Mac development environment construction (Ansible + Serverspec + Travis CI)

Overview

I tried to automate the construction of Mac development environment with Ansible, so make a note of what I did and what I investigated.

I wanted to do something like Boxen with ansible. So I prepared two repositories, one like our-boxen (template) and one that I copied and customized.

--https://github.com/tell-k/blister-pack .... Basic setup contents --https://github.com/tell-k/blister-pack-mine ... Your personal setup

Please refer to README.rst for how to use blister-pack.

I did the following things.

--Automate Mac OS X development environment construction with ansible. Install required packages mainly with hombrew + homebrew-cask --Like Boxen, manage the construction contents (role) by dividing into common parts, individuals, and projects. --Test with Serverspec. --Run build / test on Travis CI

Environment construction with Ansible

--Mainly most of ansible's hombrew module and hombrew-cask module Could be installed. --To execute ansible to the local environment, write the following in the inventory file.

[localhost]
127.0.0.1

[localhost:vars]
ansible_connection=local

Role management

--Like Boxen, the construction contents are managed separately for each common part / individual / project.

├── Makefile
├── README.rst
├── Rakefile
├── callback_plugins
├── hosts
├── playbook.yml
├── roles
│   ├── common   # <-Commonly used role group
│   ├── people   # <-Role group for each individual
│   └── projects # <-Role group for each project
└── spec
    ├── common
    ├── people
    ├── projects
    └── spec_helper.rb

Tested with Serverspec

--Enabled to test the construction contents in Ansible with Serverspec. -envassert and ansible's assert module You also have the option of using -testing). --Spec files are also separated by common / people / projects. --Serverspec is convenient because most of what you want to do is written in Documentation.

Build / test with Travis CI

--Travis CI provides an OS X environment as a build environment (http://docs.travis-ci.com/user/osx-ci-environment) --Build / test with it --When using OS X, just specify in .travis.yml --It seems that homebrew, xcode, etc. are included in advance. --Since it seems that sudo can be executed without a password, it is executed without the "-K" option of ansible.

language: objective-c
os:
  - osx
before_install:
  - brew update
  - brew install python
  - brew install ansible
  - ansible-playbook -vv playbook.yml -i hosts
script:
  - make test

TIPS

homebrew update / upgrade

--homebrew update updates Formula and homebrew itself. --upgrade rebuilds / installs the target package. --The ansible homebrew module has options called "update_homebrew" and "upgrade_all". --Inventory has a variable so that this option can be changed as appropriate.

[localhost]
127.0.0.1

[localhost:vars]
homebrew_update=yes     #Yes to always update. Set to no if you feel slow
homebrew_upgrade_all=no #Yes if all packages need to be updated

It just passes to the homebrew module

- name: Update homebrew
  homebrew: update_homebrew={{ homebrew_update }} upgrade_all={{ homebrew_upgrade_all }}

Environment variable and path references

--For homebrew etc., you can get the path with "hombrew --prefix" "homebrew --cellar" etc. ――How to pass this to ansible and serverspec. --In the case of Ansible You can refer to environment variables and shell execution results with the lookup plugin. --If you use it and define it in the inventory file, you can refer to it in the playbook.

[localhost]
127.0.0.1

[localhost:vars]
home_path={{ lookup('env','HOME') }}
homebrew_prefix={{ lookup('pipe','echo `brew --prefix`') }}
homebrew_cellar={{ lookup('pipe','echo `brew --cellar`') }}

Use this in the role as follows

- name: Copy dnsmaq.conf
  copy: src=roles/common/dnsmasq/files/dnsmasq.conf dest="{{ homebrew_prefix }}/etc/dnsmasq.conf" backup=yes

In the case of Serverspec, I defined it in spec_helper.rb without thinking about anything.

require 'serverspec'

set :backend, :exec

def home_path
  home_path = `echo ~/`
  home_path.chomp
end

def homebrew_prefix
  prefix = `brew --prefix`
  prefix.chomp
end

def homebrew_cellar
  cellar_path = `brew --cellar`
  cellar_path.chomp
end

Completion notification by Ansible's Callbacks plugin

--Since it takes time to execute Ansible, I will notify you when it is finished. --Using Ansible's Callbacks Plugin, it is now displayed in the OS X Notification Center.

--The script is here

Support for Travis build time limit

Travis will forcibly terminate the build under the following conditions.

--Forcibly terminated if it takes more than 50 minutes to build --It is forcibly terminated even if there is no standard output for a certain period of time.

• http://docs.travis-ci.com/user/build-configuration/#Job-Timeouts

For the time being, Travis skips items that take a long time to install.

1. Prepare an environment variable called TRAVIS_BUILD_SKIP
2. [check this environment variable in role / spec and don't run it](https://github.com/tell-k/blister-pack-mine/blob/master/roles/people/tell_k/tasks /homebrew.yml#L68-L72)

――The feeling of falling over is amazing, so look for a better method.

lint-like check

--Ansible has an option to do --syntax-check by default --There is also a library called ansible-lint. -> I got an error with tarvis + I don't use it now because it doesn't check much --For serverspec, rubocop is used. It is good that the "--auto-correct" option automatically shapes it to some extent. -Define checkstyle in Makefile so that it can be checked

Manage private builds

--For example, the role / spec group of a private project is set to gitignore under the directory "private". --Prepare YAML (private.yml) for private use and [Merge] playbook.yml and private.yml every time you execute ansible (https://github.com/tell-k/blister-pack-mine/) blob / master / Makefile # L9-L11).

Handling of github repositories

--A private key is required to clone a github repository via SSH using ansible's git module on Travis CI --In that case, Set the deployment key in each repository or clone by HTTPS Need to be. Since it is troublesome, I usually use HTTPS.

Example:The repo of the git module is a URL that starts with https.
- name: Git clone tell-k/sphinxjp.themes.basicstrap
  git: repo=https://github.com/tell-k/sphinxjp.themes.basicstrap.git dest=~/Work/python/sphinxjp.themes.basicstrap update=no

Digression

--I tried it with the same configuration for about half a year except for Travis CI, but there were no major problems. Ansible is great. --Checking with Serverspec + Travis gives you a sense of security. Writing tests with Serverspec is kind of fun. --Some of them are purchased via the App Store due to licenses, so it seems difficult to fully automate them. ――I wrote a story about each individual / project, but since it's a bocce, I've never shared it with anyone other than myself or had it used. --The strange name blister-pack was found in Boxen's TOP picture.

Alternative

There are several other ideas / tools for building a Mac OS X environment using Ansible.

• geerlingguy/mac-dev-playbook
• osxc
• battleschool

Initially, I tried to use these tools, but stopped for the following reasons.

――It seemed to be troublesome to remember something specific to tools other than Ansible. --There are wrapper commands like Boxen, but Ansible's plug-in mechanism seems to work as a substitute. --If it was just a wrapper as a shortcut, Makefile was enough.

reference

Books

-Introduction to Ansible ... A book that gives you a good idea of what Ansible can do -Python Professional Programming 2nd Edition ... There is an Ansible chapter (Stema) -Python engineer training reader ... Introduction Since the person in Ansible wrote about Ansible, I plan to buy it and read it. -Serverspec ... I haven't bought it yet, so don't buy it> I

Ansible related

• All Modules — Ansible Documentation -Automating Mac development environment construction (early 2015)
• geerlingguy/mac-dev-playbook -ansible Kotohajime -ansible cheat sheet -About the configuration management tool Ansible -Introduction to Ansible ...? -Send ansible log to fluentd -Ansible 1.5 release -Mastering Ansible role -Create your own module with Ansible and distribute it with playbook -Ansible Tutorial -I tried using Ansible locally

Boxen related

-It is allowed until 2012 without using Boxen -What happens when you run Boxen -Memo where I was addicted to building with boxen -Story of introducing boxing -Mac setup using Boxen -It's almost 2014, but I'll try boxing by myself --Mac Setup with Boxen

Homebrew-cask related

-Stop Boxen and switch to Brewfile + homebrew-cask -List that can be inscored with brew cask -Memo for building environment after clean installation of Mac OSX -Apps installed with homebrew-cask cannot be called from Alfred -I made a Brewfile instead of writing down the apps and tools installed on my MacBook -Compare Homebrew vs Boxen and start brewproj -Impressions comparing Boxen and brew Bundle && Homebrew-cask

Serverspec related

• Serverspec - Resource Types --How to share serverspec tests between hosts --I created a gem called serverspec to test a built server with RSpec