16c37db4fd
- rename test-reboot.yml to tests-reboot.yml so that it's run by CI directly - drop unnecessary tests.yml - add mandatory test.log, see https://docs.fedoraproject.org/en-US/ci/standard-test-interface/#_invocation - improve results.yml format - drop avc.err.log and log everything AVC related to avc.log
51 lines
1.6 KiB
YAML
51 lines
1.6 KiB
YAML
---
|
|
- hosts: localhost
|
|
vars:
|
|
- artifacts: "{{ lookup('env', 'TEST_ARTIFACTS')|default('./artifacts', true) }}"
|
|
tags:
|
|
- classic
|
|
tasks:
|
|
# switch SELinux to permissive mode
|
|
- name: Get default kernel
|
|
command: "grubby --default-kernel"
|
|
register: default_kernel
|
|
- debug: msg="{{ default_kernel.stdout }}"
|
|
- name: Set permissive mode
|
|
command: "grubby --args=enforcing=0 --update-kernel {{ default_kernel.stdout }}"
|
|
|
|
- name: reboot
|
|
block:
|
|
- name: restart host
|
|
shell: sleep 2 && shutdown -r now "Ansible updates triggered"
|
|
async: 1
|
|
poll: 0
|
|
ignore_errors: true
|
|
|
|
- name: wait for host to come back
|
|
wait_for_connection:
|
|
delay: 10
|
|
timeout: 300
|
|
|
|
- name: Re-create /tmp/artifacts
|
|
command: mkdir /tmp/artifacts
|
|
|
|
- name: Gather SELinux denials since boot
|
|
shell: |
|
|
result=pass
|
|
dmesg | grep -i -e type=1300 -e type=1400 > /tmp/avc.log && result=fail
|
|
ausearch -m avc -m selinux_err -m user_avc -ts boot &>> /tmp/avc.log
|
|
grep -q '<no matches>' /tmp/avc.log || result=fail
|
|
echo -e "\nresults:\n- test: reboot and collect AVC\n result: $result\n logs:\n - avc.log\n\n" > /tmp/results.yml
|
|
( [ $result = "pass" ] && echo PASS test-reboot || echo FAIL test-reboot ) > /tmp/test.log
|
|
|
|
always:
|
|
- name: Pull out the artifacts
|
|
fetch:
|
|
dest: "{{ artifacts }}/"
|
|
src: "{{ item }}"
|
|
flat: yes
|
|
with_items:
|
|
- /tmp/test.log
|
|
- /tmp/avc.log
|
|
- /tmp/results.yml
|