cri-o/contrib/test/integration/critest.yml

---

- name: enable and start CRI-O
  systemd:
    name: crio
    state: started
    enabled: yes
    daemon_reload: yes

- name: Flush the iptables
  command: iptables -F

- name: Enable localnet routing
  command: sysctl -w net.ipv4.conf.all.route_localnet=1

- name: Add masquerade for localhost
  command: iptables -t nat -I POSTROUTING -s 127.0.0.1 ! -d 127.0.0.1 -j MASQUERADE

- name: run critest validation
  shell: "critest -c --runtime-endpoint /var/run/crio/crio.sock --image-endpoint /var/run/crio/crio.sock v"
  args:
    chdir: "{{ ansible_env.GOPATH }}/src/github.com/kubernetes-incubator/cri-o"
  async: 5400
  poll: 30
  when: ansible_distribution not in ['RedHat', 'CentOS']

  # XXX: RHEL has an additional test which fails because of selinux but disabling
  # it doesn't solve the issue.
  # TODO(runcom): enable skipped tests once we fix them (selinux)
  # https://bugzilla.redhat.com/show_bug.cgi?id=1414236
  # https://access.redhat.com/solutions/2897781
- name: run critest validation
  shell: "critest -c --runtime-endpoint /var/run/crio/crio.sock --image-endpoint /var/run/crio/crio.sock -s 'should not allow privilege escalation when true' v"
  args:
    chdir: "{{ ansible_env.GOPATH }}/src/github.com/kubernetes-incubator/cri-o"
  async: 5400
  poll: 30
  when: ansible_distribution in ['RedHat', 'CentOS']

- name: run critest benchmarks
  shell: "critest -c --runtime-endpoint /var/run/crio/crio.sock --image-endpoint /var/run/crio/crio.sock b"
  args:
    chdir: "{{ ansible_env.GOPATH }}/src/github.com/kubernetes-incubator/cri-o"
  async: 5400
  poll: 30
CI: wire in critest Signed-off-by: Antonio Murdaca <runcom@redhat.com> 2017-11-20 11:25:35 +00:00			`---`

			`- name: enable and start CRI-O`
			`systemd:`
			`name: crio`
			`state: started`
			`enabled: yes`
			`daemon_reload: yes`

			`- name: Flush the iptables`
			`command: iptables -F`

			`- name: Enable localnet routing`
			`command: sysctl -w net.ipv4.conf.all.route_localnet=1`

			`- name: Add masquerade for localhost`
			`command: iptables -t nat -I POSTROUTING -s 127.0.0.1 ! -d 127.0.0.1 -j MASQUERADE`

			`- name: run critest validation`
Don't skip a critest that we now pass We can pass the "listImage should get exactly 2 repoTags in the result image" test now, so we no longer need to skip it. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> 2017-12-04 16:46:49 +00:00			`shell: "critest -c --runtime-endpoint /var/run/crio/crio.sock --image-endpoint /var/run/crio/crio.sock v"`
CI: wire in critest Signed-off-by: Antonio Murdaca <runcom@redhat.com> 2017-11-20 11:25:35 +00:00			`args:`
			`chdir: "{{ ansible_env.GOPATH }}/src/github.com/kubernetes-incubator/cri-o"`
			`async: 5400`
			`poll: 30`
			`when: ansible_distribution not in ['RedHat', 'CentOS']`

Don't skip a critest that we now pass We can pass the "listImage should get exactly 2 repoTags in the result image" test now, so we no longer need to skip it. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> 2017-12-04 16:46:49 +00:00			`# XXX: RHEL has an additional test which fails because of selinux but disabling`
CI: wire in critest Signed-off-by: Antonio Murdaca <runcom@redhat.com> 2017-11-20 11:25:35 +00:00			`# it doesn't solve the issue.`
Don't skip a critest that we now pass We can pass the "listImage should get exactly 2 repoTags in the result image" test now, so we no longer need to skip it. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> 2017-12-04 16:46:49 +00:00			`# TODO(runcom): enable skipped tests once we fix them (selinux)`
CI: wire in critest Signed-off-by: Antonio Murdaca <runcom@redhat.com> 2017-11-20 11:25:35 +00:00			`# https://bugzilla.redhat.com/show_bug.cgi?id=1414236`
			`# https://access.redhat.com/solutions/2897781`
			`- name: run critest validation`
Don't skip a critest that we now pass We can pass the "listImage should get exactly 2 repoTags in the result image" test now, so we no longer need to skip it. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> 2017-12-04 16:46:49 +00:00			`shell: "critest -c --runtime-endpoint /var/run/crio/crio.sock --image-endpoint /var/run/crio/crio.sock -s 'should not allow privilege escalation when true' v"`
CI: wire in critest Signed-off-by: Antonio Murdaca <runcom@redhat.com> 2017-11-20 11:25:35 +00:00			`args:`
			`chdir: "{{ ansible_env.GOPATH }}/src/github.com/kubernetes-incubator/cri-o"`
			`async: 5400`
			`poll: 30`
			`when: ansible_distribution in ['RedHat', 'CentOS']`

			`- name: run critest benchmarks`
			`shell: "critest -c --runtime-endpoint /var/run/crio/crio.sock --image-endpoint /var/run/crio/crio.sock b"`
			`args:`
			`chdir: "{{ ansible_env.GOPATH }}/src/github.com/kubernetes-incubator/cri-o"`
			`async: 5400`
			`poll: 30`