', 'DOCKER_TLS_VERIFY')) or false }}"
       with_items: "{{ platforms.results }}"
       when: not item.pre_build_image | default(false)
       register: docker_images
 
     - name: Build an Ansible compatible image
+      when:
+        - platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0
+        - not item.item.pre_build_image | default(false)
       docker_image:
-        path: "{{ molecule_ephemeral_directory }}"
+        build:
+          path: "{{ molecule_ephemeral_directory }}"
+          dockerfile: "{{ item.invocation.module_args.dest }}"
+          pull: "{{ item.item.pull | default(true) }}"
         name: "molecule_local/{{ item.item.image }}"
         docker_host: "{{ item.item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}"
-        dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}"
-        force: "{{ item.item.force | default(true) }}"
-        pull: "{{ item.item.pull | default(omit) }}"
+        cacert_path: "{{ item.cacert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/ca.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        cert_path: "{{ item.cert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/cert.pem')  if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        key_path: "{{ item.key_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/key.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        tls_verify: "{{ item.tls_verify | default(lookup('env', 'DOCKER_TLS_VERIFY')) or false }}"
+        force_source: "{{ item.item.force | default(true) }}"
+        source: build
+        buildargs: "{{ item.item.buildargs | default(omit) }}"
       with_items: "{{ platforms.results }}"
-      when:
-        - platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0
-        - not item.item.pre_build_image | default(false)
+      loop_control:
+        label: "molecule_local/{{ item.item.image }}"
+      no_log: false
+      register: result
+      until: result is not failed
+      retries: 3
+      delay: 30
 
     - name: Create docker network(s)
-      docker_network:
-        name: "{{ item }}"
-        docker_host: "{{ item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}"
-        state: present
-      with_items: "{{ final_platforms | molecule_get_docker_networks }}"
+      action: docker_network
+      args: "{{ docker_network_defaults | default({}) | combine(item) }}"
+      with_items: "{{ final_platforms | molecule_get_docker_networks('present') }}"
+
+    - name: Determine the CMD directives
+      set_fact:
+        command_directives_dict: >-
+          {{ command_directives_dict | default({}) |
+             combine({ item.name: item.command | default('bash -c "while true; do sleep 10000; done"') })
+          }}
+      with_items: "{{ final_platforms }}"
+      when: item.override_command | default(true)
 
     - name: Create molecule instance(s)
       docker_container:
         name: "{{ item.name }}"
         docker_host: "{{ item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}"
-        hostname: "{{ item.hostname | default(item.name) }}"
+        cacert_path: "{{ item.cacert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/ca.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        cert_path: "{{ item.cert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/cert.pem')  if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        key_path: "{{ item.key_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/key.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        tls_verify: "{{ item.tls_verify | default(lookup('env', 'DOCKER_TLS_VERIFY')) or false }}"
+        hostname: "{{ item.hostname | default(item.name) | replace('@NAME@', item.name) }}"
         image: "{{ item.pre_build_image | default(false) | ternary('', 'molecule_local/') }}{{ item.image }}"
+        pull: "{{ item.pull | default (omit) }}"
+        memory: "{{ item.memory | default(omit) }}"
+        memory_swap: "{{ item.memory_swap | default(omit) }}"
         state: started
         recreate: false
         log_driver: json-file
-        command: "{{ item.command | default('bash -c \"while true; do sleep 10000; done\"') }}"
+        user: "{{ item.user | default(omit) }}"
+        command: "{{ (command_directives_dict | default({}))[item.name] | default(omit) }}"
+        pid_mode: "{{ item.pid_mode | default(omit) }}"
         privileged: "{{ item.privileged | default(omit) }}"
         security_opts: "{{ item.security_opts | default(omit) }}"
         volumes: "{{ item.volumes | default(omit) }}"
@@ -79,11 +118,15 @@
         published_ports: "{{ item.published_ports | default(omit) }}"
         ulimits: "{{ item.ulimits | default(omit) }}"
         networks: "{{ item.networks | default(omit) }}"
+        networks_cli_compatible: "{{ item.networks_cli_compatible | default(true) }}"
         network_mode: "{{ item.network_mode | default(omit) }}"
+        purge_networks: "{{ item.purge_networks | default(omit) }}"
         dns_servers: "{{ item.dns_servers | default(omit) }}"
+        etc_hosts: "{{ item.etc_hosts | default(omit) }}"
         env: "{{ item.env | default(omit) }}"
         restart_policy: "{{ item.restart_policy | default(omit) }}"
         restart_retries: "{{ item.restart_retries | default(omit) }}"
+        container_default_behavior: "{{ item.container_default_behavior | default('compatibility' if ansible_version.full is version_compare('2.10', '>=') else omit) }}"
       register: server
       with_items: "{{ final_platforms }}"
       async: 7200
@@ -96,3 +139,4 @@
       until: docker_jobs.finished
       retries: 300
       with_items: "{{ server.results }}"
+      no_log: item.failed

molecule/_resources/create-lxd.yml

@@ -7,7 +7,7 @@
   tasks:
     - name: Apply global default parameters
       set_fact:
-        final_platforms: "{{ final_platforms | default([]) | union([platform_base.docker|combine(item)]) }}"
+        final_platforms: "{{ final_platforms | default([]) | union([hostvars[item.name].platform_base.lxd|combine(item)]) }}"
       loop: "{{ molecule_yml.platforms }}"
 
     - name: Create default source variable
@@ -33,3 +33,10 @@
         wait_for_ipv4_addresses: true
         timeout: 600
       with_items: "{{ final_platforms }}"
+
+- hosts: all
+  gather_facts: False
+  tasks:
+    - name: "Setup Image"
+      raw: "{{ image_setup }}"
+      changed_when: True

molecule/_resources/destroy-docker.yml

@@ -3,19 +3,25 @@
   hosts: localhost
   connection: local
   gather_facts: false
-  no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}"
+  no_log: "{{ molecule_no_log }}"
   tasks:
     - name: Apply global default parameters
       set_fact:
-        final_platforms: "{{ final_platforms | default([]) | union([platform_base.docker|combine(item)]) }}"
+        final_platforms: "{{ final_platforms | default([]) | union([hostvars[item.name].platform_base.docker|combine(item)]) }}"
       loop: "{{ molecule_yml.platforms }}"
 
     - name: Destroy molecule instance(s)
       docker_container:
         name: "{{ item.name }}"
         docker_host: "{{ item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}"
+        cacert_path: "{{ item.cacert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/ca.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        cert_path: "{{ item.cert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/cert.pem')  if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        key_path: "{{ item.key_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/key.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}"
+        tls_verify: "{{ item.tls_verify | default(lookup('env', 'DOCKER_TLS_VERIFY')) or false }}"
         state: absent
         force_kill: "{{ item.force_kill | default(true) }}"
+        keep_volumes: "{{ item.keep_volumes | default(true) }}"
+        container_default_behavior: "{{ item.container_default_behavior | default('compatibility' if ansible_version.full is version_compare('2.10', '>=') else omit) }}"
       register: server
       with_items: "{{ final_platforms }}"
       async: 7200
@@ -28,10 +34,9 @@
       until: docker_jobs.finished
       retries: 300
       with_items: "{{ server.results }}"
+      no_log: item.failed
 
     - name: Delete docker network(s)
-      docker_network:
-        name: "{{ item }}"
-        docker_host: "{{ item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}"
-        state: absent
-      with_items: "{{ final_platforms | molecule_get_docker_networks }}"
+      action: docker_network
+      args: "{{ docker_network_defaults | default({}) | combine(item) }}"
+      with_items: "{{ final_platforms | molecule_get_docker_networks('absent') }}"

molecule/_resources/destroy-lxd.yml

@@ -7,12 +7,12 @@
   tasks:
     - name: Apply global default parameters
       set_fact:
-        final_platforms: "{{ final_platforms | default([]) | union([platform_base.docker|combine(item)]) }}"
+        final_platforms: "{{ final_platforms | default([]) | union([hostvars[item.name].platform_base.lxd|combine(item)]) }}"
       loop: "{{ molecule_yml.platforms }}"
 
     - name: Destroy molecule instance(s)
       lxd_container:
-        url: "{{ item.url | default(omit)}}"
+        url: "{{ item.url | default(omit) }}"
         cert_file: "{{ item.cert_file | default(omit) }}"
         key_file: "{{ item.key_file | default(omit) }}"
         trust_password: "{{ item.trust_password | default(omit) }}"

molecule/_resources/group_vars/all/common.yml

@@ -0,0 +1,44 @@
+---
+platform_base:
+  lxd:
+    source:
+      type: image
+      server: https://images.linuxcontainers.org
+  docker:
+    dockerfile: ../_resources/Dockerfile.j2
+    hostname: "@[email protected]"
+    command: /sbin/init
+    privileged: True
+    network_mode: bridge
+    networks:
+      - name: testnetwork
+    purge_networks: yes
+    dns_search_domains:
+      - example.com
+
+docker_network_defaults:
+  # Duck: we need IPv6
+  enable_ipv6: True
+  ipam_config:
+    # RFC 4193
+    - subnet: fdd1:0:0:0::/64
+
+# TODO: readd yum update when Docker cgroup bug is fixed
+# TODO: btw why is there no dnf update while there's an equivalent in all other distros?
+image_setup: |
+    if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y systemd-sysv python3 sudo bash ca-certificates && apt-get clean; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python3 sudo python3-devel python3-dnf bash && dnf clean all; \
+    elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+    elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \
+    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; fi
+base_packages:
+  RedHat:
+    - epel-release
+    - net-tools      # netstat is needed for testinfra socket check
+    - bind-utils     # the 'dig' utility is needed for tests
+    - iproute        # needed for network facts
+  Debian:
+    - net-tools      # netstat is needed for testinfra socket check
+    - dnsutils       # the 'dig' utility is needed for tests
+    - iproute2       # needed for network facts
+

molecule/_resources/group_vars/all/firewall_workaround.yml

@@ -0,0 +1,8 @@
+---
+# on Docker starting firewalld after a fresh install breaks the
+# network and future yum installation fails with DNS resolution
+# problems. I used the Log Denied feature of firewalld to investigate
+# but it was empty. At the moment to allow the rest of the role to be
+# tested firerwalling management is disabled.
+manage_firewall: "{{ ansible_virtualization_type != 'docker' }}"
+