---
- import_tasks: RedHat.yml
  when: ansible_os_family == 'RedHat'

- import_tasks: Debian.yml
  when: ansible_os_family == "Debian"

- name: Create elasticsearch.service.d folder.
  file: path=/etc/systemd/system/elasticsearch.service.d/ state=directory
  when:
    - ansible_service_mgr == "systemd"

- name: Configure Elasticsearch System Resources.
  template:
    src: elasticsearch_systemd.conf.j2
    dest: /etc/systemd/system/elasticsearch.service.d/elasticsearch.conf
    owner: root
    group: elasticsearch
    mode: 0660
  notify: restart elasticsearch
  tags: configure
  when:
    - ansible_service_mgr == "systemd"

- name: Debian/Ubuntu | Configure Elasticsearch System Resources.
  template:
    src: elasticsearch_nonsystemd.j2
    dest: /etc/default/elasticsearch
    owner: root
    group: elasticsearch
    mode: 0660
  notify: restart elasticsearch
  tags: configure
  when:
    - ansible_service_mgr != "systemd"
    - ansible_os_family == "Debian"

- name: RedHat/CentOS/Fedora | Configure Elasticsearch System Resources.
  template:
    src: elasticsearch_nonsystemd.j2
    dest: /etc/sysconfig/elasticsearch
    owner: root
    group: elasticsearch
    mode: 0660
  notify: restart elasticsearch
  tags: configure
  when:
    - ansible_service_mgr != "systemd"
    - ansible_os_family == "RedHat"

- name: Configure Elasticsearch.
  template:
    src: elasticsearch.yml.j2
    dest: /etc/elasticsearch/elasticsearch.yml
    owner: root
    group: elasticsearch
    mode: 0660
  notify: restart elasticsearch
  tags: configure

- name: Configure Elasticsearch JVM memmory.
  template:
    src: jvm.options.j2
    dest: /etc/elasticsearch/jvm.options
    owner: root
    group: elasticsearch
    mode: 0660
  notify: restart elasticsearch
  tags: configure

# fix in new PR (ignore_errors)

- name: Check that the instances.yml file exists
  stat:
    path: "{{node_certs_source}}/instances.yml"
  register: instances_file_exists
  when: 
    - node_certs_generator
    - elasticsearch_xpack_security

- name: Write the instances.yml file in the selected node
  template:
    src: instances.yml.j2
    dest: "{{node_certs_source}}/instances.yml"
  tags:
    - config
    - xpack-security
  when: 
    - node_certs_generator
    - elasticsearch_xpack_security

- name: Check that the certificates ZIP file exists
  stat:
    path: "{{node_certs_source}}/certs.zip"
  register: xpack_certs_zip
  when: 
    - node_certs_generator
    - elasticsearch_xpack_security

- name: Generating certificates for Elasticsearch security
  shell: "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in {{node_certs_source}}/instances.yml --out {{node_certs_source}}/certs.zip"
  when: 
    - node_certs_generator
    - instances_file_exists.stat.exists
    - elasticsearch_xpack_security
    - not xpack_certs_zip.stat.exists
  tags: xpack-security

- name: Unzip generated certs.zip
  unarchive:
    src: "{{node_certs_source}}/certs.zip"
    dest: "{{node_certs_source}}/"
    remote_src: yes
  when: 
    - node_certs_generator
    - elasticsearch_xpack_security
  tags: xpack-security

- name: Copy key & certificate files in generator node (locally)
  synchronize:
    src: "{{node_certs_source}}/{{elasticsearch_node_name}}/"
    dest: "{{node_certs_destination}}/"
  delegate_to: "{{ node_certs_generator_ip }}"
  when: 
    - node_certs_generator
    - elasticsearch_xpack_security
  tags: xpack-security

- name: Copy ca certificate file in generator node (locally)
  synchronize:
    src: "{{node_certs_source}}/ca/"
    dest: "{{node_certs_destination}}/"
  delegate_to: "{{ node_certs_generator_ip }}"
  when: 
    - node_certs_generator
    - elasticsearch_xpack_security
  tags: xpack-security

- name: Importing key & certificate files from generator node
  shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{elasticsearch_node_name}}/ {{node_certs_destination}}/"
  when:
    - not node_certs_generator
    - elasticsearch_xpack_security
  tags: xpack-security

- name: Importing ca certificate file from generator node 
  shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/ca/ {{node_certs_destination}}/"
  when:
    - not node_certs_generator
    - elasticsearch_xpack_security
  tags: xpack-security


- name: Reload systemd
  systemd: daemon_reload=true
  ignore_errors: true
  when:
    - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
    - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<'))
    - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<'))

- name: Ensure Elasticsearch started and enabled
  ignore_errors: true
  service:
    name: elasticsearch
    enabled: true
    state: started

- name: Make sure Elasticsearch is running before proceeding
  wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=300
  tags:
    - configure
    - init

- import_tasks: "RMRedHat.yml"
  when: ansible_os_family == "RedHat"


- import_tasks: "RMDebian.yml"
  when: ansible_os_family == "Debian"