Tests for the Arch Linux infrastructure

栏目: IT技术 · 发布时间: 4年前

内容简介:The Arch Linux DevOps team uses a combination of Ansible and Terraform to manage their hosts. If you want to have a look on their infrastructure repository, you can do so via this link:https://git.archlinux.org/infrastructure.git/tree/The combination of An

The Arch Linux DevOps team uses a combination of Ansible and Terraform to manage their hosts. If you want to have a look on their infrastructure repository, you can do so via this link:https://git.archlinux.org/infrastructure.git/tree/

The combination of Ansible and Terraform works quite well for Arch Linux, the only subject we are missing is proper testing. I want to present a small proof of concept on how we could do tests in the future. My approach uses molecule for testing. Molecule utilizes Vagrant and Docker for running the Ansible Playbooks.

Arch Linux provides images for both of them, since quite a while now. These projects are called Arch-Boxes and Archlinux-Docker . Therefore it makes sense to reuse them infrastructure tests.

The actual test are written in Python with support of the librarytestinfra.

So let us pick a first role we want to test:

infrastructure/roles/sshd :

❯ ls -la
drwxr-xr-x - chris 15 Dec  2019 handlers
drwxr-xr-x - chris 15 Dec  2019 tasks
drwxr-xr-x - chris 15 Dec  2019 templates

We can initialize a molecule test scenario on an already existing Ansible role via molecule init scenario --role-name sshd --driver-name vagrant . The command is going to create a molecule directory for us. The created directory will have this structure:

❯ tree molecule 
molecule
└── default
   ├── INSTALL.rst
   ├── molecule.yml
   ├── playbook.yml
   ├── prepare.yml
   └── tests
      ├── __pycache__
      │  ├── test_default.cpython-38-pytest-5.3.5.pyc
      │  └── test_default.cpython-38.pyc
      └── test_default.py

The interesting files we will have a look at are molecule.yml , prepare.yml and test_default.py . In molecule.yml we configure basic molecule behavior. In prepare.yml we can do first preparations with Ansible (we need to do this, because Arch Linux is slightly different to distributions the molecule team normally uses). test_default.py stores our tests as testinfra functions.

The molecule.yml shouldn’t be so different for Arch Linux to the one that is usually generated by molecule, but let me highlight the changes:

infrastructure/roles/sshd/molecule/default/molecule.yml :

---
dependency:
  name: galaxy
driver:
  # We use Vagrant here, because we have other roles that need kernel modules etc
  name: vagrant
  provider:
    name: virtualbox
lint:
  name: yamllint
platforms:
  # Here we specify our official archlinux/archlinux image
  - name: instance
    box: archlinux/archlinux
provisioner:
  name: ansible
  lint:
    name: ansible-lint
  # This option is important. The Ansible infrastructure roles use root on default.
  # So we need to gain privilege via sudo and become root for running all roles.
  connection_options:
    ansible_become: true
verifier:
  name: testinfra
  lint:
    name: flake8

prepare.yml includes some magic, regarding mirror setup, installing python and a fresh restart. We need this mirror setup tasks, because we are just enabling all mirrors in our Arch Linux Vagrant box right now. This leads to slow mirrors. I am going to fix this in a new Arch-Boxes release. For now I just set static mirrors from which I know that they are fast for my location. In the second prepare.yml task we need to install python for Ansible. Consider that I use pacman -Syu here, because I want a full system upgrade, everything else will lead us into trouble when playing around with kernel modules (Arch Linux provides still no nice way to use kernel modules when you’ve installed a new kernel). Due to the full system upgrade, we need to reboot for making sure that we boot into the new kernel.

infrastructure/roles/sshd/molecule/default/prepare.yml

---
- name: Prepare
  hosts: all
  gather_facts: false
  tasks:
    - name: Setup fast mirror
      raw: echo -e "Server = https://mirror.metalgamer.eu/archlinux/\$repo/os/\$arch\nServer = https://mirror.metalgamer.eu/archlinux/\$repo/os/\$arch\nhttps://ftp.spline.inf.fu-berlin.de/mirrors/archlinux/\$repo/os/\$arch" > /etc/pacman.d/mirrorlist
      become: true
    - name: Install python for Ansible
      raw: test -e /usr/bin/python || (pacman -Syu --noconfirm python)
      become: true
      changed_when: false
    - name: Reboot for kernel updates
      reboot:

The last important file is test_default.py . test_default.py stores our unit tests for the Ansible roles. Right now I am just checking for an installed openssh package and a running and enabled sshd daemon. The usage of testinfra should be self-explanatory, however I didn’t make experience with more complex tasks like comparing templates yet. I can imagine that this will become very tedious for us. The future will show if the usage of testinfra suits our demands. If not we either use a different library or we need to stay with Ansible and YAML linting + tests on clean VMs or Docker containers. Both of them would be already far better than the current situation with no tests at all.

infrastructure/roles/sshd/molecule/default/tests/test_default.py :

import os

import testinfra.utils.ansible_runner

testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    os.environ['MOLECULE_INVENTORY_FILE']
).get_hosts('all')


def test_openssh_is_installed(host):
    openssh = host.package("openssh")
    assert openssh.is_installed


def test_openssh_is_running_and_enabled(host):
    openssh = host.service("sshd")
    assert openssh.is_running
    assert openssh.is_enabled

If you are interested in this work, you can follow my branch on github:

https://github.com/shibumi/infrastructure/tree/shibumi/molecule-tests


以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

图解物联网

图解物联网

[ 日] NTT DATA集团、河村雅人、大塚纮史、小林佑辅、小山武士、宫崎智也、石黑佑树、小岛康平 / 丁 灵 / 人民邮电出版社 / 2017-4 / 59.00元

本书图例丰富,从设备、传感器及传输协议等构成IoT的技术要素讲起,逐步深入讲解如何灵活运用IoT。内容包括用于实现IoT的架构、传感器的种类及能从传感器获取的信息等,并介绍了传感设备原型设计必需的Arduino等平台及这些平台的选择方法,连接传感器的电路,传感器的数据分析,乃至IoT跟智能手机/可穿戴设备的联动等。此外,本书以作者们开发的IoT系统为例,讲述了硬件设置、无线通信及网络安全等运用Io......一起来看看 《图解物联网》 这本书的介绍吧!

HTML 编码/解码
HTML 编码/解码

HTML 编码/解码

正则表达式在线测试
正则表达式在线测试

正则表达式在线测试

HSV CMYK 转换工具
HSV CMYK 转换工具

HSV CMYK互换工具