February 14, 2022 By Naveen Mereddi 3 min read

Molecule is the official testing framework for Ansible roles. IBM Cloud DevSecOps provides toolchains that align with the requirements of the Financial Services Industry.

Follow this link to deploy a secure application with DevSecOps best practices.

In this blog post, I am going to discuss how to set up molecule tests and execute them as part of both the Pull Request (PR) and Continuous Integration (CI) pipeline.

Setup

Provision a bare metal server using IBM Cloud. If you already have existing infrastructure, you can use that too, you’ll just need to ensure there’s access to this machine from IBM Cloud. You can set up a user with minimal privileges on this machine to run the tests. The credentials for this user will be used to drive the tests.

Since the toolchains come with an integrated Tekton pipeline to automate continuous build, test and deployment of applications, you can script a simple shell script to be executed from inside a container. The following script should serve as an example. The driver for molecule is set as vagrant and the provider is VirtualBox.

The secure parameters are read from the environment variables configured in the pipeline:

1.	#!/usr/bin/env bash
2.	 
3.	apt-get update
4.	apt-get install -y sshpass
5.	 
6.	# Set the following environmental properties in BOTH ci-pr-pipline and ci-pipeline.
7.	#   login_username
8.	#   testing_server_ip
9.	#   login_user_pwd (secure value)
10.	 
11.	login_username=$(cat /config/login_username)
12.	testing_server_ip=$(cat /config/testing_server_ip)
13.	 
14.	repo_org=$APP_REPO_ORG
15.	repo_name=$APP_REPO_NAME
16.	branch=$BRANCH
17.	pipeline_id=$PIPELINE_RUN_ID
18.	 
19.	working_directory="$repo_org-$repo_name-$branch-$pipeline_id"
20.	 
21.	sshpass -p $(cat /config/login_user_pwd) ssh -o StrictHostKeyChecking=no \
22.	    $login_username@$testing_server_ip \
23.	    "rm -rf ~/$working_directory; \
24.	    mkdir ~/$working_directory; \
25.	    cd ~/$working_directory; \
26.	    git clone git@github.ibm.com:$repo_org/$repo_name.git;cd ~/$working_directory/$repo_name; \
27.	    git checkout $branch; \
28.	    bash -s < scripts/run_test.sh"
29.	 
30.	exit_status=$?
31.	echo $exit_status
32.	 
33.	sshpass -p $(cat /config/login_user_pwd) ssh -o StrictHostKeyChecking=no \
34.	    $login_username@$testing_server_ip \
35.	    "rm -rf ~/$working_directory"
36.	 
37.	exit $exit_status
38.
39.

Because the script gets executed inside a container, all the transactions that transpire are ephemeral.

You can automate the entire molecule testing phases as follows:

1.	echo "Cleaning up existing VMs and cache"
2.	sh scripts/cleanup.sh kvm
3.	 
4.	python3 -m venv venv
5.	source venv/bin/activate
6.	 
7.	pip install --upgrade pip
8.	 
9.	pip install -r ./requirements.txt
10.	 
11.	molecule lint -s kvm
12.	exit_status=$?
13.	if [ $exit_status -ne 0 ]; then
14.	  molecule destroy -s kvm
15.	  echo $exit_status
16.	  exit $exit_status
17.	fi
18.	 
19.	molecule converge -s kvm
20.	exit_status=$?
21.	if [ $exit_status -ne 0 ]; then
22.	  molecule destroy -s kvm
23.	  echo $exit_status
24.	  exit $exit_status
25.	fi
26.	 
27.	molecule verify -s kvm
28.	exit_status=$?
29.	if [ $exit_status -ne 0 ]; then
30.	  molecule destroy -s kvm
31.	  echo $exit_status
32.	  exit $exit_status
33.	fi
34.	 
35.	molecule idempotence -s kvm
36.	exit_status=$?
37.	if [ $exit_status -ne 0 ]; then
38.	  molecule destroy -s kvm
39.	  echo $exit_status
40.	  exit $exit_status
41.	fi
42.	 
43.	 
44.	deactivate
45.	 

You can also write an optional script to clean up the vagrant machines:

1.	#!/bin/bash
2.	 
3.	echo $1
4.	vagrant global-status --prune | grep $1 | awk '{print $1}' | while read -r line; do vagrant destroy -f $line; done
5.	 
6.	echo "Cleaning cache"
7.	rm -rf ~/.cache/molecule/$1/
8.	 
9.	echo "About to stop the VMs on the Bare Metals"
10.	for vm in $(VBoxManage list vms | grep $1 | awk '{print substr($2, 2, length($2) - 2)}')
11.	do
12.	echo "Powering off VM ${vm}"
13.	VBoxManage controlvm ${vm} poweroff
14.	VBoxManage unregistervm ${vm}
15.	echo "VM ${vm} powered off"
16.	done
17.	 
18.	echo "Cleaning VMs"
19.	ls -lrt ~/VirtualBox\ VMs/ | grep $1 | awk '{print $9}' | while read -r line; do echo $line;rm -rf ~/VirtualBox\ VMs/$line; done
20.	 

Conclusion

In this blog post, we went over the process of setting up a repeatable process to test the molecule tests that can validate the Ansible playbooks for a given role. The pipelines get executed anytime a pull request is opened against a specific branch and when the code is merged into the base branch.

Learn more about IBM Cloud DevSecOps.

Was this article helpful?
YesNo

More from Cloud

Attention new clients: exciting financial incentives for VMware Cloud Foundation on IBM Cloud

4 min read - New client specials: Get up to 50% off when you commit to a 1- or 3-year term contract on new VCF-as-a-Service offerings, plus an additional value of up to USD 200K in credits through 30 June 2025 when you migrate your VMware workloads to IBM Cloud®.1 Low starting prices: On-demand VCF-as-a-Service deployments begin under USD 200 per month.2 The IBM Cloud benefit: See the potential for a 201%3 return on investment (ROI) over 3 years with reduced downtime, cost and…

24 IBM offerings winning TrustRadius 2024 Top Rated Awards

2 min read - TrustRadius is a buyer intelligence platform for business technology. Comprehensive product information, in-depth customer insights and peer conversations enable buyers to make confident decisions. “Earning a Top Rated Award means the vendor has excellent customer satisfaction and proven credibility. It’s based entirely on reviews and customer sentiment,” said Becky Susko, TrustRadius, Marketing Program Manager of Awards. Top Rated Awards have to be earned: Gain 10+ new reviews in the past 12 months Earn a trScore of 7.5 or higher from…

IBM Tech Now: April 8, 2024

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 96 On this episode, we're covering the following topics: IBM Cloud Logs A collaboration with IBM watsonx.ai and Anaconda IBM offerings in the G2 Spring Reports Stay plugged in You can check out the…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters