---
- hosts: all
  gather_facts: False
  tasks:
  - name: Update APT sources
    raw: DEBIAN_FRONTEND=noninteractive apt-get update
    changed_when: False

  - name: APT install Python
    raw: DEBIAN_FRONTEND=noninteractive apt-get install -qy python2.7 python
    register: debian_bootstrap_install_python
    changed_when: "'Unpacking' in debian_bootstrap_install_python.stdout"

  - name: Gather facts
    setup:

  - name: APT install
    apt:
      name: ['nginx-light', 'collectd-core', 'openssl']
      state: present
      install_recommends: no

  - name: Collectd facts
    collectd_facts:
    register: collectd_facts

  - name: Debug
    debug:
      var: collectd_facts
      verbosity: 2

  - name: Assertions
    assert:
      that:
      - collectd_facts is defined
      - changed in collectd_facts
      - collectd_facts.changed == False
      - ansible_facts in collectd_facts
      - collectd is defined
      - major in collectd
      - collectd.major is number

  - name: Nginx facts
    nginx_facts:
    register: nginx_facts

  - name: Debug
    debug:
      var: nginx_facts
      verbosity: 2

  - name: Assertions
    assert:
      that:
      - nginx_facts is defined
      - version in nginx_facts
      - major in nginx_facts
      - nginx_facts.major is number
      - nginx_facts.changed == False

  - name: DH params for missing file
    ignore_errors: True
    dhparams:
      path: /etc/ssl/dhparams.pem
    register: missing_dhparams

  - name: Debug
    debug:
      var: missing_dhparams
      verbosity: 2

  - name: Assertions
    assert:
      that:
      - missing_dhparams is defined
      - bits in missing_dhparams
      - missing_dhparams.bits == 0
      - failed in missing_dhparams
      - missing_dhparams.failed == True
      - path in missing_dhparams
      - missing_dhparams.path == '/etc/ssl/dhparams.pem'

  - name: Generate DH params
    command: openssl dhparam -out /etc/ssl/dhparams.pem 2048
    changed_when: True

  - name: DH params for existing file
    dhparams:
      path: /etc/ssl/dhparams.pem
    register: existing_dhparams

  - name: Debug
    debug:
      var: existing_dhparams
      verbosity: 2

  - name: Assertions
    assert:
      that:
      - existing_dhparams is defined
      - bits in existing_dhparams
      - existing_dhparams.bits == 2048
      - failed in existing_dhparams
      - existing_dhparams.failed == False
      - path in existing_dhparams
      - existing_dhparams.path == '/etc/ssl/dhparams.pem'