Test Ansible roles with Molecule

One of the advantages of the Configuration Management Tool Ansible is the easy-to-read-and-write code in YAML. This includes the possibility to test the code in an easy way.

Depending on the scope of the written roles, direct execution on the development device is not recommended. Likewise, tests of newly written code should not be executed on the production environment. Therefore, a test system is recommended.

One of Ansible’s best practices is to structure related tasks into roles and keep them parameterizable. This allows the code to be reused in an uncomplicated manner. To test the functionality and autonomy of a role, the “Ansible Molecule” developed by the Ansible Core Team can be used. The role is executed by default on a locally running docker container. Alternatively, the test can be run in a vagrant box or at various cloud providers.

Molecule is mostly based on Ansible. Accordingly, the provider-specific modules supplied with Ansible are also used to provision the test instances.


In order to test an existing role with Ansible, a scenario must be created first:

molecule init scenario -r my-role-name

molecule/default/ contains the primary configuration file molecule.yml, which may look like this:

  name: galaxy
    role-file: requirements.yaml
  name: docker
  name: yamllint
  - name: c6
    image: centos:6
  - name: c7
    image: centos:7
  - name: d10
    image: debian:10
  name: ansible
    name: ansible-lint
  name: testinfra
    name: flake8

Molecule also checks dependencies that must be present before execution. By default, ansible-galaxy is used. You can specify requirements.yml, which lists the required Ansible Galaxy roles. If you need specific Python packages on the Ansible Host for the modules and plugins you use, you can install them using the “shell” Dependency Manager.

To follow best practices, Molecule checks the code with ansible-lint and yamllint before executing.

In the configuration file, it is possible to specify different platforms for testing— for example a docker container with CentOS 7 and Debian 10 as base. Platform-independent code is also one of Ansible’s best practices. Docker is the default provider. Therefore, a docker file is available as a jinja2 template. This can be extended at will.

To verify changes after executing the role, the TestInfra Framework can be used to write test cases.

After initialization, the previously specified platforms can be created using molecule create. The creation of test resources can be verified using molecule list.

A molecule converge is sufficient to execute the role.

If the test cases are not yet 100% automated, it is possible to log in [–host ] to one of the test instances using molecule login and thus manually check the results.

After a successful run, the created instances can be switched off or deleted using molecule destroy.

The complete workflow described above can be executed with the command molecule test.

Like Ansible itself, the entry hurdle for Molecule is relatively low. At the same time, complex applications can be covered by the plug-in structure’s high configurability.

Ansible Training

The Ansible Training – “Fast Track” teaches participants how to manage infrastructures with Ansible as well as the basic concepts and best practices of Ansible. The “Ansible Extended Training” also offers an additional day where the trainer can specifically address individual questions and needs of the participants.

The following two tabs change content below.


Der ATIX-Crew besteht aus Leuten, die in unterschiedlichen Bereichen tätig sind: Consulting, Development/Engineering, Support, Vertrieb und Marketing.

Latest posts by ATIX-Crew (see all)