diff --git a/README.rst b/README.rst
index 35f0eeefff07107da4f7253b954fc5a753ab45d1..3031477110d79e3d864e83d32f2075f413b85839 100644
--- a/README.rst
+++ b/README.rst
@@ -55,4 +55,4 @@ at: https://www.shore.co.il/git/.
TODO
----
-- Test mac-vlan on Vagrant.
+- Test that the container is running in a different user namespace.
diff --git a/molecule.yml b/molecule.yml
index 0d86e79f8d760dd0d6acf0a8d89cea909dec37a5..d5c1a6b080cd404b8fb2828e69929763153f38a7 100644
--- a/molecule.yml
+++ b/molecule.yml
@@ -13,10 +13,10 @@ vagrant:
- name: virtualbox
type: virtualbox
platforms:
- - name: openbsd
- box: kaorimatz/openbsd-5.9-amd64
+ - name: debian
+ box: fujimakishouten/debian-stretch64
instances:
- - name: ansible-role-example
+ - name: ansible-role-nspawn
options:
append_platform_to_hostname: yes
raw_config_args:
diff --git a/tasks/main.yml b/tasks/main.yml
index 7bc45f42de62d73d4b31ce19ea294b341fc0ac48..f0cf616c0af7136307ac6c2db1941d4fac0f7024 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -4,16 +4,11 @@
- assert:
that:
- ansible_os_family == 'Debian'
- - ansible_distribution_release == 'stretch'
+ - ansible_distribution_version == 'stretch/sid'
+ - ansible_service_mgr == 'systemd'
-- name: apt-get install
- apt:
- name: '{{ item }}'
- state: present
- update_cache: yes
- cache_valid_time: 3600
+- name: APT install
with_items:
- - systemd-sysv
- systemd-container
- libnss-myhostname
- libnss-mymachines
@@ -21,11 +16,23 @@
- btrfs-tools
- debootstrap
- yum
+ - uidmap
+ apt:
+ name: '{{ item }}'
+ state: present
+ update_cache: yes
+ cache_valid_time: 3600
- name: Create npawn configuration directory
file:
path: /etc/systemd/nspawn
owner: root
group: root
- mode: '0755'
+ mode: 0o0755
state: directory
+
+- name: Enable machines target
+ service:
+ name: machines.target
+ enabled: yes
+ state: started
diff --git a/tests/playbook.yml b/tests/playbook.yml
index e739a2b8827a164702a059f09277dd60fa516e36..89cb5fcd801625b7c38f6204a5c86e7d33912049 100644
--- a/tests/playbook.yml
+++ b/tests/playbook.yml
@@ -1,5 +1,23 @@
---
- hosts: all
- gather_facts: false
roles:
- - role: ansible-role-example
+ - role: ansible-role-nspawn
+ post_tasks:
+ - name: Create Debian Jessie chroot
+ command: /usr/sbin/debootstrap jessie /var/lib/machines/jessie http://httpredir.debian.org/debian
+ args:
+ creates: /var/lib/machines/jessie/etc/machine-id
+
+ - name: Configure container
+ template:
+ src: jessie.nspawn
+ dest: /etc/systemd/nspawn/jessie.nspawn
+ owner: root
+ group: root
+ mode: 0o0644
+
+ - name: Enable container service
+ service:
+ name: systemd-nspawn@jessie.service
+ state: started
+ enabled: yes
diff --git a/tests/templates/jessie.nspawn b/tests/templates/jessie.nspawn
new file mode 100644
index 0000000000000000000000000000000000000000..f8c931af491d17e77a075600d545855da8b973eb
--- /dev/null
+++ b/tests/templates/jessie.nspawn
@@ -0,0 +1,10 @@
+[Exec]
+Boot=yes
+PrivateUsers=yes
+
+[Files]
+PrivateUsersChown=yes
+
+[Network]
+Private=yes
+MACVLAN={{ ansible_default_ipv4['interface'] }}
diff --git a/tests/test_example.py b/tests/test_example.py
deleted file mode 100644
index 0596b7d508b25f8a2bbfc57371089942f13ddeb1..0000000000000000000000000000000000000000
--- a/tests/test_example.py
+++ /dev/null
@@ -1,6 +0,0 @@
-def test_example(Command):
- assert Command('uname').rc == 0
-
-
-def test_ansible(Ansible):
- assert Ansible('debug', 'msg={{ eleven }}')['msg'] == '11'
diff --git a/tests/test_nspawn.py b/tests/test_nspawn.py
new file mode 100644
index 0000000000000000000000000000000000000000..8e9c7e22249a25327c986862c490433d36bab993
--- /dev/null
+++ b/tests/test_nspawn.py
@@ -0,0 +1,4 @@
+def test_nspawn(Command, Service, Process):
+ assert Service('systemd-nspawn@jessie.service').is_running
+ assert Service('systemd-nspawn@jessie.service').is_enabled
+ assert 'jessie' in Command('machinectl list').stdout