---
- name: Verify
  hosts: all
  gather_facts: true
  become: true
  tasks:
    - name: "Test: keepalived_script user and group"
      block:
        - name: "Getent user keepalived_script"
          ansible.builtin.getent:
            database: passwd
            key: keepalived_script
          register: keepalived_script_user

        - name: "Getent group keepalived_script"
          ansible.builtin.getent:
            database: group
            key: keepalived_script
          register: keepalived_script_group

        - name: "Verify keepalived_script user and group"
          ansible.builtin.assert:
            that:
              - not keepalived_script_user.failed
              - not keepalived_script_group.failed
              - "'keepalived_script' in keepalived_script_user.ansible_facts.getent_passwd.keys()"
              - "'/home/keepalived_script' in keepalived_script_user.ansible_facts.getent_passwd['keepalived_script']"
              - "'/bin/false' in keepalived_script_user.ansible_facts.getent_passwd['keepalived_script']"
              - "'keepalived_script' in keepalived_script_group.ansible_facts.getent_group.keys()"

    - name: "Test: directory /etc/keepalived"
      block:
        - name: "Stat directory /etc/keepalived"
          ansible.builtin.stat:
            path: "/etc/keepalived"
          register: stat_etc_keepalived

        - name: "Stat file /etc/keepalived/keepalived.env"
          ansible.builtin.stat:
            path: "/etc/keepalived/keepalived.env"
          register: stat_etc_keepalived_keepalived_env

        - name: "Stat file /etc/keepalived/keepalived.conf"
          ansible.builtin.stat:
            path: "/etc/keepalived/keepalived.conf"
          register: stat_etc_keepalived_keepalived_conf

        - name: "Slurp file /etc/keepalived/keepalived.conf"
          ansible.builtin.slurp:
            src: "/etc/keepalived/keepalived.conf"
          register: slurp_etc_keepalived_keepalived_conf

        - name: "Verify directory /etc/keepalived"
          ansible.builtin.assert:
            that:
              - stat_etc_keepalived.stat.exists
              - stat_etc_keepalived.stat.isdir
              - stat_etc_keepalived.stat.pw_name == 'root'
              - stat_etc_keepalived.stat.gr_name == 'root'
              - stat_etc_keepalived.stat.mode == '0755'
              - stat_etc_keepalived_keepalived_env.stat.exists
              - stat_etc_keepalived_keepalived_env.stat.isreg
              - stat_etc_keepalived_keepalived_env.stat.pw_name == 'root'
              - stat_etc_keepalived_keepalived_env.stat.gr_name == 'root'
              - stat_etc_keepalived_keepalived_env.stat.mode == '0600'
              - stat_etc_keepalived_keepalived_conf.stat.exists
              - stat_etc_keepalived_keepalived_conf.stat.isreg
              - stat_etc_keepalived_keepalived_conf.stat.pw_name == 'root'
              - stat_etc_keepalived_keepalived_conf.stat.gr_name == 'root'
              - stat_etc_keepalived_keepalived_conf.stat.mode == '0600'
              - slurp_etc_keepalived_keepalived_conf.content != ''

    - name: "Test: service haproxy"
      block:
        - name: "Get service keepalived"
          ansible.builtin.service_facts:

        - name: "Stat file /etc/systemd/system/keepalived.service"
          ansible.builtin.stat:
            path: "/etc/systemd/system/keepalived.service"
          register: stat_etc_systemd_system_keepalived_service

        - name: "Slurp file /etc/systemd/system/keepalived.service"
          ansible.builtin.slurp:
            src: "/etc/systemd/system/keepalived.service"
          register: slurp_etc_systemd_system_keepalived_service

        - name: "Verify service keepalived"
          vars:
            keepalived_expected_service_file: |
              # Ansible managed: Do NOT edit this file manually!
              [Unit]
              Description=Keepalive Daemon (LVS and VRRP)
              After=network-online.target
              Wants=network-online.target
              ConditionFileNotEmpty=/etc/keepalived/keepalived.conf

              [Service]
              # Type=notify
              EnvironmentFile=-/etc/keepalived/keepalived.env
              ExecStart=/usr/local/sbin/keepalived -f /etc/keepalived/keepalived.conf --dont-fork $DAEMON_ARGS
              ExecReload=/bin/kill -HUP $MAINPID

              [Install]
              WantedBy=multi-user.target
          ansible.builtin.assert:
            that:
              - stat_etc_systemd_system_keepalived_service.stat.exists
              - stat_etc_systemd_system_keepalived_service.stat.isreg
              - stat_etc_systemd_system_keepalived_service.stat.pw_name == 'root'
              - stat_etc_systemd_system_keepalived_service.stat.gr_name == 'root'
              - stat_etc_systemd_system_keepalived_service.stat.mode == '0644'
              - (slurp_etc_systemd_system_keepalived_service.content|b64decode) == keepalived_expected_service_file
              - ansible_facts.services['keepalived.service'] is defined
              - ansible_facts.services['keepalived.service']['source'] == 'systemd'
              - ansible_facts.services['keepalived.service']['state'] == 'running'
              - ansible_facts.services['keepalived.service']['status'] == 'enabled'