playbook.yml

---
- hosts: all
  tasks:
  - name: APT install
    apt:
      name:
      - collectd
      - nginx
      - openssl
      state: present
      update_cache: yes

  - name: Collectd facts
    collectd_facts:
    register: collectd_facts

  - name: Assertions
    assert:
      that:
      - collectd_facts is defined
      - major in collectd_facts
      - collectd_facts.major is number
      - collectd_facts.changed == False

  - name: Nginx facts
    nginx_facts:
    register: nginx_facts

  - name: Assertions
    assert:
      that:
      - nginx_facts is defined
      - version in nginx_facts
      - major in nginx_facts
      - nginx_facts.major is number
      - nginx_facts.changed == False

  - name: DH params for missing file
    ignore_errors: True
    dhparams:
      path: /etc/ssl/dhparams.pem
    register: missing_dhparams

  - name: Assertions
    assert:
      that:
      - missing_dhparams is defined
      - bits in missing_dhparams
      - missing_dhparams.bits == 0
      - failed in missing_dhparams
      - missing_dhparams.failed == True
      - path in missing_dhparams
      - missing_dhparams.path == '/etc/ssl/dhparams.pem'

  - name: Generate DH params
    command: openssl dhparam -out /etc/ssl/dhparams.pem 2048
    changed_when: True

  - name: DH params for existing file
    dhparams:
      path: /etc/ssl/dhparams.pem
    register: existing_dhparams

  - name: Assertions
    assert:
      that:
      - existing_dhparams is defined
      - bits in existing_dhparams
      - existing_dhparams.bits == 2048
      - failed in existing_dhparams
      - existing_dhparams.failed == False
      - path in existing_dhparams
      - existing_dhparams.path == '/etc/ssl/dhparams.pem'