diff --git a/.zuul.yaml b/.zuul.yaml
index 1c323bd..43690c2 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -5,10 +5,14 @@
         - ansible-tox-linters
         - ansible-tox-molecule:
             required-projects:
-              - github.com/ansible-security/ids_config
+              - name: github.com/ansible/ansible
+                override-checkout: stable-2.9
+              - name: github.com/ansible-security/ids_config
     gate:
       jobs:
         - ansible-tox-linters
         - ansible-tox-molecule:
             required-projects:
-              - github.com/ansible-security/ids_config
+              - name: github.com/ansible/ansible
+                override-checkout: stable-2.9
+              - name: github.com/ansible-security/ids_config
diff --git a/bindep.txt b/bindep.txt
index 4fa3249..078d670 100644
--- a/bindep.txt
+++ b/bindep.txt
@@ -1,6 +1,6 @@
 # This is a cross-platform list tracking distribution packages needed by tests;
 # see https://docs.openstack.org/infra/bindep/ for additional information.
 
-docker [test platform:fedora]
 gcc-c++ [test platform:rpm]
+podman [test platform:fedora]
 python3-devel [test !platform:centos-7 platform:rpm]
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index dc2cc7f..ab401bb 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -4,17 +4,20 @@ dependency:
   command: ./tools/install_roles.sh
   enabled: true
 driver:
-  name: docker
+  name: podman
 lint:
   name: yamllint
 platforms:
   - name: instance
     image: centos:7
     privileged: true
-    volume_mounts:
-      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
     command: "/usr/sbin/init"
-    environment: { container: docker }
+    tty: true
+    cap_add:
+      - SYS_ADMIN
+    tmpfs:
+      - /run
+      - /run/lock
 provisioner:
   name: ansible
   lint:
diff --git a/setup.cfg b/setup.cfg
new file mode 100644
index 0000000..8066985
--- /dev/null
+++ b/setup.cfg
@@ -0,0 +1,5 @@
+# NOTE(pabelanger): Currently tox_siblings in zuul-jobs expects a setup.cfg
+# file to exist to get cross project testing working with Zuul. This needs
+# to be fixed, then we can drop this file.
+[metadata]
+name = ids_install
diff --git a/tasks/main.yml b/tasks/main.yml
index 1be546b..4d4aa7f 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -54,31 +54,22 @@
         dest: /etc/sysconfig/snort
       notify: systemctl daemon-reload
 
-    - name: get ids_install_snort_community_rules_url rules
-      get_url:
-        url: "{{ ids_install_snort_community_rules_url }}"
-        dest: "/tmp/ansible_role_ids_snort_community-rules.tar.gz"
-
-    - name: unpack ids_install_snort_community_rules_url rules
+    - name: download / unpack ids_install_snort_community_rules_url rules
       unarchive:
         remote_src: true
-        src: "/tmp/ansible_role_ids_snort_community-rules.tar.gz"
+        src: "{{ ids_install_snort_community_rules_url }}"
         dest: "/etc/snort/"
-
-    - name: get ids_install_snort_registered_rules_url rules
-      get_url:
-        url: "{{ ids_install_snort_registered_rules_url }}"
-        dest: "/tmp/ansible_role_ids_snort_registered_rules.tar.gz"
+        creates: /etc/snort/community-rules
       ignore_errors: true
 
-    - name: unpack ids_install_snort_registered_rules_url rules
+    - name: download / unpack ids_install_snort_registered_rules_url rules
       unarchive:
         remote_src: true
-        src: "/tmp/ansible_role_ids_snort_registered_rules.tar.gz"
+        src: "{{ ids_install_snort_registered_rules_url }}"
         dest: "/etc/snort/"
+        creates: /etc/snort/rules
       ignore_errors: true
 
-
     # FIXME - this is kind of a hack
     - name: ensure snort required files exist
       file:
diff --git a/test-requirements.txt b/test-requirements.txt
index a6f5aa3..a57991b 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,3 +1,4 @@
-docker
+ara<1.0.0
 molecule
+podman
 selinux
diff --git a/tools/test-setup.sh b/tools/test-setup.sh
deleted file mode 100755
index 5256b02..0000000
--- a/tools/test-setup.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash -ex
-# Copyright 2018 Red Hat, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-if ! [ $(getent group docker) ]; then
-    sudo groupadd docker
-fi
-sudo gpasswd -a ${USER} docker
-sudo service docker restart
diff --git a/tox.ini b/tox.ini
index 5387914..a2f1e74 100644
--- a/tox.ini
+++ b/tox.ini
@@ -12,5 +12,11 @@ commands =
   molecule lint
 
 [testenv:molecule]
+# NOTE(pabelanger): Maybe we should just pass all?
 commands =
   molecule test
+passenv =
+  HOME
+setenv =
+  ANSIBLE_CALLBACK_PLUGINS = {envsitepackagesdir}/ara/plugins/callbacks
+  PY_COLORS=0