Skip to content

Small changes for testing some roles in local containers

I've been setting up local containers so that I can run Ansible tasks in them and test some roles used in production. I'm mostly interested in testing the archwiki role, but I think the approach would be very useful also for testing other services. It was not trivial for me and I spent couple of days just setting up containers, so I made a repo: lahwaacz/infrastructure-testing. So far there are some scripts for setting up Docker and systemd-nspawn containers (not sure which one is better, each has its pros and cons), but if you guys have your own setups or workflows or tools for testing the infra, it would be nice to collect it all somewhere - I think it would be very useful for new people and it can actually save a lot of time 😉

Anyway, I had to modify some roles to make them run in a local container. Some changes are still work in progress and I still don't know what is the best way to do some things (especially how to avoid HTTPS), but the relatively easy stuff is in this merge request:

  • a typo in the php_fpm handler
  • a default sudo_users list (should it actually be empty?)
  • a hack for a systemd bug in the firewalld role (I don't know if you'd accept this - let me know...)
  • fixed ordering of the archwiki-runjobs.timer after mysqld.service (in the container it was actually starting before mysqld and failing)
  • replaced hardcoded domain in archwiki's config snippet for nginx
  • added dependency of the archwiki role on nginx (otherwise nginx was not properly reloaded when deploying just archwiki)
  • removed a duplicate task from the mariadb role which is actually done in the zabbix_agent role (there is still one case of a hardcoded value which should be taken from a variable, see the FIXME note)
  • override smartd.service with ConditionVirtualization=no to make the common role work inside containers (upstream ticket)
  • moved fastcgi cache configuration from the nginx role to the archwiki role
  • replaced the restart nginx handler with reload nginx

Please let me know what you think about the changes, I hope they are generally acceptable. Also, is a merge request like this OK or should I split it into smaller ones (e.g. one per role)?

Edited by Jakub Klinkovský

Merge request reports