Validating ansible playbooks with Vagrant in open source projects

At AdoptOpenJDK we do everything we can in the open. The source code is in the open, all of the testing we run is in the open, and the machine configuration is all performed via Ansible. We let anyone contribute to any part of this. While this is a great way to work it can cause some issues. Notably we have had situations where changes have been made but they have had undesirable side effects. For example if a change is put in on one platform (e.g.  one particular Linux distribution) it may cause unintended side effects on others.

In order to fully mitigate these possibilities we have implemented a Vagrant-based solution for validating playbooks on Linux and Windows. If you're not familiar with it, Vagrant is a command-line based solution which utilises virtualisation software on your machine (VirtualBox, KVM, Parallels, Hyper-V, VMware) to create and manage VMs. We use this to create virtual machines of varying distributions, run the playbooks on  them, then run a java build and basic java test using our test harnesses to validate that the machine is configured appropriately. The flow is as follows:

  1. Create a virtual machine with the appropriate operating system
  2. Run the ansible playbooks against the virtual machine
  3. Run a build of Java against the virtual machine to validate that the playbooks have configured the machine correctly
  4. Run a basic test to ensure that the machine is configured in a way that allows the test harnesses to work
By doing this across multiple operating systems in the virtual machines, we can validate that the playbooks have not got into an unsuitable state. We are currently running this through a jenkins infrastructure where we can point the code at other forks of the github repository which hosts out ansible scripts, this allowing PR reviewers to check for any potential problems prior to integrating.

In the past we have had issues where running the playbooks on an existing pre-configured machine didn't show up any problems (because subtle changes were made that didn't require those parts of the playbooks to get re-executed) but only showed up on clean machines. By using Vagrant we protect ourselves against that because the machines are always configured from a relatively clean state without having had the playbooks run against them. It can take a bit of time (about an hour for the whole lot on a Linux machine, longer on Windows because we have larger prereqs on there) We can almost certainly hook this into some automation later to allow it to automatically run these checks when a new PR is submitted.

For now, this will allow the ansible playbooks we use to be as stable as possible. You can look at the automation we have around this at https://github.com/AdoptOpenJDK/openjdk-infrastructure/tree/master/ansible/pbTestScripts - the "testScript.sh" in there is the one that runs a test given an OS to run against.

Comments

Post a Comment

Popular posts from this blog

macOS - first experiences from a Linux user perspective

Image
(Link to this article on twitter:  https://twitter.com/sxaTech/status/1628064140576059392 ) A while back I took delivery of a Mac Mini M1 system ("2020" model with 16Gb RAM running MacOS 11.6 "Big Sur" (It's now on 12.3). It came with no keyboard, mouse or screen (but I had plenty of them around, including a Unicomp Model M buckling spring keyboard with mac keycaps which I'd acquired a few months previously!) First problem was that the HDMI output didn't seem to want to talk to the 1600x1200 screen I had on my desk, so I switched it over to my 27" 1080p display ... So what's it like to use? I've used macOS systems as servers before but other than a small amount of GUI remote access I hadn't seriously used a desktop system before so I wanted to share "first timer" experience for some common use cases as a developer. Oh, and it's quick. Really quick. Whatever Apple have done in designing the M1 ("Apple Silicon") CP
Read more

Antisocial Networking: List of Top Tips

[Short link to this article if you need it:http://goo.gl/sWOd] Everyone's using social networks these days. Well ok not everyone, the people that don't usually give one of two reasons. Either they don't have time or they think it's all about posting what you had for breakfast. If it replaces other information sources in your life (e.g. using social networking instead of reading news feeds) then it doesn't have to take any extra time. The second reason, well, possibly valid, so here are my tips on how to make your social networking activities worthwhile I often see updates that are of no interest to me whatsoever, or I see things that just don't make sense. So here are my top tips to avoid for 'status updates' on social networking services to avoid me disconnecting from you. Don't be an antisocial networker: Status updates that don't stand alone - If I need a whole bunch of background information that only exists in your head instead of o
Read more

Customer service: contacting banks via the internet - how hard can it be?

I've recently spent quite a bit of time contacting banks via the internet to ask a question to them. Bearing in mind that it is the 21st Century and that email and the internet are no longer 'shiny and new' you would hope that communicating with a company online would be easy, wouldn't you? I was initially trying to contact banks as though I wasn't a customer, just to make an enquiry about a security issue. For some reason, this wasn't as straightforward as expected. I hope this information is useful to anyone who wants to decide on a bank to deal with based on more than just headline interest rates. Also, have you noticed how many banks don't let you have special characters on their web sites, including passwords in some cases? Seems a bit backwards these days to not allow better password choices for protecting your finances. I'll share my experiences: Barclays Contact was via this online form . You get a confirmation email that your message has been r
Read more