---

- name: Install needed packages
  yum:
    name:
      - elasticsearch-oss
      - java-1.8.0-openjdk-headless
  tags: es

- name: Deploy configuration
  template: src={{ item }}.j2 dest=/etc/elasticsearch/{{ item }} group=elasticsearch mode=660
  loop:
    - elasticsearch.yml
    - log4j2.properties
  notify: restart elasticsearch
  tags: es

- name: Ensure the data dir exists
  file: path={{ es_data_dir }} state=directory
  tags: es

  # We do it in two steps, so that parent dirs aren't created with restrictive permissions
- name: Restrict permissions on data dir
  file: path={{ es_data_dir }} state=directory owner=elasticsearch group=elasticsearch mode=750
  tags: es

- name: Handle Elasticsearch port
  iptables_raw:
    name: "{{ item.name }}"
    state: "{{ (item.src_ip | length > 0) | ternary('present','absent') }}"
    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ item.port }} -s {{ item.src_ip | join(',') }} -j ACCEPT"
  when: iptables_manage | default(True)
  loop:
    - port: "{{ es_port }}"
      name: es_port
      src_ip: "{{ es_src_ip }}"
  tags: firewall,es

- name: Create pre/post backup dir
  file: path=/etc/backup/{{ item }}.d state=directory
  loop:
    - pre
    - post
  tags: es

- name: Deploy pre and post backup script
  template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/es mode=750
  loop:
    - pre
    - post
  tags: es

- name: Create backup dir
  file: path={{ es_backup_dir }} state=directory owner=elasticsearch group=elasticsearch mode=700
  tags: es

- name: Create systemd unit snippet dir
  file: path=/etc/systemd/system/elasticsearch.service.d state=directory
  tags: es

- name: Customize systemd unit
  copy:
    content: |
      [Service]
      ProtectSystem=full
      PrivateDevices=yes
      ProtectHome=yes
      NoNewPrivileges=yes
      SyslogIdentifier=elasticsearch
      Restart=on-failure
      ExecStart=
      ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid
    dest: /etc/systemd/system/elasticsearch.service.d/ansible.conf
  register: es_unit
  notify: restart elasticsearch
  tags: es
  
- name: Reload systemd
  systemd: daemon_reload=True
  when: es_unit.changed
  tags: es

- name: Start and enable the service
  service: name=elasticsearch state=started enabled=True
  tags: es

- name: Declare repo in ElasticSearch
  uri:
    url: http://localhost:{{ es_port }}/_snapshot/lbkp
    method: PUT
    body:
      type: fs
      settings:
        compress: True
        location: "{{ es_backup_dir }}"
    body_format: json
  register: es_lbkp
  until: es_lbkp.failed == False
  retries: 10
  delay: 10
  tags: es