As I mentioned in the other post (What's up with proxmox.community?), I’d like to help set up some actual integration tests for this collection (as I’m not much of a charmer myself, I do know my way around Ansible and Proxmox). So I let my mind run at it a bit and I came up with the following idea, but I’d like to bounce it against some folks to flesh it out more and make it a good fit.
First the good news, I had a chat with some folks around the office and our company is willing to provide a server (I mentioned it’s a commitment for a longer time and that’s OK!) that can actually host this stuff
So the plan I had, since we’re talking integration tests, is the following:
Install Proxmox on the server we have (duh )
Develop a Packer template that will generate a fresh PVE template VM each month or so (I’ll do that, as I’ve been meaning to get my hands dirty with Packer).
Develop a means for that template to be deployed on the Proxmox host in a pipeline setting, so we’d need something of an agent?
Determine/design a network environment for the tests that contain extra resources etc. I don’t think it’s a good idea to provide unchecked internet access to these VMs (for abuse reasons), but I’m open to suggestions here!
I haven’t written anything down yet (except this post), so nothings set in stone, so please, feel free to shoot holes in the plan and let’s get this show on the road!
If proxmox can be run in a Docker container then theirs a (fairly) simple way we can integrate this into a GitHub action, using the docker services feature that GitHub provides
If that isn’t an option, ansible-test integration has the ability to start (or request) resources in external cloud provides, which you can see here, there is a separate private repo where the credentials are stored.
Thanks to you, @crossroads and @felixfontein for making this happen. I’m not sure how much time I could put into helping at this moment, but I’m pretty familiar with Proxmox, using it in my Homelab extensively. I’m primarily using OpenTofu for deploying VMs though…
I have experience with HashiCorp Packer too, so maybe I could assist with creating a template if needed
Develop a means for that template to be deployed on the Proxmox host in a pipeline setting, so we’d need something of an agent?
@Thulium-Drake - Would the Proxmox host provided by your company be internet accessible? To minimise some security concerns of having an internet accessible Proxmox host, maybe we could look into using Tailscale in a GitHub Action to connect to the Proxmox host.
Determine/design a network environment for the tests that contain extra resources etc. I don’t think it’s a good idea to provide unchecked internet access to these VMs (for abuse reasons), but I’m open to suggestions here!
@Thulium-Drake - I agree with you, if the plan is to test that resources are successfully created and removed, then I don’t think resources (VMs, LXCs etc) should be provided any sort of internet access. Furthermore, if someone did try to add a test to create a SDN and attach a VM to it (with malicious intent for internet access), then this should go through peer approval from a maintainer before any test is ran, so it could be caught at that stage, but it would be good to have some networking limitations in place to help prevent that further.
I was thinking about doing using it do do something wrt the proxmox tests in community.general, but now that the proxmox stuff is moving out, I might be able to chip in over there - as time allows. You may also want to check the setup_docker target in community.general integration tests and its use, for example in the mssql_scripts tests.
charmer myself, I do know my way around Ansible and Proxmox). So I let my mind run at it a bit and I came up with the following idea, but I’d like to bounce it against some folks to flesh it out more and make it a good fit.
)
