ansible.nftables/molecule/default/verify.yml

73 lines
1.5 KiB
YAML
Raw Normal View History

2021-08-06 11:28:16 +02:00
---
# This is an example playbook to execute Ansible tests.
- name: Verify
hosts: all
gather_facts: false
tasks:
2021-08-08 20:43:58 +02:00
- name: check for nftables.d
stat:
path: /etc/nftables.d
2021-08-08 23:14:21 +02:00
register: p
- name: check nftables.d
assert:
that:
- p.stat.exists and p.stat.isdir
- name: check for nftables.conf
stat:
path: /etc/nftables.conf
2021-08-08 23:14:21 +02:00
register: p
- name: check nftables.conf
assert:
that:
- p.stat.exists
- name: check for nftables.conf
stat:
path: /etc/nftables.d/filter-input.nft
2021-08-08 23:14:21 +02:00
register: p
- name: check filter-input.nft
assert:
that:
- p.stat.exists
2021-08-08 20:09:08 +02:00
- name: list rules
command: nft list ruleset
register: nft
2021-08-08 22:27:18 +02:00
- name: debug rules
debug: var=nft
2021-08-08 20:09:08 +02:00
- name: check rules
assert:
that:
# The whole line is:
# type filter hook input priority 0; policy drop;
# However on CentOS will return "priority 0", while Debian will
# show "priority filter"
- '"type filter hook input" in nft.stdout'
- '"type filter hook output" in nft.stdout'
2021-08-08 20:09:08 +02:00
- name: service status - active
command: systemctl is-active nftables.service
register: status
- name: check service status
assert:
that:
- 'status.stdout == "active"'
- name: service status - enabled
command: systemctl is-enabled nftables.service
register: status
- name: check service status
2021-08-06 11:28:16 +02:00
assert:
2021-08-08 20:09:08 +02:00
that:
- 'status.stdout == "enabled"'