Below you will find the information needed to contribute to this project.
Note that by contributing to this collection, you agree with the code of conduct you can find here.
To begin development on this collection, you need to have the following dependencies installed:
- A python version that supports the release of
ansible-core
inrequirements.txt
(see "Control node Python" here) podman
for running tests (see this section for details)
To get started quickly:
- Fork the repository and clone it to your local machine.
- Run
./scripts/setup.sh
to configure a local dev environment (virtualenv) with all required dependencies. - Activate the virtualenv with
source .venv/bin/activate
. - Make your changes and commit them to a new branch.
- Run the tests locally by running
./tests/test-<target>
. See below for more details on these testing scripts. - Once you're done, commit your changes (make sure that you are in the venv). Pre-commit will format your code and check for any obvious errors when you do so..
There are currently no modules in this collection. Here are some notes and pointers if you would like to write a module for a given use case:
- All modules should target Python 3.6 as the minimum supported version.
- Read the Ansible module conventions.
- Use
doc_fragments
andmodule_utils
python modules where applicable. - Try to make modules idempotent where possible. Modules should always support check mode.
Each role in this collection performs a complex task to bring a remote host into a desired state. If you want to write a new role, look to the existing ones for inspiration.
Some general guidelines:
- Try to support most common Linux distributions (including Ubuntu, Debian, Fedora and Rockylinux)
- Keep the configuration for the user simple and try to provide sensible defaults where possible
- Try to avoid using complex data structures as role variables/parameters, use simple values that can be composed easily instead.
Writing tests for your contributions ensure that they continue working in the future. In addition to the testing venv, you will also need the following:
podman
4.0 or newer for both ansible-test and molecule (see here for a setup guide)
We use tox
in conjunction with tox-ansible
to run tests against both modules and roles with multiple Ansible versions.
If you set up your environment as described above, you should already have everything installed.
To run tests, use the wrapper scripts in the tests
directory from the collection root:
./tests/test-modules
will run ansible-test against the modules in the collection and verify themtest-modules-sanity
performs basic syntax and validation checkstest-modules-integration
runs the module integration test targets.
./tests/test-roles
will usemolecule
to run tests on all roles in the collection (this might take a long time!)- To limit the scope to a single role, add a filter parameter:
./tests/test-roles step_cli
- Alternatively, you can use
tox -l
to list all available scenarios and then select a single one withtox -e <scenario-name-here>
- To limit the scope to a single role, add a filter parameter:
To run role or module tests, you will need the following:
podman
version 4+ (as it comes with the new netvark networking stack)aardvark-dns
, a plugin for netvark which provides DNS between containers in the same network
On Archlinux, you can install these with this command: sudo pacman -S podman aardvark-dns
.
Other distributions may not have these versions available in their repositories, you might have install things manually.
NOTE: If you previously used an older (<=3.x
) version of podman
you will have to migrate to the new networking stack fist. This can be done with podman system reset
Finally, make sure that your user has a subuid/subgid configuration associated with them so that you can run rootless containers.
Check the /etc/subuid
and /etc/subgid
files for entries corresponding to your username.
If none are found, you can add them like so: sudo usermod --add-subuids 100000-165535 --add-subgids 100000-165535 <USERNAME>
(make sure that the range is not already taken by another user in /etc/subuid
//etc/subgid
).
Once you have applied your changes, run podman system migrate
to force podman
to pick up the new configuration.
That's it! Podman should now be working! To test it, you can run a container just like with docker: podman run --rm -it ubuntu bash
N/A
Testing Ansible roles ensures that they do exactly what we want them to and nothing more.
We perform role tests using molecule
with the molecule-podman
driver with rootless containers.
Why not just molecule-docker
? Simple: This collection needs systemd inside its test containers to manages services and interface with the system, and modern versions of systemd do not work inside docker containers anymore.
Meanwhile, podman
has official support for passing through the host systemd and with the 4.0 release, podman networking is now mature enough that we can use it in our role tests. In addition, podman
offers daemonless, rootless containers, which improves security considerably.
Before you run any tests, make sure you follow the instructions in the following section.
Once you're done, you can:
- See all available scenarios with
tox -l
and look for the scenarios starting withansible-py*
. - Run all molecule scenarios with
tests/test-roles
. - Pass a (partial) scenario name as a filter to limit execution (for example,
/tests/test-roles my-role
to limit molecule scenarios to the ACME role only).
There are tons of good guides online for how to write tests using molecule. Alternatively, you can always look at the existing molecule scenarios in this collection
When creating a new molecule scenario, your directory structure should look like this:
some_role/
defaults/
meta/
molecule/
default/
converge.yml
molecule.yml
prepare.yml
requirements.txt # --> symlink to /requirements-molecule.txt
verify.yml
another-scenario/
...
tasks
...
The requirements.txt
symlink is used by tox-ansible
when running tests via tox
to install a specific, known-good version of molecule
and the molecule-podman
driver.
Below is a shortened example molecule.yml
that you can include in your own scenarios:
---
dependency:
name: galaxy
driver:
name: podman
platforms:
# Example for a systemd-enabled test container
- name: my-role-ubuntu-22
# We use the images provided by geerlingguy where possible, as they provide out-of-the-box
# support for Ansible (pre_build_image=true, speeds up testing).
image: "docker.io/geerlingguy/docker-ubuntu2204-ansible"
# Grouping your hosts makes it easier to address them in your playbooks
groups:
- ubuntu
# By default, molecule overrides the container start command with a while-true loop.
# Instead, we want systemd to be the init command, which is already the case for geerlingguy images
override_command: false
# When false, this causes molecule to modify the container so that ansible can connect to it.
# This is not needed for geerlingguy containers
pre_build_image: true
# Force podman systemd integration. By default, podmans systemd detection only uses a few specific paths,
# which might get not detected on some distros
systemd: always
# Assign the container to a non-default network. This is required when you want inter-container communication.
network: molecule-my-role
#... more platforms here
provisioner:
name: ansible
env:
# This is required for podman to function: https://github.com/ansible-community/molecule-podman/issues/2
ANSIBLE_PIPELINING: false
#ANSIBLE_VERBOSITY: 3 # enable for debugging
#inventory:
#group_vars:
#all:
# Set cross-container inventory parameters here
scenario:
test_sequence:
- lint
- destroy
- dependency
- syntax
- create
- prepare
- converge
- idempotence
- check # also run check mode in regular tests
- side_effect
- verify
- destroy
verifier:
name: ansible
- To update the python that is used to run the tests, bump the values in
tests/constants.sh
- This project uses sematic versioning. Version numbers and releases/changelogs are automatically generated using release-drafter, utilizing pull request labels.
- When merging a pull request, make sure to select an appropriate label (pr-bugfix, pr-feature, etc.). Release-drafter will automatically update the draft release changelog and the galaxy.yml version will be bumped if needed.
- Once a draft release is actually published, collection packages will be added to the release and ansible-galaxy automatically.
- If you need to manually bump the collection version, run the
update-version
script and adjust the test versions if required.