diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..207f5a7
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,9 @@
+.vagrant/
+*.log
+*.retry
+*.deb
+*.rpm
+secrets.yml
+.kitchen/
+.kitchen.local.yml
+Dockerfile*
diff --git a/.kitchen.yml b/.kitchen.yml
new file mode 100644
index 0000000..3d136d5
--- /dev/null
+++ b/.kitchen.yml
@@ -0,0 +1,32 @@
+---
+driver:
+  name: docker
+  # https://github.com/test-kitchen/kitchen-docker/issues/207#issuecomment-218544624
+  use_sudo: false
+
+provisioner:
+  name: ansible_playbook
+  hosts: instances
+  additional_copy_path:
+    # for some reason this isn't copied by default
+    - test/integration/default/files
+
+platforms:
+  # https://github.com/test-kitchen/kitchen-docker/issues/268#issuecomment-304141235
+  - name: centos-6
+    driver:
+      disable_upstart: false
+      run_command: /sbin/init
+  - name: centos-7
+    driver_config:
+      image: centos/systemd
+      run_command: /usr/sbin/init
+      privileged: true
+      provision_command:
+        - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
+        - systemctl enable sshd.service
+  - name: ubuntu-14.04
+  - name: ubuntu-16.04
+
+suites:
+  - name: default
diff --git a/.travis.yml b/.travis.yml
index 36bbf62..01c2b52 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -18,12 +18,9 @@ install:
   # Check ansible version
   - ansible --version
 
-  # Create ansible.cfg with correct roles_path
-  - printf '[defaults]\nroles_path=../' >ansible.cfg
-
 script:
   # Basic role syntax check
-  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+  - cd test/integration/default && ansible-playbook default.yml -i inventory --syntax-check
 
 notifications:
-  webhooks: https://galaxy.ansible.com/api/v1/notifications/
\ No newline at end of file
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/
diff --git a/Gemfile b/Gemfile
new file mode 100644
index 0000000..d5ee675
--- /dev/null
+++ b/Gemfile
@@ -0,0 +1,5 @@
+source 'https://rubygems.org'
+
+gem 'test-kitchen'
+gem 'kitchen-ansible'
+gem 'kitchen-docker'
diff --git a/Gemfile.lock b/Gemfile.lock
new file mode 100644
index 0000000..72bdc99
--- /dev/null
+++ b/Gemfile.lock
@@ -0,0 +1,76 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    builder (3.2.3)
+    erubis (2.7.0)
+    ffi (1.9.18)
+    gssapi (1.2.0)
+      ffi (>= 1.0.1)
+    gyoku (1.3.1)
+      builder (>= 2.1.2)
+    httpclient (2.8.3)
+    kitchen-ansible (0.48.1)
+      net-ssh (>= 3)
+      test-kitchen (~> 1.4)
+    kitchen-docker (2.6.0)
+      test-kitchen (>= 1.0.0)
+    little-plugger (1.1.4)
+    logging (2.2.2)
+      little-plugger (~> 1.1)
+      multi_json (~> 1.10)
+    mixlib-install (3.8.0)
+      mixlib-shellout
+      mixlib-versioning
+      thor
+    mixlib-shellout (2.3.2)
+    mixlib-versioning (1.2.2)
+    multi_json (1.12.2)
+    net-scp (1.2.1)
+      net-ssh (>= 2.6.5)
+    net-ssh (4.2.0)
+    net-ssh-gateway (1.3.0)
+      net-ssh (>= 2.6.5)
+    nori (2.6.0)
+    rubyntlm (0.6.2)
+    rubyzip (1.2.1)
+    safe_yaml (1.0.4)
+    test-kitchen (1.19.2)
+      mixlib-install (~> 3.6)
+      mixlib-shellout (>= 1.2, < 3.0)
+      net-scp (~> 1.1)
+      net-ssh (>= 2.9, < 5.0)
+      net-ssh-gateway (~> 1.2)
+      safe_yaml (~> 1.0)
+      thor (~> 0.19, < 0.19.2)
+      winrm (~> 2.0)
+      winrm-elevated (~> 1.0)
+      winrm-fs (~> 1.1.0)
+    thor (0.19.1)
+    winrm (2.2.3)
+      builder (>= 2.1.2)
+      erubis (~> 2.7)
+      gssapi (~> 1.2)
+      gyoku (~> 1.0)
+      httpclient (~> 2.2, >= 2.2.0.2)
+      logging (>= 1.6.1, < 3.0)
+      nori (~> 2.0)
+      rubyntlm (~> 0.6.0, >= 0.6.1)
+    winrm-elevated (1.1.0)
+      winrm (~> 2.0)
+      winrm-fs (~> 1.0)
+    winrm-fs (1.1.1)
+      erubis (~> 2.7)
+      logging (>= 1.6.1, < 3.0)
+      rubyzip (~> 1.1)
+      winrm (~> 2.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  kitchen-ansible
+  kitchen-docker
+  test-kitchen
+
+BUNDLED WITH
+   1.16.0
diff --git a/README.md b/README.md
index 9c63c29..64b1501 100644
--- a/README.md
+++ b/README.md
@@ -13,14 +13,14 @@ Role Variables
 - `nessus_agent_key`: key used for linking with nessus host (this is a required variable)
 
 - `nessus_agent_group`: host group this agent should be added to when linking with nessus host (this is a required variable)
- 
+
 - `nessus_agent_host`: nessus host to link with (default: `cloud.tenable.com`)
 
 - `nessus_agent_port`: nessus host port (default: `443`)
 
 - `nessus_agent_package`: can be either a repository package, path to a file, or a URL (default: `NessusAgent`)
 
-        nessus_agent_package: nessus-agent 
+        nessus_agent_package: nessus-agent
         nessus_agent_package: /tmp/nessus-agent_6.8.1_amd64.deb
 
 Example Playbook
@@ -33,6 +33,38 @@ Example Playbook
            nessus_agent_key: xxxxxxxxx
            tags: nessus-agent
 
+Testing Locally
+---------------
+
+1. Ensure you have a running [Nessus Manager](https://www.tenable.com/products/nessus-vulnerability-scanner/nessus-manager) or [tenable.io](https://www.tenable.com/products/tenable-io) account and agent key.
+1. Install dependencies.
+    * [Ansible](https://docs.ansible.com/ansible/latest/intro_installation.html)
+    * [Docker](https://www.docker.com/)
+    * [Ruby](https://www.ruby-lang.org/)
+1. Install Test Kitchen and dependencies.
+
+    ```sh
+    bundle
+    ```
+
+1. [Download Nessus Agent packages](https://www.tenable.com/products/nessus/agent-download) for CentOS 6, CentOS 7, and Ubuntu 14.04/16.04. Put them under `test/integration/default/files/`.
+1. Create credentials file.
+
+    ```sh
+    cp test/integration/default/group_vars/all/secrets.yml.example test/integration/default/group_vars/all/secrets.yml
+    ```
+
+1. Fill out `tests/group_vars/all/secrets.yml`.
+1. Run integration test.
+
+    ```sh
+    kitchen create
+    kitchen converge
+
+    # when done, run
+    kitchen destroy
+    ```
+
 Author Information
 ------------------
 
diff --git a/chefignore b/chefignore
new file mode 100644
index 0000000..7be3c6d
--- /dev/null
+++ b/chefignore
@@ -0,0 +1 @@
+.kitchen
diff --git a/meta/main.yml b/meta/main.yml
index 233d489..110bcd7 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -12,6 +12,9 @@ galaxy_info:
     - name: Debian
       versions:
         - all
+    - name: EL
+      versions:
+        - all
 
   galaxy_tags:
     - security
diff --git a/test/integration/default/ansible.cfg b/test/integration/default/ansible.cfg
new file mode 100644
index 0000000..0a294aa
--- /dev/null
+++ b/test/integration/default/ansible.cfg
@@ -0,0 +1,2 @@
+[defaults]
+roles_path=../../../../
diff --git a/test/integration/default/default.yml b/test/integration/default/default.yml
new file mode 100644
index 0000000..042b0e9
--- /dev/null
+++ b/test/integration/default/default.yml
@@ -0,0 +1,9 @@
+---
+- hosts: all
+  become: true
+  pre_tasks:
+    # not included by default on ubuntu:16.04 image
+    - name: Install time zone package
+      package: name=tzdata
+  roles:
+    - ansible-role-nessus-agent
diff --git a/test/integration/default/files/.keep b/test/integration/default/files/.keep
new file mode 100644
index 0000000..e69de29
diff --git a/test/integration/default/group_vars/all/pkg.yml b/test/integration/default/group_vars/all/pkg.yml
new file mode 100644
index 0000000..dedcaee
--- /dev/null
+++ b/test/integration/default/group_vars/all/pkg.yml
@@ -0,0 +1,11 @@
+---
+nessus_agent_version: "7.0.0"
+# https://docs.tenable.com/cloud/Content/AdditionalResources/InstallNessusAgent.htm
+nessus_agent_packages:
+  CentOS:
+    6: NessusAgent-{{ nessus_agent_version }}-es6.x86_64.rpm
+    7: NessusAgent-{{ nessus_agent_version }}-es7.x86_64.rpm
+  Ubuntu:
+    14: NessusAgent-{{ nessus_agent_version }}-ubuntu1110_amd64.deb
+    16: NessusAgent-{{ nessus_agent_version }}-ubuntu1110_amd64.deb
+nessus_agent_package: "{{ role_path }}/test/integration/default/files/{{ nessus_agent_packages[ansible_distribution][ansible_distribution_major_version | int] }}"
diff --git a/test/integration/default/group_vars/all/secrets.yml.example b/test/integration/default/group_vars/all/secrets.yml.example
new file mode 100644
index 0000000..0b8abc9
--- /dev/null
+++ b/test/integration/default/group_vars/all/secrets.yml.example
@@ -0,0 +1,5 @@
+---
+nessus_agent_key: ...
+"{{ role_path }}/test/integration/default/files/NessusAgent-7.0.0-ubuntu1110_amd64.deb"
+
+# you can also configure the optional variables here
diff --git a/test/integration/default/inventory b/test/integration/default/inventory
new file mode 100644
index 0000000..0cc9395
--- /dev/null
+++ b/test/integration/default/inventory
@@ -0,0 +1 @@
+localhost ansible_connection=local ansible_user=root
diff --git a/tests/inventory b/tests/inventory
deleted file mode 100644
index d18580b..0000000
--- a/tests/inventory
+++ /dev/null
@@ -1 +0,0 @@
-localhost
\ No newline at end of file
diff --git a/tests/test.yml b/tests/test.yml
deleted file mode 100644
index ad35a8d..0000000
--- a/tests/test.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- hosts: localhost
-  remote_user: root
-  roles:
-    - ansible-role-nessus-agent
\ No newline at end of file