| |
@@ -1,50 +0,0 @@
|
| |
- ---
|
| |
- - hosts: localhost
|
| |
- vars:
|
| |
- - artifacts: "{{ lookup('env', 'TEST_ARTIFACTS')|default('./artifacts', true) }}"
|
| |
- tags:
|
| |
- - classic
|
| |
- tasks:
|
| |
- # switch SELinux to permissive mode
|
| |
- - name: Get default kernel
|
| |
- command: "grubby --default-kernel"
|
| |
- register: default_kernel
|
| |
- - debug: msg="{{ default_kernel.stdout }}"
|
| |
- - name: Set permissive mode
|
| |
- command: "grubby --args=enforcing=0 --update-kernel {{ default_kernel.stdout }}"
|
| |
-
|
| |
- - name: reboot
|
| |
- block:
|
| |
- - name: restart host
|
| |
- shell: sleep 2 && shutdown -r now "Ansible updates triggered"
|
| |
- async: 1
|
| |
- poll: 0
|
| |
- ignore_errors: true
|
| |
-
|
| |
- - name: wait for host to come back
|
| |
- wait_for_connection:
|
| |
- delay: 10
|
| |
- timeout: 300
|
| |
-
|
| |
- - name: Re-create /tmp/artifacts
|
| |
- command: mkdir /tmp/artifacts
|
| |
-
|
| |
- - name: Gather SELinux denials since boot
|
| |
- shell: |
|
| |
- result=pass
|
| |
- dmesg | grep -i -e type=1300 -e type=1400 > /tmp/avc.log && result=fail
|
| |
- ausearch -m avc -m selinux_err -m user_avc -ts boot &>> /tmp/avc.log
|
| |
- grep -q '<no matches>' /tmp/avc.log || result=fail
|
| |
- echo -e "\nresults:\n- test: reboot and collect AVC\n result: $result\n logs:\n - avc.log\n\n" > /tmp/results.yml
|
| |
- ( [ $result = "pass" ] && echo PASS test-reboot || echo FAIL test-reboot ) > /tmp/test.log
|
| |
-
|
| |
- always:
|
| |
- - name: Pull out the artifacts
|
| |
- fetch:
|
| |
- dest: "{{ artifacts }}/"
|
| |
- src: "{{ item }}"
|
| |
- flat: yes
|
| |
- with_items:
|
| |
- - /tmp/test.log
|
| |
- - /tmp/avc.log
|
| |
- - /tmp/results.yml
|
| |
This PR just shows way how the STI test with reboot can be rewritten to tmt.
Do not merge! It can spoil testing.