---
- name: os-specific vars
  include_vars: "{{ansible_os_family}}.yml"
  tags:
      - always

- name: set compatibility variables
  include: compatibility-variables.yml
  tags:
      - always

- name: check-set-parameters
  include: elasticsearch-parameters.yml
  tags:
      - always

- name: use snapshot release
  include: snapshot-release.yml
  when: es_use_snapshot_release

- name: include java.yml
  include: java.yml
  when: es_java_install
  tags:
      - java

- name: include elasticsearch.yml
  include: elasticsearch.yml
  tags:
      - install

- name: include elasticsearch-config.yml
  include: elasticsearch-config.yml
  tags:
      - config

- name: include elasticsearch-scripts.yml
  include: elasticsearch-scripts.yml
  when: es_scripts
  tags:
      - scripts

- name: include elasticsearch-plugins.yml
  include: elasticsearch-plugins.yml
  when: es_plugins is defined or es_plugins_reinstall
  tags:
      - plugins

  #We always execute xpack as we may need to remove features
- name: include xpack/elasticsearch-xpack.yml
  include: xpack/elasticsearch-xpack.yml
  tags:
      - xpack

- name: flush handlers
  meta: flush_handlers

- name: Make sure elasticsearch is started
  become: yes
  service: name={{instance_init_script | basename}} state=started enabled=yes
  when: es_start_service

- name: Wait for elasticsearch to startup
  wait_for: host={{es_api_host}} port={{es_api_port}} delay=5 connect_timeout=1
  when: es_restarted is defined and es_restarted.changed and es_start_service

- name: set fact manage_native_realm to false
  set_fact: manage_native_realm=false

- name: set fact manage_native_realm to true
  set_fact: manage_native_realm=true
  when: es_start_service and (es_enable_xpack and "security" in es_xpack_features) and ((es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined))

# If playbook runs too fast, Native commands could fail as the Native Realm is not yet up
- name: Wait 15 seconds for the Native Relm to come up
  pause: seconds=15
  when: manage_native_realm

- name: activate-license
  include: ./xpack/security/elasticsearch-xpack-activation.yml
  when: es_start_service and es_enable_xpack and es_xpack_license is defined and es_xpack_license != ''

#perform security actions here now elasticsearch is started
- name: include xpack/security/elasticsearch-security-native.yml
  include: ./xpack/security/elasticsearch-security-native.yml
  when: manage_native_realm

#Templates done after restart - handled by flushing the handlers. e.g. suppose user removes security on a running node and doesn't specify es_api_basic_auth_username and es_api_basic_auth_password.  The templates will subsequently not be removed if we don't wait for the node to restart.
#We also do after the native realm to ensure any changes are applied here first and its denf up.
- name: include elasticsearch-template.yml
  include: elasticsearch-template.yml
  when: es_templates
  tags:
      - templates