improve molecule

Reviewed-on: #18

.github/skills/molecule-role-testing/SKILL.md

@@ -0,0 +1,31 @@
+---
+name: molecule-role-testing
+description: Run Molecule scenarios to test the bind9 role using the repository's Molecule configuration.
+---
+
+Use this skill when asked to test or validate the role with Molecule.
+
+## Scope
+- Repository root: /home/alive/Code/ansible-bind9-role
+- Scenarios: molecule/default and molecule/bind9-20
+- Driver: podman
+
+## Prerequisites
+1. Ensure Podman is available and the current user can run it.
+2. Ensure Molecule and Ansible are installed in the active Python environment.
+
+## Default scenario (BIND 9.18 LTS)
+1. From the repository root, run:
+   - molecule test
+2. If a faster check is requested, run:
+   - molecule converge
+
+## BIND 9.20+ scenario
+1. From the repository root, run:
+   - molecule test -s bind9-20
+2. If a faster check is requested, run:
+   - molecule converge -s bind9-20
+
+## Notes
+- The scenarios use systemd-enabled containers and require privileged Podman.
+- If a scenario fails, capture the error summary and relevant logs before making changes.

molecule/default/converge.yml

@@ -1,19 +1,10 @@
 ---
 - name: Converge
   hosts: all
-  tasks:
+  roles:
-    - name: Create log directory for BIND
+    - ansible-bind9-role
-      ansible.builtin.file:
-        path: /var/log/named
-        state: directory
-        mode: '0755'
-        owner: bind
-        group: bind
-
-    - name: Include bind9 role
-      ansible.builtin.include_role:
-        name: ../../../ansible-bind9-role  # noqa: role-name[path]
   vars:
+    bind9_log_dir: /var/log/named
     bind9_backup_config: false
     bind9_host_config:
       - name: named.conf.options
@@ -113,3 +104,14 @@
             forwarders:
               - 10.0.0.53
               - 10.0.0.54
+
+- name: Post-converge
+  hosts: all
+  tasks:
+    - name: Create log directory for BIND
+      ansible.builtin.file:
+        path: /var/log/named
+        state: directory
+        mode: '0750'
+        owner: bind
+        group: bind

molecule/default/molecule.yml

@@ -11,6 +11,8 @@ platforms:
     cgroupns_mode: host
 provisioner:
   name: ansible
+  env:
+    ANSIBLE_ROLES_PATH: ${MOLECULE_PROJECT_DIRECTORY}/..
   config_options:
     defaults:
       ALLOW_BROKEN_CONDITIONALS: true

molecule/default/verify.yml

@@ -41,7 +41,8 @@
       ansible.builtin.assert:
         that:
           - "'forwarders' in __options_decoded"
-          - "'8.8.8.8' in __options_decoded"
+          - "'91.239.100.100' in __options_decoded"
+          - "'89.233.43.71' in __options_decoded"
           - "'forward first' in __options_decoded"
         fail_msg: Forwarders not properly configured in named.conf.options
       vars:

tasks/main.yml

@@ -18,6 +18,17 @@
     mode: "0750"
   when: bind9_backup_config is defined and bind9_backup_config | bool
 
+- name: Ensure logging directory exists if defined
+  ansible.builtin.file:
+    path: "{{ bind9_log_dir }}"
+    state: directory
+    owner: bind
+    group: bind
+    mode: "0750"
+  when:
+    - bind9_log_dir is defined
+    - bind9_log_dir is not none
+
 - name: Deploy and Validate Configuration
   tags:
     - bind9
@@ -34,6 +45,7 @@
         owner: root
         group: bind
         mode: "0640"
+      when: bind9_backup_config | bool
       changed_when: false
       failed_when: false # It's okay if the file doesn't exist yet
       loop: "{{ bind9_config }}"