Use SSH key to molecule tests

vitabaks · Dec 10, 2024 · 5d56206 · 5d56206
1 parent e4db810
commit 5d56206
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 79 deletions.
diff --git a/.config/molecule/config.yml b/.config/molecule/config.yml
@@ -18,6 +18,10 @@ provisioner:
       group_vars: ../../group_vars/
   playbooks:
     prepare: prepare.yml
+  connection_options:
+    ansible_ssh_common_args: '-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'
+    ansible_private_key_file: "~/.ssh/molecule_rsa"
+    ansible_user: "root"
 
 scenario:
   create_sequence:

diff --git a/automation/molecule/default/converge.yml b/automation/molecule/default/converge.yml
@@ -4,83 +4,6 @@
   gather_facts: true
 
   tasks:
-    - name: Ensure sudo group exists
-      become: true
-      become_method: su
-      ansible.builtin.group:
-        name: sudo
-        state: present
-      when: ansible_os_family == "RedHat"
-
-    - name: Allow passwordless sudo for users in sudo group
-      become: true
-      become_method: su
-      ansible.builtin.lineinfile:
-        path: /etc/sudoers
-        state: present
-        regexp: '^%sudo'
-        line: '%sudo ALL=(ALL) NOPASSWD: ALL'
-        validate: 'visudo -cf %s'
-      when: ansible_os_family == "RedHat"
-
-    - name: Ensure ansible user is part of sudo group
-      become: true
-      become_method: su
-      ansible.builtin.user:
-        name: "{{ ansible_facts.user | default('root') }}"
-        groups: sudo
-        append: true
-      when: ansible_os_family == "RedHat"
-
-    - name: Ensure authselect is installed
-      become: true
-      become_method: su
-      ansible.builtin.package:
-        name: authselect
-        state: present
-      when: ansible_os_family == "RedHat"
-
-    - name: Apply authselect changes if available
-      become: true
-      become_method: su
-      ansible.builtin.command: authselect apply-changes
-      ignore_errors: true
-      when: ansible_os_family == "RedHat"
-
-    - name: Check and fix PAM configuration for sudo
-      become: true
-      become_method: su
-      ansible.builtin.lineinfile:
-        path: /etc/pam.d/sudo
-        state: present
-        regexp: '^auth.*pam_unix.so'
-        line: 'auth sufficient pam_unix.so'
-      when: ansible_os_family == "RedHat"
-
-    - name: Test sudo without password
-      ansible.builtin.command: sudo -n true
-      register: sudo_test
-      ignore_errors: true
-      when: ansible_os_family == "RedHat"
-
-    - name: Debug sudo test result
-      ansible.builtin.debug:
-        var: sudo_test
-      when: ansible_os_family == "RedHat"
-
-    - name: Check if SELinux is installed
-      become: true
-      ansible.builtin.command: which setenforce
-      register: selinux_check
-      ignore_errors: true
-      when: ansible_os_family == "RedHat"
-
-    - name: Ensure SELinux is permissive (if installed)
-      become: true
-      ansible.builtin.command: setenforce 0
-      ignore_errors: true
-      when: ansible_os_family == "RedHat"
-
     - name: Set variables for PostgreSQL Cluster deployment test
       ansible.builtin.set_fact:
         firewall_enabled_at_boot: false

diff --git a/automation/molecule/default/prepare.yml b/automation/molecule/default/prepare.yml
@@ -1,7 +1,7 @@
 ---
 - name: "Update docker network(s)"
   hosts: localhost
-  gather_facts: false
+  gather_facts: true
   become: false
   tasks:
     - name: "Create docker network: test_docker_network"
@@ -23,8 +23,34 @@
     - name: "Install netaddr dependency on controlling host"
       ansible.builtin.pip:
         name: netaddr
-      become: false
       environment:
         PIP_BREAK_SYSTEM_PACKAGES: "1"
 
+    - name: Generate molecule SSH key on control node
+      ansible.builtin.user:
+        name: "{{ ansible_facts.user }}"
+        generate_ssh_key: true
+        ssh_key_bits: 2048
+        ssh_key_file: ~/.ssh/molecule_rsa
+
+- name: Prepare instances for Molecule
+  hosts: all
+  become: true
+  become_method: su
+  tasks:
+    - name: Ensure SSH client package is installed
+      ansible.builtin.package:
+        name: "{{ ssh_client_package }}"
+        state: present
+      vars:
+        ssh_client_package: "{{ 'openssh-client' if ansible_os_family == 'Debian' else 'openssh-clients' }}"
+
+    - name: Copy public SSH key to molecule instances
+      ansible.builtin.copy:
+        src: ~/.ssh/molecule_rsa.pub
+        dest: /root/.ssh/authorized_keys
+        owner: root
+        group: root
+        mode: '0600'
+
 ...