--- - name: enable and start CRI-O systemd: name: crio state: started enabled: yes daemon_reload: yes - name: Flush the iptables command: iptables -F - name: Enable localnet routing command: sysctl -w net.ipv4.conf.all.route_localnet=1 - name: Add masquerade for localhost command: iptables -t nat -I POSTROUTING -s 127.0.0.1 ! -d 127.0.0.1 -j MASQUERADE - name: run critest validation shell: "critest -c --runtime-endpoint /var/run/crio/crio.sock --image-endpoint /var/run/crio/crio.sock v" args: chdir: "{{ ansible_env.GOPATH }}/src/github.com/kubernetes-incubator/cri-o" async: 5400 poll: 30 when: ansible_distribution not in ['RedHat', 'CentOS'] # XXX: RHEL has an additional test which fails because of selinux but disabling # it doesn't solve the issue. # TODO(runcom): enable skipped tests once we fix them (selinux) # https://bugzilla.redhat.com/show_bug.cgi?id=1414236 # https://access.redhat.com/solutions/2897781 - name: run critest validation shell: "critest -c --runtime-endpoint /var/run/crio/crio.sock --image-endpoint /var/run/crio/crio.sock -s 'should not allow privilege escalation when true' v" args: chdir: "{{ ansible_env.GOPATH }}/src/github.com/kubernetes-incubator/cri-o" async: 5400 poll: 30 when: ansible_distribution in ['RedHat', 'CentOS'] - name: run critest benchmarks shell: "critest -c --runtime-endpoint /var/run/crio/crio.sock --image-endpoint /var/run/crio/crio.sock b" args: chdir: "{{ ansible_env.GOPATH }}/src/github.com/kubernetes-incubator/cri-o" async: 5400 poll: 30