The Molecule test framework is used for integration testing. https://github.com/ansible-community/molecule.
Install Gcloud SDK
Install Ansible, Molecule, Molecule GCE driver, and dependencies.
pip install -r requirements.txt
export PATH=~/.local/bin:$PATH
ansible-galaxy collection install google.cloud
ansible-galaxy collection install community.cryptoConfigure Project
gcloud compute project-info add-metadata --metadata enable-oslogin=TRUE- Enable api
IAM Service Account Credentials API
Google Cloud Service Account
- Create a GCP service account with the following roles:
- Compute Admin
- Compute OS Admin Login
- Service Account User
- Create and download the service accounts json key
- Create ssh keypair for service account
ssh-keygen -f ssh-key-ansible-sa
- Authenticate as the service account and bind the ssh keypair
gcloud --project <project id> auth activate-service-account --key-file=<pat to service account json keygcloud --project <project id> compute os-login ssh-keys add --key-file=ssh-key-ansible-sa.pub
- Get the service account's id to determine the ssh username
gcloud --project <project id> iam service-accounts describe <service account's email> --format='value(uniqueId)'- For example, id of
1066277234963989999would be username:sa_1066277234963989999
Export the following environment variables using a .env file in the repo's root directory:
export GCP_PROJECT_ID=<project id>
export GOOGLE_APPLICATION_CREDENTIALS=<path to service account json key>
export SSH_KEY_FILE=<path to private ssh key used by gcp service account>
export SSH_USER=sa_<service account's id>
export GCP_AUTH_KIND=serviceaccount
NOTE: SSH_USER is prefixed with sa_.
Make sure gcloud ssh is configured
Testing will use the service account for instance deployment and your personal account for ssh and executing ansible.
- molecule create
- molecule converge
- molecule idempotence
- molecule verify
- molecule destroy