1

I created an example role project with this command:

 molecule init role cranberry --driver-name docker

If you pull it:

git clone git@github.com:natemarks/cranberry.git

and run it:

make clean-venv && make molecule-test

It should set up the virtualenv and run the test successfully because it uses the project directory name 'cranberry' as the role name. If I want to override that so that my role_name is still 'cranberry' but my project directory is 'role-cranberry'. I should be able to just rename/move the project directory to 'role-cranberry' and set meta/main.yaml role_name: cranberry. This doesn't work.

similarly , I should be able to break the test without changing the project directory by just adding some garbage value to meta/main.yml role_name,like;

galaxy_info:
  role_name: badrole

but that doesn't work either.

I think I'm using the latest python packages. Thanks in advance for tips

Nate Marks
  • 197
  • 1
  • 6
  • I think I cna reproduce the problem on one of geerlign's repositories, too. https://github.com/geerlingguy/ansible-role-security – Nate Marks Feb 05 '22 at 12:23
  • I think I can reproduce the problem on one of geerling's repositories, too. https://github.com/geerlingguy/ansible-role-security. running molecule test there also fails to find the role s defined in meta/main.yml and only works if I put the project directory name into the converge.yml – Nate Marks Feb 05 '22 at 12:35
  • Molecule adds the current directory (i.e. your role dir) in the roles search path. From there ansible just looks for roles based on the directory name. The metadata role_name is only used by galaxy (i.e. the online service) when it imports the role and if you later download it on fresh install, it will be stored in a folder after its name. If you rename that folder manually, the role will not be found (unless you also change the name with which you use it). In other words, it's not a bug, it's a feature. – Zeitounator Feb 05 '22 at 18:02
  • I don't think that can be right. the converge.yml in geerling's repo clearly uses the meta namespace and role name instead of the directory name – Nate Marks Feb 05 '22 at 21:26
  • You don't have to take my word for it and you can read the molecule source code to see how this is handled from your own eyes (I did a while ago). Regarding Jeff Geerling's role you give as an example, you are mixing up the **git repository** name and the final target dir which should have the same name as the role. As a simple test, dummy clone the role (which will have the same name as repo), run `molecule test` inside it, show it fail because it does not find the role. Rename the cloned dir to `geerlingguy.security`, run `molecule test` again, and watch the full test taking place. – Zeitounator Feb 06 '22 at 10:14
  • And as a last comment: please see the [working directory name used in the above example role's ci](https://github.com/geerlingguy/ansible-role-security/blob/a11a0d3948de686454bafc754e26e9e26a3118b5/.github/workflows/ci.yml#L13) and also the [path used to checkout the code prior to testing](https://github.com/geerlingguy/ansible-role-security/blob/a11a0d3948de686454bafc754e26e9e26a3118b5/.github/workflows/ci.yml#L53) – Zeitounator Feb 06 '22 at 10:49
  • ohhh, I see now. thanks for the excellent (and patient !) explanation. – Nate Marks Feb 06 '22 at 11:50

1 Answers1

0

You are mixing up two things: the repository name in which the role is versioned remotely and the directory name in which the role is stored on your disk and which makes-up the name by which ansible knows that role on your local machine.

The role_name in your metadata only gives an indication to https://galaxy.ansible.com (i.e. the online service) of which name it should use when importing it. That name will be used later if you install the role from the ansible-galaxy command line (e.g. ansible-galaxy role install geerlingguy.security).

When molecule runs from your current role dir, it adds the current directory to the ANSIBLE_ROLES_PATH. From there, ansible is simply doing a normal role lookup and will know your current role after its containing directory name.

You gave as an example a role and its molecule test security by Jeff Geerling. The git repository name is ansible-role-security.

  • If you do a basic clone (git clone https://github.com/geerlingguy/ansible-role-security) and run the test from the freshly cloned directory (cd ansible-role-security && molecule test), it will fail complaining that geerlingguy.security was not found.
  • If you rename the directory to the expected name (cd .. && mv ansible-role-security geerlinguy.security && cd geerlinguy.security && molecule test), it will now succeed.

Note that the best practice to import such a role is to install it through ansible galaxy either by

  • installing it from the galaxy web site 
    ansible-galaxy role install geerlingguy.security
  • installing it from a git repo using a requirement file
    1. roles/requirements.yml 
      - src: https://github.com/geerlingguy/ansible-role-security
  scm: git
  version: main
  name: geerlingguy.security
    2. Install role keeping the scm metadata (to interact with git, commit...) 
      ansible-galaxy role install -fgr roles/requirements.yaml

To finish with, you can have a look at the ci-pipeline in the same example repository where you will see that the author has forced the working directory name as well as the git clone directory target to align the directory name to what is expected for running the tests.

Zeitounator
  • 38,476
  • 7
  • 53
  • 66