WIP: feat(lint): tests and lint for ansible

.ansible-lint

@@ -2,3 +2,24 @@
 skip_list:
   - run_once[play]
   - no-changed-when
+  - yaml  # Don't enforce line length
+  - no-handler  # Don't require handlers for service restarts
+  - role-name  # Don't enforce role naming conventions
+  - command-instead-of-module  # Sometimes shell commands are necessary
+
+# Exclude paths from linting
+exclude_paths:
+  - .github/
+  - .git/
+  - .venv/
+  - ansible/roles/*/molecule/
+
+# Determine whether to fail on warnings
+warn_list:
+  - experimental  # tasks using experimental features
+
+# Be quiet about skipped rules
+quiet: false
+
+# Make output parsable
+parseable: true

.github/workflows/ansible-tests.yml

@@ -0,0 +1,68 @@
+name: Ansible Role Tests
+
+on:
+  push:
+    branches: [ main, master ]
+    paths:
+      - 'ansible/**'
+  pull_request:
+    branches: [ main, master ]
+    paths:
+      - 'ansible/**'
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible ansible-lint yamllint
+
+      - name: Run ansible-lint
+        run: |
+          ansible-lint ansible/
+
+  molecule:
+    needs: lint
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        role:
+          - common
+          # Add other roles as they are configured with molecule
+        scenario:
+          - default
+          - oracle
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install molecule molecule-docker docker ansible-core ansible-lint
+
+      - name: Set up Docker
+        uses: docker/setup-buildx-action@v2
+
+      - name: Run Molecule tests
+        run: |
+          cd ansible/roles/${{ matrix.role }}
+          molecule test -s ${{ matrix.scenario }}
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'

.pre-commit-config.yaml

@@ -0,0 +1,23 @@
+repos:
+  - repo: https://github.com/ansible/ansible-lint
+    rev: v6.17.0  # Use latest version
+    hooks:
+      - id: ansible-lint
+        files: \.(yaml|yml)$
+        types: [file, yaml]
+        entry: ansible-lint
+
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-added-large-files
+
+  - repo: https://github.com/adrienverge/yamllint
+    rev: v1.31.0
+    hooks:
+      - id: yamllint
+        files: \.(yaml|yml)$
+        types: [file, yaml]

ansible/README_TESTING.md

@@ -0,0 +1,134 @@
+# Ansible Role Testing
+
+This document outlines the testing framework and approach for the Ansible roles in this repository.
+
+## Overview
+
+The testing framework uses [Molecule](https://molecule.readthedocs.io/) to test Ansible roles across different scenarios and platforms. The framework ensures that:
+
+1. Roles have correct syntax
+2. Roles can be applied successfully
+3. Roles are idempotent (can be run multiple times without changing the result)
+4. Roles produce the expected system state
+
+## Prerequisites
+
+To run the tests locally, you'll need:
+
+```bash
+# Install dependencies
+pip install molecule molecule-docker ansible-lint pytest-testinfra
+
+# For Docker driver
+brew install docker-compose
+```
+
+## Test Structure
+
+Each role may have multiple test scenarios, typically:
+
+- `default`: Tests the role with standard parameters
+- `oracle`: Tests the role with Oracle Cloud specific parameters
+- Other platform-specific scenarios as needed
+
+### Directory Structure
+
+```
+roles/
+  common/
+    molecule/
+      default/
+        molecule.yml    # Test configuration
+        converge.yml    # Playbook to apply the role
+        verify.yml      # Tests to validate the role worked correctly
+      oracle/
+        molecule.yml    # Oracle-specific test configuration
+        converge.yml    # Oracle-specific apply playbook
+        verify.yml      # Oracle-specific validation tests
+```
+
+## Running Tests
+
+You can run tests using the provided script:
+
+```bash
+# Run all tests for all roles
+./scripts/run-ansible-tests.sh
+
+# Run tests for a specific role
+./scripts/run-ansible-tests.sh common
+
+# Run a specific scenario for a role
+./scripts/run-ansible-tests.sh -s oracle common
+
+# Just run the linting
+./scripts/run-ansible-tests.sh --lint common
+
+# List roles with tests
+./scripts/run-ansible-tests.sh --list
+```
+
+## Test Phases
+
+The Molecule tests run through the following phases:
+
+1. **Lint**: Check code quality using ansible-lint
+2. **Syntax**: Verify playbook syntax
+3. **Create**: Create test containers
+4. **Prepare**: Prepare the container for testing
+5. **Converge**: Run the role against the container
+6. **Idempotence**: Run the role again to verify no changes
+7. **Verify**: Run tests to validate the container state
+8. **Destroy**: Clean up test containers
+
+## Writing Tests
+
+### Verification Tests
+
+Verification tests check that the role produces the expected state. They should verify:
+
+1. Required packages are installed
+2. Configuration files have the correct content
+3. Services are running (if applicable)
+4. The system behaves as expected
+
+Example verification test in `verify.yml`:
+
+```yaml
+---
+- name: Verify
+  hosts: all
+  become: true
+  tasks:
+    - name: Check if packages are installed
+      ansible.builtin.package:
+        name: "{{ item }}"
+        state: present
+      check_mode: true
+      register: pkg_status
+      failed_when: pkg_status.changed
+      loop:
+        - package1
+        - package2
+
+    - name: Check if configuration file exists
+      ansible.builtin.stat:
+        path: "/etc/myconfig.conf"
+      register: config_file
+
+    - name: Verify configuration file
+      ansible.builtin.assert:
+        that: config_file.stat.exists
+```
+
+## Continuous Integration
+
+These tests are designed to run in a CI/CD pipeline. They validate that roles work properly across different scenarios before changes are merged.
+
+## Best Practices
+
+1. Write tests for all roles
+2. Keep tests focused and concise
+3. Test for both presence (things that should exist) and absence (things that shouldn't)
+4. Use assertion messages to make test failures clear
+5. Test roles across multiple platforms when possible

ansible/build-jvb.yml

@@ -1,4 +1,4 @@
 ---
 - name: Provision
   hosts: localhost
   connection: local
@@ -10,7 +10,7 @@
   tasks:
     - name: "Provision ec2 security group"
       delegate_to: localhost
-      amazon.aws.ec2_group:
+      amazon.aws.ec2_security_group:
         name: "{{ ec2_security_group_name }}-amibuilder"
         description: "VaaS Load test security group for temporary ec2 instance"
         vpc_id: "{{ ec2_vpc_id }}"
@@ -27,7 +27,7 @@
             cidr_ip: 0.0.0.0/0
     - name: "Provision ec2 instance"
       delegate_to: localhost
-      amazon.aws.ec2:
+      amazon.aws.ec2_instance:
         key_name: "{{ ec2_keypair }}"
         vpc_subnet_id: "{{ ec2_vpc_subnet_id }}"
         instance_type: "{{ ec2_instance_type }}"
@@ -182,8 +182,7 @@
 
     - name: "Terminate temporary instance"
       delegate_to: localhost
-      amazon.aws.ec2:
-        module: ec2
+      amazon.aws.ec2_instance:
         state: absent
         wait: true
         wait_timeout: 500
@@ -192,8 +191,7 @@
 
     - name: "Drop ec2 security group"
       delegate_to: localhost
-      amazon.aws.ec2_group:
-        module: ec2_group
+      amazon.aws.ec2_security_group:
         name: "{{ ec2_security_group_name }}-amibuilder"
         description: "VaaS Load test security group for temporary ec2 instance"
         state: 'absent'

ansible/roles/common/molecule/default/converge.yml

@@ -0,0 +1,9 @@
+---
+- name: Converge
+  hosts: all
+  become: true
+  become_user: root
+  tasks:
+    - name: "Include common role"
+      ansible.builtin.include_role:
+        name: "common"

ansible/roles/common/molecule/default/molecule.yml

@@ -0,0 +1,64 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: ubuntu-focal
+    image: dokken/ubuntu-20.04
+    command: /lib/systemd/systemd
+    capabilities:
+      - SYS_ADMIN
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: true
+  - name: ubuntu-jammy
+    image: dokken/ubuntu-22.04
+    command: /lib/systemd/systemd
+    capabilities:
+      - SYS_ADMIN
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: true
+provisioner:
+  name: ansible
+  playbooks:
+    converge: converge.yml
+    verify: verify.yml
+  inventory:
+    host_vars:
+      ubuntu-focal:
+        ansible_user: root
+        locale: "en_US.UTF-8"
+        common_install_pip_flag: true
+        common_install_pip3_flag: true
+        ansible_distribution_major_version: "20"
+        common_cloud_provider: "aws"
+      ubuntu-jammy:
+        ansible_user: root
+        locale: "en_US.UTF-8"
+        common_install_pip_flag: false
+        common_install_pip3_flag: true
+        ansible_distribution_major_version: "22"
+        common_cloud_provider: "aws"
+  lint:
+    name: ansible-lint
+    options:
+      x:
+        - 204  # [204] Lines should be no longer than 160 chars
+verifier:
+  name: ansible
+scenario:
+  test_sequence:
+    - lint
+    - dependency
+    - cleanup
+    - destroy
+    - syntax
+    - create
+    - prepare
+    - converge
+    - idempotence
+    - verify
+    - cleanup
+    - destroy