---
# Check SSL files
- name: Getting the list of Docker secrets
  shell: docker secret ls | tail -n +2 | awk '{print $2}'
  register: docker_secrets
  become: true

- name: Checking if dhparam.pem file exists in /onelab/ssl
  stat:
    path: "{{ onelab_path }}/ssl/dhparam.pem"
  register: dhparam
  failed_when: not dhparam.stat.exists

- name: Checking if server.pem file exists in /onelab/ssl
  stat:
    path: "{{ onelab_path }}/ssl/server.pem"
  register: serverpem
  failed_when: not serverpem.stat.exists

- name: Checking if server.key file exists in /onelab/ssl
  stat:
    path: "{{ onelab_path }}/ssl/server.key"
  register: serverkey
  failed_when: not serverkey.stat.exists

- name: Checking if chain.pem file exists in /onelab/ssl
  stat:
    path: "{{ onelab_path }}/ssl/chain.pem"
  register: chain
  failed_when: not chain.stat.exists

- name: Checking if certificate and key are matching (part 1/2)
  shell: >
    openssl rsa -noout -modulus -in {{ onelab_path }}/ssl/server.key | openssl md5
  register: serverkey_modulus
  become: true
  when:
    - "'ssl_passphrase' not in docker_secrets.stdout_lines"
    - (onelab.deployment.skip_ssl is undefined) or (onelab.deployment.skip_ssl == false)

- name: Checking if certificate and key are matching (part 2/2)
  shell: >
    openssl x509 -noout -modulus -in {{ onelab_path }}/ssl/server.pem | openssl md5
  register: serverpem_modulus
  failed_when: serverpem_modulus.stdout != serverkey_modulus.stdout
  become: true
  when:
    - "'ssl_passphrase' not in docker_secrets.stdout_lines"
    - (onelab.deployment.skip_ssl is undefined) or (onelab.deployment.skip_ssl == false)