As I mentioned in the other post (What's up with proxmox.community?), I’d like to help set up some actual integration tests for this collection (as I’m not much of a charmer myself, I do know my way around Ansible and Proxmox). So I let my mind run at it a bit and I came up with the following idea, but I’d like to bounce it against some folks to flesh it out more and make it a good fit.
First the good news, I had a chat with some folks around the office and our company is willing to provide a server (I mentioned it’s a commitment for a longer time and that’s OK!) that can actually host this stuff
So the plan I had, since we’re talking integration tests, is the following:
Install Proxmox on the server we have (duh )
Develop a Packer template that will generate a fresh PVE template VM each month or so (I’ll do that, as I’ve been meaning to get my hands dirty with Packer).
Develop a means for that template to be deployed on the Proxmox host in a pipeline setting, so we’d need something of an agent?
Determine/design a network environment for the tests that contain extra resources etc. I don’t think it’s a good idea to provide unchecked internet access to these VMs (for abuse reasons), but I’m open to suggestions here!
I haven’t written anything down yet (except this post), so nothings set in stone, so please, feel free to shoot holes in the plan and let’s get this show on the road!
If proxmox can be run in a Docker container then theirs a (fairly) simple way we can integrate this into a GitHub action, using the docker services feature that GitHub provides
If that isn’t an option, ansible-test integration has the ability to start (or request) resources in external cloud provides, which you can see here, there is a separate private repo where the credentials are stored.
Thanks to you, @crossroads and @felixfontein for making this happen. I’m not sure how much time I could put into helping at this moment, but I’m pretty familiar with Proxmox, using it in my Homelab extensively. I’m primarily using OpenTofu for deploying VMs though…
I have experience with HashiCorp Packer too, so maybe I could assist with creating a template if needed
Develop a means for that template to be deployed on the Proxmox host in a pipeline setting, so we’d need something of an agent?
@Thulium-Drake - Would the Proxmox host provided by your company be internet accessible? To minimise some security concerns of having an internet accessible Proxmox host, maybe we could look into using Tailscale in a GitHub Action to connect to the Proxmox host.
Determine/design a network environment for the tests that contain extra resources etc. I don’t think it’s a good idea to provide unchecked internet access to these VMs (for abuse reasons), but I’m open to suggestions here!
@Thulium-Drake - I agree with you, if the plan is to test that resources are successfully created and removed, then I don’t think resources (VMs, LXCs etc) should be provided any sort of internet access. Furthermore, if someone did try to add a test to create a SDN and attach a VM to it (with malicious intent for internet access), then this should go through peer approval from a maintainer before any test is ran, so it could be caught at that stage, but it would be good to have some networking limitations in place to help prevent that further.
I was thinking about doing using it do do something wrt the proxmox tests in community.general, but now that the proxmox stuff is moving out, I might be able to chip in over there - as time allows. You may also want to check the setup_docker target in community.general integration tests and its use, for example in the mssql_scripts tests.
@gundalow Well, as Proxmox is a hypervisor platfrom I’d rather have the ability to at least do some basic tests with it’s virtualization features (we could look into nested virtualization for VMs, but I’ve been running LXC containers in Proxmox VMs for a few years without problems).
And AFAIK, there’s an agent we can run on the system that will handle any and all CI for Actions, right? We might even need to extend the ansible-test with a feature for Proxmox
@dbrennand The server itself will have Internet access, but I’ll be shielding the VMs on it from having a network that can access Internet.
One of my colleagues did some setup work in Packer for a different project. But let’s collab on that, I only have seen that work with EL-based systems so far, and we’ll need to do some digging into unattended installation options for Proxmox. I’ll make a repo with a first pass on what we should need.
Let’s first get this up and running on our own infra (I have other PVE servers at my disposal I can (ab)use to test Packer on )
@russoz That’s pretty neat! Though there’s no Containerfile included in the sourcecode linked on the image
@wayt We will use cloud-init when setting up the VM’s when running the tests, but it requires a prepared image to start with. And for that we might as well use Packer to generate them regularly.