It seems I just came along with the same problem as everybody else: CI on ansible roles without VMs, so thanks for this hard work!
However, although this is actually great, I find it to be a bit unhelpful in the testing paradigm it encompasses.
The Problem
This is the current paradigm encouraged by this project:
Write your role.
Mount your role in a server with the OS you want.
Run the role locally.
Repeat all of the above, once per OS.
... and it's OK, but it's not the paradigm one usually uses with Ansible:
Write your role.
Create an inventory which configures SSH access to all of your servers.
Run your playbook simultaneously.
Why the change is needed
I'm developing a role that tries to set up a docker swarm; per design, testing such role needs a cluster of servers, that need to be interconectable, need to be booted separately, and need to have diferent roles, because the process is:
Enter one of the managers and init the swarm.
Enter the other managers and join the swarm as manager.
Enter the workers and join the swarm as workers.
Thus, cluster-wide roles need this kind of testing workflow to assure delegation works. Another possible examples:
Kubernetes
Ceph
GlusterFS
Etcd
The solution
So I personally think this project needs to go the next step further: providing an sshd version for each OS that bundles sshd preinstalled and preconfigured with:
Listening on port 22
3 users (username will be the same as password):
root
unprivileged
privileged (normal user with sudo enabled)
The new paradigm
With this set up on place, you finally are able to mimic the real workflow of an ansible playbook in your CI. Your CI should look like this now:
# test.cfg, your test inventory
localhost ansible_connection=local
[all:vars]
host=127.0.0.1
# I'll use the swarm example here, but it could be anything
[manager]
server0 ansible_port=220
server1 ansible_port=221
server2 ansible_port=222
[worker]
server3 ansible_port=223
server4 ansible_port=224
server5 ansible_port=225
# test.yml, your actual test playbook
- hosts: localhost
# My suggestion is that this step should be instead: role=ansiblecheck.cluster,
# a new project under this namespace that uses some variables to boot a ready-to-test cluster
tasks:
docker_service:
project_name: testcluster
definition:
version: "2.2"
services:
server0:
image: ansiblecheck/ansiblecheck:centos-7-sshd
ports:
- "220:22"
server1:
image: ansiblecheck/ansiblecheck:ubuntu-16.04-sshd
ports:
- "221:22"
server2:
image: ansiblecheck/ansiblecheck:ubuntu-14.04-sshd
ports:
- "222:22"
server3:
image: ansiblecheck/ansiblecheck:debian-wheezy-sshd
ports:
- "223:22"
# you can imagine the rest...
- hosts: manager
roles:
- role: .
vars:
manager: true
- hosts: worker
roles:
- role: .
vars:
manager: false
The benefits
I see many:
New CI paradigm mimics the one you'll find when deploying to production.
Instead of complex .travis.yml files, we'd have now a simple one.
Simpler testing in CIs without matrix, such as Gitlab's.
You can test parallelism in your roles, which is important to ensure many of Ansible features work, such as delegation (essential in my case).
Ansible is the one that takes care on the underlying OS of the target server (container), NOT travis. That's what should happen in production.
The questions
Most important: Do you agree with this change?
Should we add the -sshd variants to current images, or is it better to add a new GH+DockerHub project called i.e. ansiblecheck/sshd, which creates new images based on this ones?
Do you agree on creating a Galaxy role to deploy a test cluster with just this?:
- hosts: localhost
roles: ansiblecheck.cluster
This would be yet another GH repo called i.e. ansiblecheck/ansible-role-cluster, and of course some Ansible Galaxy integraton.
One cool thing is that this role could parse the main role metadata file and issue a failure if some OS from that file is not being deployed in the cluster.
It seems I just came along with the same problem as everybody else: CI on ansible roles without VMs, so thanks for this hard work!
However, although this is actually great, I find it to be a bit unhelpful in the testing paradigm it encompasses.
The Problem
This is the current paradigm encouraged by this project:
... and it's OK, but it's not the paradigm one usually uses with Ansible:
Why the change is needed
I'm developing a role that tries to set up a docker swarm; per design, testing such role needs a cluster of servers, that need to be interconectable, need to be booted separately, and need to have diferent roles, because the process is:
Thus, cluster-wide roles need this kind of testing workflow to assure delegation works. Another possible examples:
The solution
So I personally think this project needs to go the next step further: providing an sshd version for each OS that bundles sshd preinstalled and preconfigured with:
The new paradigm
With this set up on place, you finally are able to mimic the real workflow of an ansible playbook in your CI. Your CI should look like this now:
The benefits
I see many:
.travis.yml
files, we'd have now a simple one.The questions
Most important: Do you agree with this change?
Should we add the
-sshd
variants to current images, or is it better to add a new GH+DockerHub project called i.e.ansiblecheck/sshd
, which creates new images based on this ones?Do you agree on creating a Galaxy role to deploy a test cluster with just this?:
This would be yet another GH repo called i.e.
ansiblecheck/ansible-role-cluster
, and of course some Ansible Galaxy integraton.One cool thing is that this role could parse the main role metadata file and issue a failure if some OS from that file is not being deployed in the cluster.
Can I help? :blush: