Merge pull request #8 from mdsketch/molecule

Molecule

Author: mdsketch

.codespellignore

@@ -0,0 +1,26 @@
+---
+name: Ansible Galaxy release
+
+on:
+  release:
+    types: [created, edited, published, released]
+  push:
+    tags:
+      - "*"
+
+permissions: {}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+        with:
+          path: mdsketch.teleport
+      - name: galaxy
+        uses: robertdebock/galaxy-action@1.2.1
+        with:
+          galaxy_api_key: ${{ secrets.galaxy_api_key }}
+          path: mdsketch.teleport
+          git_branch: main

.github/workflows/galaxy.yml

@@ -1,11 +1,52 @@
-name: Ansible Lint
+---
+name: lint
 on: [push, pull_request, workflow_dispatch]
-
 jobs:
-  lint:
+  build:
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      max-parallel: 4
+    env:
+      ANSIBLE_CALLBACKS_ENABLED: profile_tasks
+      ANSIBLE_EXTRA_VARS: ""
+      ANSIBLE_ROLE: mdsketch.teleport
 
     steps:
-      - uses: actions/checkout@v2
-      - name: Run ansible-lint
-        uses: ansible-community/ansible-lint-action@v6.11.0
+      - uses: actions/checkout@v3
+        with:
+          path: ${{ env.ANSIBLE_ROLE }}
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.x"
+      - name: Install dependencies
+        run: |
+          python3 -m pip install --upgrade pip
+          pip3 install ansible-lint flake8 yamllint
+          which ansible
+          pip3 install ansible
+          pip3 show ansible
+          ansible --version
+          cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE
+          [ -f molecule/default/requirements.yml ] && ansible-galaxy install -r molecule/default/requirements.yml
+          { echo '[defaults]'; echo 'callbacks_enabled = profile_tasks, timer'; echo 'roles_path = ../'; echo 'ansible_python_interpreter: /usr/bin/python3'; } >> ansible.cfg
+      - name: Environment
+        run: |
+          pwd
+          env
+          find . -ls
+      - uses: codespell-project/actions-codespell@master
+        with:
+          ignore_words_file: ${{ env.ANSIBLE_ROLE }}/.codespellignore
+          skip: .git
+          path: ${{ env.ANSIBLE_ROLE }}
+        if: ${{ always() }}
+      - name: yamllint
+        run: |
+          cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE && yamllint .
+        if: ${{ always() }}
+      - name: ansible-lint
+        run: |
+          cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE && ansible-lint
+        if: ${{ always() }}

.github/workflows/lint.yml

@@ -0,0 +1,67 @@
+---
+name: molecule_tests
+
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+  schedule: # run weekly, every monday 01:00
+    - cron: "0 1 * * 1"
+
+permissions: {}
+
+jobs:
+  build:
+    permissions:
+      contents: read
+    runs-on: ubuntu-latest
+    continue-on-error: ${{ matrix.experimental }}
+    strategy:
+      fail-fast: false
+      max-parallel: 4
+      matrix:
+        include:
+          - molecule_distro: "rockylinux:9"
+            experimental: false
+          - molecule_distro: "rockylinux:8"
+            experimental: false
+          - molecule_distro: "ubuntu:22.04"
+            experimental: false
+          - molecule_distro: "ubuntu:20.04"
+            experimental: false
+          - molecule_distro: "debian:11"
+            experimental: false
+    env:
+      ANSIBLE_CALLBACKS_ENABLED: profile_tasks
+      MOLECULE_NO_LOG: "false"
+      ANSIBLE_ROLE: mdsketch.teleport
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          path: ${{ env.ANSIBLE_ROLE }}
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.x"
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install molecule[docker] ansible-lint flake8 testinfra ansible
+          mkdir -p $HOME/.ansible/roles && ln -s $GITHUB_WORKSPACE/$ANSIBLE_ROLE $HOME/.ansible/roles/
+      - name: Environment
+        run: |
+          pwd
+          env
+          find -ls
+      - name: Galaxy dependencies
+        run: |
+          cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE && ansible-galaxy install --timeout 120 --verbose -r molecule/default/requirements.yml
+        continue-on-error: true
+      - name: run test
+        run: |
+          cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE && molecule test
+        env:
+          PY_COLORS: "1"
+          ANSIBLE_FORCE_COLOR: "1"
+          MOLECULE_DISTRO: ${{ matrix.molecule_distro }}

.github/workflows/molecule.yml

@@ -0,0 +1,34 @@
+---
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: check-yaml
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: check-added-large-files
+      - id: check-json
+      - id: detect-private-key
+      - id: check-case-conflict
+      - id: requirements-txt-fixer
+      - id: check-ast
+      - id: check-shebang-scripts-are-executable
+      - id: check-merge-conflict
+      - id: check-symlinks
+      - id: check-toml
+      - id: check-xml
+      - id: check-docstring-first
+  - repo: https://github.com/codespell-project/codespell
+    rev: v2.2.4
+    hooks:
+      - id: codespell
+        args: [-I, .codespellignore]
+  - repo: https://github.com/ansible-community/ansible-lint.git
+    rev: v6.14.2
+    hooks:
+      - id: ansible-lint
+        files: \.(yaml|yml)$
+  - repo: https://github.com/ansible-community/ansible-lint.git
+    rev: v6.3.0
+    hooks:
+      - id: ansible-lint

.pre-commit-config.yaml

@@ -13,3 +13,8 @@ rules:
     require-starting-space: true
     ignore-shebangs: true
     min-spaces-from-content: 1
+
+ignore:
+  - .git
+  - .github
+  - .gitignore

.yamllint.yaml

@@ -0,0 +1,9 @@
+pre-commit:
+	echo "make sure you have precommit installed"
+	echo "pip install pre-commit"
+	echo "yay pre-commit"
+	pre-commit install
+	pre-commit run --all-files
+
+lint:
+	ansible-lint -p deploy.yml

Makefile

@@ -2,13 +2,20 @@
 
 [![Ansible Galaxy](https://img.shields.io/badge/Ansible%20Galaxy-mdsketch.teleport-blueviolet)](https://galaxy.ansible.com/mdsketch/teleport)
 [![Ansible Lint](https://github.com/mdsketch/ansible-teleport/actions/workflows/lint.yml/badge.svg)](https://github.com/mdsketch/ansible-teleport/actions/workflows/lint.yml)
+[![molecule_tests](https://github.com/mdsketch/ansible-teleport/actions/workflows/molecule.yml/badge.svg)](https://github.com/mdsketch/ansible-teleport/actions/workflows/molecule.yml)
 
 An ansible role to install or update the teleport node service and teleport config on Debian based systems.
 
 Works with any architecture that teleport has a binary for, see available [teleport downloads](https://goteleport.com/teleport/download/).
 
 If you add your own teleport config file template you can run any node services you want (ssh, app, database, kubernetes)
 
+## TODO:
+- add idempotence tests to verify teleport is updated correctly (config, service and binary)
+- add tests for variable templating
+- lock down the versions of the linting tools
+- investigate if installing teleport in a docker container is useful (currently not supported)
+
 ## Requirements
 
 A running teleport cluster so that you can provide the following information:

README.md

@@ -16,3 +16,5 @@ teleport_control_systemd: yes
 teleport_template_config: yes
 # Default dont change
 update_teleport: no
+
+is_container: false

defaults/main.yml

@@ -6,4 +6,6 @@
     state: "reloaded"
     daemon_reload: yes
     enabled: yes
-  when: teleport_control_systemd
+  when:
+    - teleport_control_systemd
+    - not is_container | bool

handlers/main.yml

@@ -0,0 +1,35 @@
+---
+- name: Converge
+  hosts: all
+  environment:
+    http_proxy: "{{ lookup('env', 'http_proxy') }}"
+    https_proxy: "{{ lookup('env', 'https_proxy') }}"
+    no_proxy: "{{ lookup('env', 'no_proxy') }}"
+  remote_user: root
+  pre_tasks:
+    - name: Ubuntu | Install python3
+      ansible.builtin.raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
+      register: python3
+      changed_when: "'installed' in python3.stdout"
+      when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 16)
+    - name: RedHat | Install python3
+      ansible.builtin.raw: test -e /usr/bin/python3 || (yum install -y python3)
+      register: python3
+      changed_when: "'installed' in python3.stdout"
+      when: (ansible_os_family == "RedHat" and ansible_distribution_major_version | int >= 8)
+    - name: Gather Facts
+      ansible.builtin.setup:
+      when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 16)
+    - name: Ubuntu Bionic+, Redhat 8+ | Enforce python3 for ansible
+      ansible.builtin.set_fact:
+        ansible_python_interpreter: /usr/bin/python3
+      when: >
+        (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 16) or
+        (ansible_os_family == "RedHat" and ansible_distribution_major_version | int >= 8)
+    - name: Debian | Refresh apt cache
+      ansible.builtin.apt:
+        update_cache: yes
+        cache_valid_time: 3600
+      when: ansible_os_family == "Debian"
+  roles:
+    - mdsketch.teleport

molecule/default/converge.yml

@@ -0,0 +1,24 @@
+---
+dependency:
+  name: galaxy
+  enabled: False
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: ${MOLECULE_DISTRO:-ubuntu:22.04}
+    # env:
+    #   http_proxy: ${http_proxy}
+    #   https_proxy: ${https_proxy}
+    #   no_proxy: ${no_proxy}
+    groups:
+      - teleportclients
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      verbosity: 2
+scenario:
+  name: default
+verifier:
+  name: ansible

molecule/default/molecule.yml

@@ -0,0 +1,4 @@
+---
+
+collections:
+  - ansible.posix