#61: Add GitHub Action to lint and test all Ansible collections

.github/workflows/main.yml

@@ -0,0 +1,196 @@
+---
+name: CI
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - '**.yml'
+      - '**.yaml'
+  pull_request:
+    paths:
+      - '**.yml'
+      - '**.yaml'
+  schedule:
+    - cron: "0 7 * * 1"
+
+jobs:
+  lint:
+    name: Run Ansible Lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python 3
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install Ansible, Ansible-Lint, Molecule and dependencies
+        run: pip3 install ansible ansible-lint
+
+      - name: Run ansible-lint
+        run: ansible-lint
+
+  molecule_zookeeper_default:
+    uses: ./.github/workflows/test-molecule.yml
+    needs: lint
+    with:
+      collection_path: bigdata/zookeeper
+      scenario: default
+
+  molecule_zookeeper_ha_setup:
+    uses: ./.github/workflows/test-molecule.yml
+    needs:
+      - lint
+      - molecule_zookeeper_default
+    with:
+      collection_path: bigdata/zookeeper
+      scenario: ha_setup
+
+  molecule_ldap_default:
+    uses: ./.github/workflows/test-molecule.yml
+    needs:
+      - lint
+      - molecule_zookeeper_default
+      - molecule_zookeeper_ha_setup
+    with:
+      collection_path: authorization/ldap
+      scenario: default
+
+  molecule_ldap_ha_setup:
+    uses: ./.github/workflows/test-molecule.yml
+    needs:
+      - lint
+      - molecule_zookeeper_default
+      - molecule_zookeeper_ha_setup
+      - molecule_ldap_default
+    with:
+      collection_path: authorization/ldap
+      scenario: ha_setup
+
+  molecule_kerberos_default:
+    uses: ./.github/workflows/test-molecule.yml
+    needs:
+      - lint
+      - molecule_zookeeper_default
+      - molecule_zookeeper_ha_setup
+      - molecule_ldap_default
+      - molecule_ldap_ha_setup
+    with:
+      collection_path: authentication/kerberos
+      scenario: default
+
+  molecule_kerberos_ha_setup:
+    uses: ./.github/workflows/test-molecule.yml
+    needs:
+      - lint
+      - molecule_zookeeper_default
+      - molecule_zookeeper_ha_setup
+      - molecule_ldap_default
+      - molecule_ldap_ha_setup
+      - molecule_kerberos_default
+    with:
+      collection_path: authentication/kerberos
+      scenario: ha_setup
+
+  molecule_postgres_default:
+    uses: ./.github/workflows/test-molecule.yml
+    needs:
+      - lint
+      - molecule_zookeeper_default
+      - molecule_zookeeper_ha_setup
+      - molecule_ldap_default
+      - molecule_ldap_ha_setup
+      - molecule_kerberos_default
+      - molecule_kerberos_ha_setup
+    with:
+      collection_path: rdbms/postgres
+      scenario: default
+
+  molecule_postgres_ha_setup:
+    uses: ./.github/workflows/test-molecule.yml
+    needs:
+      - lint
+      - molecule_zookeeper_default
+      - molecule_zookeeper_ha_setup
+      - molecule_ldap_default
+      - molecule_ldap_ha_setup
+      - molecule_kerberos_default
+      - molecule_kerberos_ha_setup
+      - molecule_postgres_default
+    with:
+      collection_path: rdbms/postgres
+      scenario: ha_setup
+
+  molecule_hdfs_default:
+    uses: ./.github/workflows/test-molecule.yml
+    needs:
+      - lint
+      - molecule_zookeeper_default
+      - molecule_zookeeper_ha_setup
+      - molecule_ldap_default
+      - molecule_ldap_ha_setup
+      - molecule_kerberos_default
+      - molecule_kerberos_ha_setup
+      - molecule_postgres_default
+      - molecule_postgres_ha_setup
+    with:
+      collection_path: hadoop/hdfs
+      scenario: default
+
+  molecule_hdfs_ha_setup:
+    uses: ./.github/workflows/test-molecule.yml
+    needs:
+      - lint
+      - molecule_zookeeper_default
+      - molecule_zookeeper_ha_setup
+      - molecule_ldap_default
+      - molecule_ldap_ha_setup
+      - molecule_kerberos_default
+      - molecule_kerberos_ha_setup
+      - molecule_postgres_default
+      - molecule_postgres_ha_setup
+      - molecule_hdfs_default
+    with:
+      collection_path: hadoop/hdfs
+      scenario: ha_setup
+
+  molecule_yarn_default:
+    uses: ./.github/workflows/test-molecule.yml
+    needs:
+      - lint
+      - molecule_zookeeper_default
+      - molecule_zookeeper_ha_setup
+      - molecule_ldap_default
+      - molecule_ldap_ha_setup
+      - molecule_kerberos_default
+      - molecule_kerberos_ha_setup
+      - molecule_postgres_default
+      - molecule_postgres_ha_setup
+      - molecule_hdfs_default
+      - molecule_hdfs_ha_setup
+    with:
+      collection_path: hadoop/yarn
+      scenario: default
+
+  molecule_yarn_ha_setup:
+    uses: ./.github/workflows/test-molecule.yml
+    needs:
+      - lint
+      - molecule_zookeeper_default
+      - molecule_zookeeper_ha_setup
+      - molecule_ldap_default
+      - molecule_ldap_ha_setup
+      - molecule_kerberos_default
+      - molecule_kerberos_ha_setup
+      - molecule_postgres_default
+      - molecule_postgres_ha_setup
+      - molecule_hdfs_default
+      - molecule_hdfs_ha_setup
+      - molecule_yarn_default
+    with:
+      collection_path: hadoop/yarn
+      scenario: ha_setup

.github/workflows/test-molecule.yml

@@ -0,0 +1,30 @@
+# .github/workflows/test-molecule.yml
+name: Molecule test (reusable)
+
+on:
+  workflow_call:
+    inputs:
+      collection_path:
+        required: true
+        type: string
+      scenario:
+        required: false
+        type: string
+        default: default
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+      - run: pip install ansible molecule molecule-plugins[docker] docker
+      - name: Run Molecule scenario
+        working-directory: collections/ansible_collections/${{ inputs.collection_path }}/extensions
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+          ANSIBLE_COLLECTIONS_PATH: ${{ github.workspace }}/collections
+        run: molecule test -s ${{ inputs.scenario }}

CHANGELOG.md

@@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
+- communitylab#61: Add GitHub Action to lint and test all Ansible collections
 - communitylab#59: Upgrading to PostgreSQL 17
 - communitylab#57: Add new kernels for JupyterLab and upgrade software components
 - communitylab#55: Enable /bin/bash as default shell in JupyterLab

ansible.cfg

@@ -7,7 +7,6 @@ force_valid_group_names = silently
 interpreter_python = /usr/bin/python3
 retry_files_enabled = False
 inventory = ./inventory
-vault_password_file = ~/.vault_pass.txt
 private_key_file = ~/.ssh/id_rsa
 collections_path = ./collections/ansible_collections
 roles_path = ./roles

collections/ansible_collections/authentication/kerberos/extensions/molecule/default/molecule.yml

@@ -1,4 +1,17 @@
 ---
+scenario:
+  name: default
+  test_sequence:
+    - cleanup
+    - destroy
+    - syntax
+    - create
+    - prepare
+    - converge
+    - verify
+    - cleanup
+    - converge
+    - destroy
 dependency:
   name: galaxy
   options:
@@ -21,3 +34,9 @@ provisioner:
     vvv: false
   playbooks:
     converge: converge.yml
+  inventory:
+    group_vars:
+      all:
+        molecule_deployment: true
+        realm: COMMUNITY.LAB
+        domain: example.com

collections/ansible_collections/authentication/kerberos/extensions/molecule/ha_setup/molecule.yml

@@ -1,4 +1,17 @@
 ---
+scenario:
+  name: ha_setup
+  test_sequence:
+    - cleanup
+    - destroy
+    - syntax
+    - create
+    - prepare
+    - converge
+    - verify
+    - cleanup
+    - converge
+    - destroy
 dependency:
   name: galaxy
   options:
@@ -52,11 +65,11 @@ provisioner:
           - /tmp/selfsigned_certs/{{ ansible_fqdn }}/cert.pem
           - /tmp/selfsigned_certs/{{ ansible_fqdn }}/chain.pem
           - /tmp/selfsigned_certs/{{ ansible_fqdn }}/key.pem
-        certs_dest:
+        distribute_certs_dest:
           - cert.pem
           - chain.pem
           - key.pem
-        certs_mode:
+        distribute_certs_mode:
           - "0660"
           - "0660"
           - "0400"

collections/ansible_collections/authentication/kerberos/roles/check/tasks/main.yml

@@ -1,36 +1,41 @@
 ---
 - name: Delete existing test kerberos principal
+  changed_when: true
   ansible.builtin.command: kadmin.local -q "delprinc -force {{ check_kerberos_propagation_principal }}"
   when: "'kerberos1' in group_names"
 
 - name: Block for Kerberos primary KDC
   when: "'kerberos1' in group_names"
   block:
     - name: Create test kerberos principal on primary KDC
+      changed_when: true
       ansible.builtin.command: kadmin.local -q "addprinc -randkey {{ check_kerberos_propagation_principal }}"
 
     - name: Get principals of Kerberos primary KDC
+      changed_when: false
       ansible.builtin.command: kadmin.local -q "listprincs"
       register: kerberos_primary_principals
 
     - name: Print message depending on listprincs output
       ansible.builtin.assert:
-        that: "'{{ check_kerberos_propagation_principal }}@{{ setup_realm }}' in kerberos_primary_principals.stdout"
+        that: "'{{ check_kerberos_propagation_principal }}@{{ realm }}' in kerberos_primary_principals.stdout"
         fail_msg: Kerberos Principal was not created, see Logs for details
         success_msg: Kerberos Principal was successfully created
 
 - name: Block for Kerberos secondary KDC
   when: "'kerberos2' in group_names"
   block:
     - name: Get principals of Kerberos secondary KDC
+      changed_when: false
       ansible.builtin.command: kadmin.local -q "listprincs"
       register: kerberos_secondary_principals
 
     - name: Print message depending on listprincs output
       ansible.builtin.assert:
-        that: "'{{ check_kerberos_propagation_principal }}@{{ setup_realm }}' in kerberos_secondary_principals.stdout"
+        that: "'{{ check_kerberos_propagation_principal }}@{{ realm }}' in kerberos_secondary_principals.stdout"
         fail_msg: Kerberos database replication failed, see Logs for details
         success_msg: Kerberos primary and secondary KDC running and Kerberos database replication successfull
 
 - name: Delete test kerberos principal
+  changed_when: true
   ansible.builtin.command: kadmin.local -q "delprinc -force {{ check_kerberos_propagation_principal }}"

collections/ansible_collections/authentication/kerberos/roles/keytab/defaults/main.yml

@@ -1,3 +1,8 @@
 ---
 keytab_user: "{% if keytab.keytab_user is defined %}{{ keytab.keytab_user }}{% else %}{{ keytab.principal }}{% endif %}"
 keytab_group: "{{ ide_services_group | default('root') }}"
+keytab_hdfs:
+  - principal: "{{ hdfs_user }}"
+    keytab_user: "{{ hdfs_user }}"
+  - principal: HTTP
+    keytab_user: "{{ hdfs_user }}"