--- # Package-install and cache-dir tasks are skipped (converge runs `firewall` tag only; # KVM/libvirt packages cannot be fetched in the Docker container). This scenario # verifies the nftables drop-in renders correctly. - name: Verify hosts: all become: true gather_facts: false tasks: - name: Read the libvirt bridge nftables drop-in ansible.builtin.slurp: src: /etc/nftables.d/10-libvirt-boma.nft register: _dropin - name: Assert drop-in contains virbr-boma accept rule ansible.builtin.assert: that: - "'virbr-boma' in (_dropin.content | b64decode)" - "'accept' in (_dropin.content | b64decode)"