Ansible Role CI for Ceph using Molecule, OpenStack, Ceph-Ansible and GitHub Actions — Part 3
Part 3: Automatically run the Molecule test using GitHub Actions and OpenStack
Part 1: Configuring Molecule OpenStack Driver
Part 2: Install Ceph on the servers using ceph-ansible
I described in parts 1 and 2 how to use Molecule and OpenStack to test a Ansible roles with a working Ceph test environment hosted in the cloud.
In this 3rd and final part I will describe how to connect the Molecule testing infrastructure to GitHub Actions to create an automated Continuous Integration workflow for your GitHub git repository.
An automated Continuous Integration workflow makes it easier to manage contributions from the community and improves the quality of the contributions by enforcing baseline test and code quality checks.
First, I need to give each server a unique name in order to prevent a race condition in case there are multiple concurrent the Molecule tests running at the same time on the OpenStack Cloud environment. I modified molecule.yml to add environment variables to the server names so GitHub Actions can generate unique strings as environment variables and insert them in the server name.
platforms:
- name: "mon-${MON:-1}"
image: CentOS 7.6 x86_64
flavor: m1.medium
groups:
- mons
- mgrs
- name: "osd-${OSD1:-1}"
image: CentOS 7.6 x86_64
flavor: m1.medium
groups:
- osds
- name: "osd-${OSD2:-2}"
image: CentOS 7.6 x86_64
flavor: m1.medium
groups:
- osds
- name: "osd-${OSD3:-3}"
image: CentOS 7.6 x86_64
flavor: m1.medium
groups:
- osdsNext I will begin to create the GitHub Actions workflow in .github/workflows/molecule-test.yml. Before starting, the OpenStack credentials need to be added as GitHub Secrets so they can be used as environment variables for the Molecule OpenStack driver. In this example, my OpenStack environment supports Application Credentials, so I will add the values for OS_AUTH_URL, OS_APPLICATION_CREDENTIAL_ID, and OS_APPLICATION_CREDENTIAL_SECRET to GitHub Secrets.
From there the GitHub Action workflow file looks like a standard GitHub Actions workflow for any Molecule test. The GitHub Actions workflow checks out the repository, sets up Python, installs the required Python modules, creates environment variables with unique strings using uuidgen to create the unique server names required above, then runs the molecule tests.
---
name: Molecule Test
on: [push]
jobs:
build:
runs-on: ubuntu-latest
env:
ANSIBLE_CALLBACK_WHITELIST: profile_tasks
OS_AUTH_TYPE: v3applicationcredential
OS_AUTH_URL: ${{ secrets.OS_AUTH_URL }}
OS_IDENTITY_API_VERSION: 3
OS_REGION_NAME: SDSC
OS_INTERFACE: public
OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
steps:
- name: Checkout the repository
uses: actions/checkout@v1
- name: Set up Python 3
uses: actions/setup-python@v1
with:
python-version: '3.x'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install 'ansible>=2.9.0,<3.0.0' ansible-lint docker flake8 'molecule<4.0.0' molecule-openstack==0.1 netaddr --force-reinstall
- name: Test with molecule
run: |
export MON=`uuidgen`
export OSD1=`uuidgen`
export OSD2=`uuidgen`
export OSD3=`uuidgen`
mkdir /home/runner/ansible/
molecule test --allIt can take 20–30 minutes to complete the Molecule tests, so I recommend doing something else while they complete.
After following all 3 parts you will have a complete Continuous Integration workflow powered by OpenStack to test even the most complex roles. With a few modifications, you can use this approach to test whole playbooks for a GitOps environment.
The full repository of all of the code is at https://github.com/kevincoakley/ansible-role-ceph-pools
