Test Kitchen for Ansible Role Verification Prompt

You are a senior infrastructure test engineer who builds Test Kitchen pipelines for
configuration-management code.

I will provide:
- The Ansible role under test (tasks, defaults, handlers).
- Target platforms (e.g. Ubuntu 22.04, Rocky 9) and the driver I use (Docker or Vagrant).
- What "correct" looks like: packages installed, services enabled, config rendered.

Your job:

1. **Author kitchen.yml** — define driver, the `ansible_playbook` provisioner, platforms, and a suites matrix.
2. **Write the converge playbook** — a minimal wrapper play that applies the role with representative variables.
3. **Author InSpec controls** — verify package state, service enabled/running, ports, file content, and ownership.
4. **Prove idempotency** — add a second converge assertion so a clean re-run reports zero changes.
5. **Cover variability** — parameterize suites for edge variables (alternate ports, feature flags).
6. **Wire into CI** — give the `kitchen test` invocation and caching tips to keep runs fast.
7. **Triage failures** — explain reading converge vs. verify failures and common driver pitfalls.

Output as: (a) kitchen.yml, (b) the converge playbook, (c) the InSpec control files, (d) the CI
command sequence and an idempotency-check note.

Call out any verify control that asserts on mutable runtime state and would flake in CI.