Automated testing of ansible roles

What is this?

Basic idea: whenever most things happen in your ansible repository (for example commit, pull request or release) then you want to automatically test the ansible code.

The basic tools:

  • syntax-checking
  • lint / codying style adherence
  • actually running the code
  • is it idempotent
  • does the end result look like you want it to?

How it should be done

Use something like molecule which can launch your container/virtual machine, run ansible, check for lint and also run some testing framework like serverspec/testinfra.

How I currently to do it

I use travis to test many ansible roles and playbooks. From travis you basically get an Ubuntu machine and in that you can run whatever you want.

Basic process I’ve used for ansible testing:

  • Configure docker on the Ubuntu machine (or LXC in some roles)
  • Launch a docker with the OS you want to test on (in my case mostly CentOS 7, but sometimes Debian)
  • Run ansible-playbook with –syntax-check, –check and twice to check for idempotency
  • Run some manual commands at the end to test whatever was configured / or at least print some config files to make sure they look OK

All of the above and more should be doable now with molecule, first and last time I tried I couldn’t get it to work but it’s looking better.

Actual commands to test and a FreeIPA workshop

In preparation for the RH414 course I’m taking next week I think I should have a look at kerberos, freeipa and bind a bit :)

During there was a workshop on FreeIPA. (There were many other interesting talks there, for example the Network Performance Tuning by Jamie Bainbridge).

There is a video to accompany it:



  • Bonus feature: get acquainted with vagrant too!

Vagrant 1.7.4 and Virtualbox 5.0 works just fine together (except I had some issues with network interfaces on Ubuntu 15.10 and Virtualbox 5 and Vagrant – the MAC addresses were the same on the VM’s interfaces to the “NAT” network- they also got some weird IP addresses there). I could only find that IP used in resolv.conf (from the dhcp) – so that could be changed.

read on
Posted at 1pm on 31/03/16 | No Comments » | Filed Under: IT