diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
deleted file mode 100644
index 5652946..0000000
--- a/molecule/default/verify.yml
+++ /dev/null
@@ -1,36 +0,0 @@
----
-- name: Verify
-
-  hosts: all
-
-  pre_tasks:
-
-    - name: verify docker cli is installed
-      ansible.builtin.command: docker --version
-
-    - name: verify docker pip is installed
-      ansible.builtin.command: python3 -c "import docker"
-
-    - name: gather service facts
-      ansible.builtin.service_facts:
-
-    - name: check service definition
-      ansible.builtin.fail:
-        msg: docker service is not available
-      vars:
-        _service: docker.service
-      when: _service not in ansible_facts.services
-
-    - name: check service running state
-      ansible.builtin.fail:
-        msg: docker service is not running
-      vars:
-        _service: docker.service
-      when: ansible_facts.services[_service].state != "running"
-
-    - name: check service startup state
-      ansible.builtin.fail:
-        msg: docker service is not running
-      vars:
-        _service: docker.service
-      when: ansible_facts.services[_service].status != "enabled"
diff --git a/molecule/hold/converge.yml b/molecule/hold/converge.yml
new file mode 100644
index 0000000..66b06a5
--- /dev/null
+++ b/molecule/hold/converge.yml
@@ -0,0 +1,73 @@
+---
+- name: Deploy docker packages
+  hosts: all
+  become: true
+  roles:
+    - nephelaiio.docker
+  pre_tasks:
+    - name: Query Debian package versions
+      ansible.builtin.shell:
+        cmd: "apt-cache madison {{ item }} | awk -F'|' '{ print $2 }'"
+      loop: "{{ docker_packages }}"
+      register: _debian_package_query
+      when: ansible_os_family == "Debian"
+      changed_when: false
+
+    - name: Query RedHat package versions
+      ansible.builtin.shell:
+        cmd: "yum list {{ item }} --showduplicates | grep '^{{ item }}' | awk '{ print $1,$2 }' | sort -r"
+      loop: "{{ docker_packages }}"
+      register: _redhat_package_query
+      when: ansible_os_family == "RedHat"
+      changed_when: false
+
+    - name: Set package version facts
+      ansible.builtin.set_fact:
+        _docker_package_query: "{{ _redhat_packages + _debian_packages }}"
+      vars:
+        _redhat_packages: "{{ [] if _redhat_package_query.skipped else _redhat_package_query.results }}"
+        _debian_packages: "{{ [] if _debian_package_query.skipped else _debian_package_query.results }}"
+
+    - name: Verify target package versions
+      ansible.builtin.fail:
+        msg: "{{ _package }} has no installation candidate: {{ item }}"
+      vars:
+        _stdout: "{{ item.stdout_lines }}"
+        _package: "{{ item.item }}"
+      loop_control:
+        label: "{{ item.item }}"
+      loop: "{{ _docker_package_query }}"
+      when: _stdout | length == 0
+
+    - name: Initialize package versions
+      ansible.builtin.set_fact:
+        docker_packages: []
+
+    - name: Set target Debian package versions
+      ansible.builtin.set_fact:
+        docker_packages: "{{ docker_packages + [_package] }}"
+      vars:
+        _stdout: "{{ item.stdout_lines }}"
+        _multiple: "{{ _stdout | length > 1 }}"
+        _version: "{{ _stdout[0] if not _multiple else _stdout[1] }}"
+        _package: "{{ item.item }}={{ _version | trim }}"
+      loop_control:
+        label: "{{ item.item }}"
+      loop: "{{ _docker_package_query }}"
+      when: ansible_os_family == "Debian"
+
+    - name: Set target RedHat package versions
+      ansible.builtin.set_fact:
+        docker_packages: "{{ docker_packages + [_package] }}"
+      vars:
+        _stdout: "{{ item.stdout_lines }}"
+        _multiple: "{{ _stdout | length > 1 }}"
+        _target: "{{ (_stdout[0] if not _multiple else _stdout[1]).split(' ') }}"
+        _arch: "{{ _target[0].split('.')[1] }}"
+        _name: "{{ _target[0].split('.')[0] }}"
+        _version: "{{ _target[1] }}"
+        _package: "{{ _name }}-{{ _version }}.{{ _arch }}"
+      loop_control:
+        label: "{{ item.item }}"
+      loop: "{{ _docker_package_query }}"
+      when: ansible_os_family == "RedHat"
diff --git a/molecule/default/molecule.yml b/molecule/hold/molecule.yml
similarity index 88%
rename from molecule/default/molecule.yml
rename to molecule/hold/molecule.yml
index 963215f..c695fb1 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/hold/molecule.yml
@@ -19,7 +19,3 @@ provisioner:
   name: ansible
 verifier:
   name: ansible
-lint: |
-  set -e
-  run yamllint .
-  run ansible-lint .
diff --git a/molecule/hold/side_effect.yml b/molecule/hold/side_effect.yml
new file mode 100644
index 0000000..4fbfb81
--- /dev/null
+++ b/molecule/hold/side_effect.yml
@@ -0,0 +1,14 @@
+---
+- name: Update OS
+  hosts: all
+  become: true
+  roles:
+    - robertdebock.update
+  serial: 1
+  tasks:
+    - name: Wait for MongoDB to be up
+      community.mongodb.mongodb_shell:
+        eval: "db.runCommand({ping: 1})"
+        mongo_cmd: "{{ mongodb_shell | default(omit) }}"
+      retries: 6
+      delay: 10
diff --git a/molecule/hold/verify.yml b/molecule/hold/verify.yml
new file mode 100644
index 0000000..ba4b22e
--- /dev/null
+++ b/molecule/hold/verify.yml
@@ -0,0 +1,89 @@
+---
+- name: Verify docker packages
+  hosts: all
+  become: true
+  tasks:
+    - name: Query Debian package versions
+      ansible.builtin.shell:
+        cmd: "apt-cache madison {{ item }} | awk -F'|' '{ print $2 }'"
+      loop: "{{ docker_packages }}"
+      register: _debian_package_query
+      when: ansible_os_family == 'Debian'
+      changed_when: false
+
+    - name: Query RedHat package versions
+      ansible.builtin.shell:
+        cmd: "yum list {{ item }} --showduplicates | grep '^{{ item }}' | awk '{ print $1,$2 }' | sort -r"
+      loop: "{{ docker_packages }}"
+      register: _redhat_package_query
+      when: ansible_os_family == "RedHat"
+      changed_when: false
+
+    - name: Set package version facts
+      ansible.builtin.set_fact:
+        _docker_package_query: "{{ _redhat_packages + _debian_packages }}"
+      vars:
+        _redhat_packages: "{{ [] if _redhat_package_query.skipped else _redhat_package_query.results }}"
+        _debian_packages: "{{ [] if _debian_package_query.skipped else _debian_package_query.results }}"
+
+    - name: Initialize package versions
+      ansible.builtin.set_fact:
+        docker_package_list: []
+
+    - name: Set target Debian package versions
+      ansible.builtin.set_fact:
+        docker_package_list: "{{ docker_package_list + [_package] }}"
+      vars:
+        _stdout: "{{ item.stdout_lines }}"
+        _multiple: "{{ _stdout | length > 1 }}"
+        _version: "{{ _stdout[0] if not _multiple else _stdout[1] }}"
+        _package: "{{ item.item }}={{ _version | trim }}"
+      loop_control:
+        label: "{{ item.item }}"
+      loop: "{{ _docker_package_query }}"
+      when: ansible_os_family == "Debian"
+
+    - name: Set target RedHat package versions
+      ansible.builtin.set_fact:
+        docker_package_list: "{{ docker_package_list + [_package] }}"
+      vars:
+        _stdout: "{{ item.stdout_lines }}"
+        _multiple: "{{ _stdout | length > 1 }}"
+        _target: "{{ (_stdout[0] if not _multiple else _stdout[1]).split(' ') }}"
+        _arch: "{{ _target[0].split('.')[1] }}"
+        _name: "{{ _target[0].split('.')[0] }}"
+        _version: "{{ _target[1] }}"
+        _package: "{{ _name }}-{{ _version }}.{{ _arch }}"
+      loop_control:
+        label: "{{ item.item }}"
+      loop: "{{ _docker_package_query }}"
+      when: ansible_os_family == "RedHat"
+
+    - name: Gather package facts
+      ansible.builtin.package_facts:
+
+    - name: Verify package versions
+      ansible.builtin.fail:
+        msg: "Expected installed version for package {{ _package }} to be {{ _version }}, found {{ _installed }}"
+      vars:
+        _package: "{{ item.split('=') | first }}"
+        _version: "{{ item.split('=') | last }}"
+        _installed: "{{ (packages[_package] | default([{'version': 'None'}]))[0].version }}"
+      loop: "{{ docker_package_list }}"
+      when:
+        - ansible_os_family == "Debian"
+        - _package not in packages or _version != _installed
+
+    - name: Verify package versions
+      ansible.builtin.fail:
+        msg: "Expected installed version for package {{ _package }} to be {{ _version }}, found {{ _installed }}"
+      vars:
+        _prefix: "^{{ _package }}-"
+        _suffix: "-.*$"
+        _package: "{{ item.0 }}"
+        _version: "{{ item.1 | regex_replace(_prefix, '') | regex_replace(_suffix, '') }}"
+        _installed: "{{ (packages[_package] | default([{'version': 'None'}]))[0].version }}"
+      loop: "{{ docker_packages | zip(docker_package_list) }}"
+      when:
+        - ansible_os_family == "RedHat"
+        - _package not in packages or _version != _installed
diff --git a/molecule/default/converge.yml b/molecule/install/converge.yml
similarity index 76%
rename from molecule/default/converge.yml
rename to molecule/install/converge.yml
index 3f4837a..86e4572 100644
--- a/molecule/default/converge.yml
+++ b/molecule/install/converge.yml
@@ -1,23 +1,17 @@
 ---
 - name: Converge
-
   hosts: all
-
   roles:
-
     - nephelaiio.docker
-
   pre_tasks:
-
-    - name: update apt package cache
+    - name: Update apt package cache
       apt:
         package: gpg-agent
         update_cache: true
       when: ansible_os_family == 'Debian'
 
   post_tasks:
-
-    - name: install python3 binary redirection
+    - name: Install python3 binary redirection
       apt:
         name: python-is-python3
       when: ansible_os_family == 'Debian'
diff --git a/molecule/install/molecule.yml b/molecule/install/molecule.yml
new file mode 100644
index 0000000..c695fb1
--- /dev/null
+++ b/molecule/install/molecule.yml
@@ -0,0 +1,21 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2204}-ansible
+    pre_build_image: true
+    command: ${MOLECULE_COMMAND:-"/lib/systemd/systemd"}
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+    tmpfs:
+      - /tmp
+      - /opt
+provisioner:
+  name: ansible
+verifier:
+  name: ansible
diff --git a/molecule/install/verify.yml b/molecule/install/verify.yml
new file mode 100644
index 0000000..76f672f
--- /dev/null
+++ b/molecule/install/verify.yml
@@ -0,0 +1,29 @@
+---
+- name: Verify
+  hosts: all
+  vars:
+    docker_service: docker.service
+  pre_tasks:
+    - name: Verify docker cli is installed
+      ansible.builtin.command: "docker --version"
+
+    - name: Verify docker pip is installed
+      ansible.builtin.command: "python3 -c import docker"
+
+    - name: Gather service facts
+      ansible.builtin.service_facts:
+
+    - name: Check service definition
+      ansible.builtin.assert:
+        that: docker service is available
+      when: _service not in ansible_facts.services
+
+    - name: Check service running state
+      ansible.builtin.assert:
+        that: docker service is running
+      when: ansible_facts.services[_service].state != "running"
+
+    - name: Check service startup state
+      ansible.builtin.assert:
+        that: docker service is running
+      when: ansible_facts.services[_service].status != "enabled"
diff --git a/requirements.yml b/requirements.yml
index af28055..1c52fe1 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -1,6 +1,7 @@
 ---
 roles:
-  - nephelaiio.plugins
+  - name: robertdebock.update
   - nephelaiio.pip
 collections:
   - community.docker
+  - nephelaiio.plugins