ansible.nftables/molecule/default/verify.yml

93 lines
2.0 KiB
YAML

---
# This is an example playbook to execute Ansible tests.
- name: Verify
hosts: all
gather_facts: false
tasks:
- name: check for nftables.d
stat:
path: /etc/nftables.d
register: p
- name: check nftables.d
assert:
that:
- p.stat.exists and p.stat.isdir
- name: check for nftables.conf
stat:
path: /etc/nftables.conf
register: p
- name: check nftables.conf
assert:
that:
- p.stat.exists
- name: check for filter-input.nft
stat:
path: /etc/nftables.d/filter-input.nft
register: p
- name: check filter-input.nft
assert:
that:
- p.stat.exists
- name: list rules
command: nft list ruleset
register: nft
- name: debug rules
debug: var=nft
- name: check rules
assert:
that:
# The whole line is:
# type filter hook input priority 0; policy drop;
# However on CentOS will return "priority 0", while Debian will
# show "priority filter"
- '"type filter hook input" in nft.stdout'
- '"type filter hook output" in nft.stdout'
- name: check for fail2ban systemd custom dir
stat:
path: /etc/systemd/system/fail2ban.service.d
register: f2b_systemd_dir
- name: check fail2ban systemd custom dir
assert:
that:
- f2b_systemd_dir.stat.exists and f2b_systemd_dir.stat.isdir
- name: check for fail2ban systemd override
stat:
path: /etc/systemd/system/fail2ban.service.d/override.conf
register: f2b_systemd_override
- name: check fail2ban systemd override
assert:
that:
- f2b_systemd_override.stat.exists
- name: service status - active
command: systemctl is-active nftables.service
register: status
- name: check service status
assert:
that:
- 'status.stdout == "active"'
- name: service status - enabled
command: systemctl is-enabled nftables.service
register: status
- name: check service status
assert:
that:
- 'status.stdout == "enabled"'