February 14, 2022 By Naveen Mereddi 3 min read

Molecule is the official testing framework for Ansible roles. IBM Cloud DevSecOps provides toolchains that align with the requirements of the Financial Services Industry.

Follow this link to deploy a secure application with DevSecOps best practices.

In this blog post, I am going to discuss how to set up molecule tests and execute them as part of both the Pull Request (PR) and Continuous Integration (CI) pipeline.


Provision a bare metal server using IBM Cloud. If you already have existing infrastructure, you can use that too, you’ll just need to ensure there’s access to this machine from IBM Cloud. You can set up a user with minimal privileges on this machine to run the tests. The credentials for this user will be used to drive the tests.

Since the toolchains come with an integrated Tekton pipeline to automate continuous build, test and deployment of applications, you can script a simple shell script to be executed from inside a container. The following script should serve as an example. The driver for molecule is set as vagrant and the provider is VirtualBox.

The secure parameters are read from the environment variables configured in the pipeline:

1.	#!/usr/bin/env bash
3.	apt-get update
4.	apt-get install -y sshpass
6.	# Set the following environmental properties in BOTH ci-pr-pipline and ci-pipeline.
7.	#   login_username
8.	#   testing_server_ip
9.	#   login_user_pwd (secure value)
11.	login_username=$(cat /config/login_username)
12.	testing_server_ip=$(cat /config/testing_server_ip)
14.	repo_org=$APP_REPO_ORG
15.	repo_name=$APP_REPO_NAME
16.	branch=$BRANCH
17.	pipeline_id=$PIPELINE_RUN_ID
19.	working_directory="$repo_org-$repo_name-$branch-$pipeline_id"
21.	sshpass -p $(cat /config/login_user_pwd) ssh -o StrictHostKeyChecking=no \
22.	    $login_username@$testing_server_ip \
23.	    "rm -rf ~/$working_directory; \
24.	    mkdir ~/$working_directory; \
25.	    cd ~/$working_directory; \
26.	    git clone git@github.ibm.com:$repo_org/$repo_name.git;cd ~/$working_directory/$repo_name; \
27.	    git checkout $branch; \
28.	    bash -s < scripts/run_test.sh"
30.	exit_status=$?
31.	echo $exit_status
33.	sshpass -p $(cat /config/login_user_pwd) ssh -o StrictHostKeyChecking=no \
34.	    $login_username@$testing_server_ip \
35.	    "rm -rf ~/$working_directory"
37.	exit $exit_status

Because the script gets executed inside a container, all the transactions that transpire are ephemeral.

You can automate the entire molecule testing phases as follows:

1.	echo "Cleaning up existing VMs and cache"
2.	sh scripts/cleanup.sh kvm
4.	python3 -m venv venv
5.	source venv/bin/activate
7.	pip install --upgrade pip
9.	pip install -r ./requirements.txt
11.	molecule lint -s kvm
12.	exit_status=$?
13.	if [ $exit_status -ne 0 ]; then
14.	  molecule destroy -s kvm
15.	  echo $exit_status
16.	  exit $exit_status
17.	fi
19.	molecule converge -s kvm
20.	exit_status=$?
21.	if [ $exit_status -ne 0 ]; then
22.	  molecule destroy -s kvm
23.	  echo $exit_status
24.	  exit $exit_status
25.	fi
27.	molecule verify -s kvm
28.	exit_status=$?
29.	if [ $exit_status -ne 0 ]; then
30.	  molecule destroy -s kvm
31.	  echo $exit_status
32.	  exit $exit_status
33.	fi
35.	molecule idempotence -s kvm
36.	exit_status=$?
37.	if [ $exit_status -ne 0 ]; then
38.	  molecule destroy -s kvm
39.	  echo $exit_status
40.	  exit $exit_status
41.	fi
44.	deactivate

You can also write an optional script to clean up the vagrant machines:

1.	#!/bin/bash
3.	echo $1
4.	vagrant global-status --prune | grep $1 | awk '{print $1}' | while read -r line; do vagrant destroy -f $line; done
6.	echo "Cleaning cache"
7.	rm -rf ~/.cache/molecule/$1/
9.	echo "About to stop the VMs on the Bare Metals"
10.	for vm in $(VBoxManage list vms | grep $1 | awk '{print substr($2, 2, length($2) - 2)}')
11.	do
12.	echo "Powering off VM ${vm}"
13.	VBoxManage controlvm ${vm} poweroff
14.	VBoxManage unregistervm ${vm}
15.	echo "VM ${vm} powered off"
16.	done
18.	echo "Cleaning VMs"
19.	ls -lrt ~/VirtualBox\ VMs/ | grep $1 | awk '{print $9}' | while read -r line; do echo $line;rm -rf ~/VirtualBox\ VMs/$line; done


In this blog post, we went over the process of setting up a repeatable process to test the molecule tests that can validate the Ansible playbooks for a given role. The pipelines get executed anytime a pull request is opened against a specific branch and when the code is merged into the base branch.

Learn more about IBM Cloud DevSecOps.

Was this article helpful?

More from Cloud

A clear path to value: Overcome challenges on your FinOps journey 

3 min read - In recent years, cloud adoption services have accelerated, with companies increasingly moving from traditional on-premises hosting to public cloud solutions. However, the rise of hybrid and multi-cloud patterns has led to challenges in optimizing value and controlling cloud expenditure, resulting in a shift from capital to operational expenses.   According to a Gartner report, cloud operational expenses are expected to surpass traditional IT spending, reflecting the ongoing transformation in expenditure patterns by 2025. FinOps is an evolving cloud financial management discipline…

IBM Power8 end of service: What are my options?

3 min read - IBM Power8® generation of IBM Power Systems was introduced ten years ago and it is now time to retire that generation. The end-of-service (EoS) support for the entire IBM Power8 server line is scheduled for this year, commencing in March 2024 and concluding in October 2024. EoS dates vary by model: 31 March 2024: maintenance expires for Power Systems S812LC, S822, S822L, 822LC, 824 and 824L. 31 May 2024: maintenance expires for Power Systems S812L, S814 and 822LC. 31 October…

24 IBM offerings winning TrustRadius 2024 Top Rated Awards

2 min read - TrustRadius is a buyer intelligence platform for business technology. Comprehensive product information, in-depth customer insights and peer conversations enable buyers to make confident decisions. “Earning a Top Rated Award means the vendor has excellent customer satisfaction and proven credibility. It’s based entirely on reviews and customer sentiment,” said Becky Susko, TrustRadius, Marketing Program Manager of Awards. Top Rated Awards have to be earned: Gain 10+ new reviews in the past 12 months Earn a trScore of 7.5 or higher from…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters