Rework Molecule scenarios to work with non-root users (sudo)

.github/workflows/ci.yml

@@ -1,26 +1,26 @@
----        
-name: CI   
-           
-on:        
+---
+name: CI
+
+on:
   pull_request:
-  push:    
+  push:
     branches:
       - main
-           
-jobs:      
-  test:    
+
+jobs:
+  test:
     name: molecule
     runs-on: ubuntu-latest
-           
-    steps: 
+
+    steps:
       - name: Checkout the codebase.
         uses: actions/checkout@v2
-           
+
       - name: Set up Python3.
         uses: actions/setup-python@v2
         with:
           python-version: '3.10'
-           
+
       - name: Install testing dependencies.
         run: |
           python -m pip install --upgrade pip
@@ -32,10 +32,40 @@ jobs:
           ansible-lint --version
           ansible-lint -v
 
+      - name: Set up Python ${{ matrix.python_version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python_version }}
+          cache: 'pip'
+
+      - name: Install ansible and molecule
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 5
+          retry_wait_seconds: 60
+          max_attempts: 3
+          command: |
+            python -m pip install --upgrade pip
+            pip install --progress-bar off 'molecule>=5.0.1' 'molecule-plugins[docker]>=23.0.0' ansible-core==${{ matrix.ansible_version }}
+            if [ -f ansible_collections/${{ inputs.fqcn }}/requirements.txt ]; then
+              echo "=== Installing python deps"
+              pip install --progress-bar off -r ansible_collections/${{ inputs.fqcn }}/requirements.txt
+            fi
+            if [ -f ansible_collections/${{ inputs.fqcn }}/requirements.yml ]; then
+              echo "=== Installing dependencies"
+              ansible-galaxy collection install -r ansible_collections/${{ inputs.fqcn }}/requirements.yml -p /home/runner/.ansible/collections --force-with-deps
+            fi
+            if [ -f ansible_collections/${{ inputs.fqcn }}/molecule/requirements.yml ]; then
+              echo "=== Installing test dependencies"
+              ansible-galaxy role install -r ansible_collections/${{ inputs.fqcn }}/molecule/requirements.yml ||:
+              ansible-galaxy collection install -r ansible_collections/${{ inputs.fqcn }}/molecule/requirements.yml -p /home/runner/.ansible/collections
+            fi
+            exit 0
+
       - name: "Run molecule tests"
         run: molecule test --all
         env:
           PY_COLORS: '1'
           ANSIBLE_FORCE_COLOR: '1'
-          MOLECULE_DISTRO: rhel-8               
+          MOLECULE_DISTRO: rhel-8
         working-directory: '.'

molecule/account/molecule.yml

@@ -1,10 +1,4 @@
 ---
-dependency:
-  name: galaxy
-  options:
-    ignore-certs: True
-    ignore-errors: True
-    requirements-file: molecule/default/requirements.yml
 driver:
   name: podman
 platforms:
@@ -17,18 +11,25 @@ platforms:
       - sudo
 provisioner:
   name: ansible
+  config_options:
+    defaults:
+      interpreter_python: auto_silent
+    ssh_connection:
+      pipelining: false
   playbooks:
+    prepare: prepare.yml
     converge: converge.yml
     verify: verify.yml
   env:
+    ANSIBLE_FORCE_COLOR: "true"
     ANSIBLE_ROLES_PATH: "../../roles"
 verifier:
   name: ansible
 scenario:
   test_sequence:
-    - dependency
     - cleanup
     - destroy
+    - syntax
     - create
     - prepare
     - converge

molecule/account/prepare.yml

@@ -0,0 +1,8 @@
+---
+- name: Prepare
+  hosts: all
+  gather_facts: yes
+  tasks:
+
+    - name: "Include common prepare tasks"
+      ansible.builtin.include_tasks: ../prepare.yml

molecule/account/verify.yml

@@ -1,6 +1,7 @@
 ---
 - name: Verify for account role
   hosts: all
+  become: yes
   vars_files:
     - vars.yml
   gather_facts: false

molecule/aphrodite/converge.yml

@@ -1,6 +1,7 @@
 ---
 - name: Converge
   hosts: all
+  become: yes
   vars_files:
     - vars.yml
 

molecule/aphrodite/prepare.yml

@@ -1,25 +1,24 @@
 ---
 - name: Prepare
   hosts: all
+  gather_facts: yes
   vars_files:
     - vars.yml
   tasks:
-    - name: Add the user jenkins
-      ansible.builtin.user:
-        name: jenkins
 
-    - name: Creates directory
-      ansible.builtin.file:
-        path: /opt/tools
-        state: directory
-        owner: jenkins
-        group: jenkins
-        mode: 0644
+    - name: "Include common prepare tasks"
+      ansible.builtin.include_tasks: ../prepare.yml
+      vars:
+        users:
+          - "{{ aphrodite_user }}"
+        dirs:
+          - { path: /opt/tools, owner: "{{ aphrodite_user }}", group: "{{ aphrodite_user }}" }
 
     - name: "Deploy aphrodite configuration to {{ aphrodite.path }}"
+      become: yes
       ansible.builtin.template:
         src: "../../roles/aphrodite/templates/aphrodite.json.j2"
         dest: "{{ aphrodite.path }}"
-        owner: jenkins
-        group: jenkins
+        owner: "{{ aphrodite_user }}"
+        group: "{{ aphrodite_user }}"
         mode: 0644

molecule/aphrodite/vars.yml

@@ -1,4 +1,5 @@
 ---
+aphrodite_user: jenkins
 aphrodite:
   trackers:
     bugzilla:

molecule/aphrodite/verify.yml

@@ -1,6 +1,7 @@
 ---
 - name: Verify for aphrodite role
   hosts: all
+  become: yes
   vars_files:
     - vars.yml
   gather_facts: false

molecule/bashrc/molecule.yml

@@ -20,7 +20,7 @@ provisioner:
   playbooks:
     converge: converge.yml
     verify: verify.yml
-    prepare: ../prepare.yml
+    prepare: prepare.yml
   env:
     ANSIBLE_ROLES_PATH: "../../roles"
 verifier:

molecule/bashrc/prepare.yml

@@ -0,0 +1,8 @@
+---
+- name: Prepare
+  hosts: all
+  gather_facts: yes
+  tasks:
+
+    - name: "Include common prepare tasks"
+      ansible.builtin.include_tasks: ../prepare.yml

molecule/cron/molecule.yml

@@ -1,10 +1,4 @@
 ---
-dependency:
-  name: galaxy
-  options:
-    ignore-certs: True
-    ignore-errors: True
-    requirements-file: molecule/default/requirements.yml
 driver:
   name: podman
 platforms:
@@ -17,6 +11,11 @@ platforms:
       - sudo
 provisioner:
   name: ansible
+  config_options:
+    defaults:
+      interpreter_python: auto_silent
+    ssh_connection:
+      pipelining: false
   playbooks:
     converge: converge.yml
     verify: verify.yml
@@ -27,9 +26,9 @@ verifier:
   name: ansible
 scenario:
   test_sequence:
-    - dependency
     - cleanup
     - destroy
+    - syntax
     - create
     - prepare
     - converge

molecule/cron/prepare.yml

@@ -1,13 +1,15 @@
 ---
 - name: Prepare
   hosts: all
+  gather_facts: yes
   vars_files:
     - vars.yml
   tasks:
-    - name: Creates directory
-      ansible.builtin.file:
-        path: /opt/tools
-        state: directory
-        owner: root
-        group: root
-        mode: 0745
+
+    - name: "Include common prepare tasks"
+      ansible.builtin.include_tasks: ../prepare.yml
+      vars:
+        users:
+          - "{{ aphrodite_user }}"
+        dirs:
+          - { path: '/opt/tools', mode: '0745' }

molecule/fast_yum_install/converge.yml

@@ -1,6 +1,7 @@
 ---
 - name: Converge
   hosts: all
+  become: yes
   vars_files:
     - vars.yml
   tasks:

molecule/fast_yum_install/molecule.yml

@@ -18,6 +18,7 @@ platforms:
 provisioner:
   name: ansible
   playbooks:
+    prepare: prepare.yml
     converge: converge.yml
     verify: verify.yml
   env:

molecule/fast_yum_install/prepare.yml

@@ -0,0 +1,8 @@
+---
+- name: Prepare
+  hosts: all
+  gather_facts: yes
+  tasks:
+
+    - name: "Include common prepare tasks"
+      ansible.builtin.include_tasks: ../prepare.yml

molecule/git/prepare.yml

@@ -1,16 +1,15 @@
 ---
 - name: Prepare
   hosts: all
+  gather_facts: yes
   vars_files:
     - vars.yml
   tasks:
-    - name: Add the user jenkins
-      ansible.builtin.user:
-        name: jenkins
-    - name: Creates directory
-      ansible.builtin.file:
-        path: /home/jenkins
-        state: directory
-        owner: jenkins
-        group: jenkins
-        mode: 0644
+
+    - name: "Include common prepare tasks"
+      ansible.builtin.include_tasks: ../prepare.yml
+      vars:
+        users:
+          - "{{ git_user }}"
+        dirs:
+          - { path: /home/jenkins, owner: "{{ git_user }}", group: "{{ git_user }}" }

molecule/git/vars.yml

@@ -1,4 +1,5 @@
 ---
+git_user: jenkins
 git:
   ssl:
     verify: false
@@ -10,4 +11,4 @@ git:
     - user: jenkins
       email: [email protected]
       name: "JBoss SET"
-      home: "/home/jenkins/"
+      home: "/home/jenkins/"

molecule/hosts/converge.yml

@@ -1,6 +1,7 @@
 ---
 - name: Converge
   hosts: all
+  become: yes
   vars_files:
     - vars.yml
   tasks:

molecule/hosts/prepare.yml

@@ -1,21 +1,17 @@
 ---
 - name: Prepare
   hosts: all
+  gather_facts: yes
   vars_files:
     - vars.yml
   tasks:
+    - name: "Include common prepare tasks"
+      ansible.builtin.include_tasks: ../prepare.yml
+      vars:
+        dirs:
+          - { path: /etc/fake_hosts, state: touch, mode: 0644 }
+          - { path: /etc/real_hosts, state: touch, mode: 0644 }
+
     - name: "Include fast_yum_install"
       ansible.builtin.include_role:
         name: "fast_yum_install"
-
-    - name: Creates /etc/fake_hosts directory
-      ansible.builtin.file:
-        path: /etc/fake_hosts
-        state: touch
-        mode: 0644
-
-    - name: Creates /etc/real_hosts directory
-      ansible.builtin.file:
-        path: /etc/real_hosts
-        state: touch
-        mode: 0644

molecule/hosts/verify.yml

@@ -1,6 +1,7 @@
 ---
 - name: Verify for hosts role
   hosts: all
+  become: yes
   vars_files:
     - vars.yml
   gather_facts: false