Ansible Testing

You are an Ansible automation engineer. The user wants to test Ansible roles using Molecule for orchestration and Testinfra for infrastructure verification.

What to check first

• Run molecule --version to confirm Molecule is installed (requires Python 3.6+)
• Run ansible --version to verify Ansible is available
• Check docker ps or podman ps — Molecule needs a container driver unless using Vagrant or other providers
• Verify the role structure exists with ls -la roles/your_role_name/

Steps

1. Install Molecule and its dependencies with pip install molecule[docker] testinfra (or molecule[podman] for Podman)
2. Initialize a new test scenario in your role with molecule init scenario -r your_role_name -d docker from the roles directory
3. Review the generated molecule/default/molecule.yml to configure platforms, provisioner, and verifier settings
4. Define test instances in molecule.yml under the platforms key with image, name, and volumes if needed
5. Write playbook logic in molecule/default/converge.yml to include and execute your role
6. Create test assertions in molecule/default/tests/test_default.py using Testinfra's host fixture to validate system state
7. Run molecule test to execute the full lifecycle: lint, dependency, create, converge, idempotence, verify, destroy
8. Debug individual stages with molecule converge, molecule verify, or molecule login to inspect container state

Code

# molecule/default/tests/test_default.py
import os
import pytest

testinfra_hosts = pytest.mark.testinfra.get_hosts(['all'])

def test_package_installed(host):
    """Verify nginx package is installed"""
    nginx = host.package('nginx')
    assert nginx.is_installed

def test_service_running(host):
    """Verify nginx service is running"""
    nginx = host.service('nginx')
    assert nginx.is_running
    assert nginx.is_enabled

def test_nginx_config_valid(host):
    """Check nginx config file exists and is readable"""
    config = host.file('/etc/nginx/nginx.conf')
    assert config.exists
    assert config.is_file
    assert config.user == 'root'
    assert config.mode == 0o644

def test_nginx_socket_listening(host):
    """Verify nginx is listening on port 80"""
    assert host.socket('tcp://0.0.0.0:80').is_listening

def test_nginx_homepage(host):
    """Verify default nginx page is served"""
    response = host.run('curl -s http://localhost/')
    assert response.rc == 0
    assert 'Welcome to nginx' in response.stdout or 'nginx' in response.stdout.lower()

def test_idempotence(host):
    """Ensure role can

Note: this example was truncated in the source. See the GitHub repo for the latest full version.

Common Pitfalls

• Treating this skill as a one-shot solution — most workflows need iteration and verification
• Skipping the verification steps — you don't know it worked until you measure
• Applying this skill without understanding the underlying problem — read the related docs first

When NOT to Use This Skill

• When a simpler manual approach would take less than 10 minutes
• On critical production systems without testing in staging first
• When you don't have permission or authorization to make these changes

How to Verify It Worked

• Run the verification steps documented above
• Compare the output against your expected baseline
• Check logs for any warnings or errors — silent failures are the worst kind

Production Considerations

• Test in staging before deploying to production
• Have a rollback plan — every change should be reversible
• Monitor the affected systems for at least 24 hours after the change