73 lines
1.5 KiB
YAML
73 lines
1.5 KiB
YAML
---
|
|
# This is an example playbook to execute Ansible tests.
|
|
|
|
- name: Verify
|
|
hosts: all
|
|
gather_facts: false
|
|
tasks:
|
|
|
|
- name: check for nftables.d
|
|
stat:
|
|
path: /etc/nftables.d
|
|
register: p
|
|
|
|
- name: check nftables.d
|
|
assert:
|
|
that:
|
|
- p.stat.exists and p.stat.isdir
|
|
|
|
- name: check for nftables.conf
|
|
stat:
|
|
path: /etc/nftables.conf
|
|
register: p
|
|
|
|
- name: check nftables.conf
|
|
assert:
|
|
that:
|
|
- p.stat.exists
|
|
|
|
- name: check for nftables.conf
|
|
stat:
|
|
path: /etc/nftables.d/filter-input.nft
|
|
register: p
|
|
|
|
- name: check filter-input.nft
|
|
assert:
|
|
that:
|
|
- p.stat.exists
|
|
|
|
- name: list rules
|
|
command: nft list ruleset
|
|
register: nft
|
|
|
|
- name: debug rules
|
|
debug: var=nft
|
|
|
|
- name: check rules
|
|
assert:
|
|
that:
|
|
# The whole line is:
|
|
# type filter hook input priority 0; policy drop;
|
|
# However on CentOS will return "priority 0", while Debian will
|
|
# show "priority filter"
|
|
- '"type filter hook input" in nft.stdout'
|
|
- '"type filter hook output" in nft.stdout'
|
|
|
|
- name: service status - active
|
|
command: systemctl is-active nftables.service
|
|
register: status
|
|
|
|
- name: check service status
|
|
assert:
|
|
that:
|
|
- 'status.stdout == "active"'
|
|
|
|
- name: service status - enabled
|
|
command: systemctl is-enabled nftables.service
|
|
register: status
|
|
|
|
- name: check service status
|
|
assert:
|
|
that:
|
|
- 'status.stdout == "enabled"'
|