It took me quite some time with a lot of trial-and-error but finally I got it working.
As a prerequisite you should know that I’m running this within a customers setup, so I don’t have full access and could not easily change GitLab configuration or Runner configuration. That’s one of the reasons why I had to disable TLS configuration because I can’t just hand over certificates from one container to another.
Here’s the most of .gitlab-ci.yml
# Workaround to deactivate TLS on current DIND containers found at: https://about.gitlab.com/releases/2019/07/31/docker-in-docker-with-docker-19-dot-03/
image:
name: quay.io/ansible/molecule:latest
variables:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
services:
- docker:dind
before_script:
- docker -v
- python -V
- ansible --version
- molecule --version
# the following is needed as long as the molecule container has an old version of molecule which just fails with our configuration
- pip install --upgrade molecule
- molecule --version
stages:
- validate
- my_test
validate:
stage: validate
script:
- ansible-lint -v tests/test.yml
only:
- branches
my_test:
stage: my_test
variables:
DOCKER_HOST: "tcp://docker:2375"
script:
- molecule test -s default
only:
- branches
The corresponding molecule.yml
---
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
verifier:
name: ansible
And converge.yml
---
# The workaround for arbitrarily named role directory is important because the git repo has one name and the role within it another
# Found at: https://github.com/ansible-community/molecule/issues/1567#issuecomment-436876722
- name: Converge
hosts: all
tasks:
- name: "Include common"
include_role:
name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"