---
- name: Check if splunk user exists
  getent:
    database: passwd
    key: "{{ splunk_user }}"
    fail_key: yes
  register: user_exist
  ignore_errors: true
  become: yes

- name: Setup the splunk user
  user:
    name: "{{ splunk_user }}"
    comment: Splunk User
    shell: /bin/bash
    generate_ssh_key: yes
    ssh_key_bits: 2048
    ssh_key_file: .ssh/id_rsa
    state: present
  when: user_exist["failed"] == true
  become: yes
  become_user: "{{ privileged_user }}"

- name: Changing Splunk directory Owner
  include_tasks: pre_install_subtasks/change_splunk_directory_owner.yml
  when:
    - ansible_system is match("Linux")
    - splunk_home_ownership_enforcement is defined
    - splunk_home_ownership_enforcement | bool

- name: Stop existing Splunk
  include_tasks: stop_splunk.yml
  when:
    - splunk_upgrade | bool

# Below we will either install or upgrade, which at this moment is the same task.
- name: "Install Splunk"
  include_tasks: install_splunk.yml
  when:
    - splunk_install | bool or (first_run | bool and splunk_build_location and splunk_build_location is match("^(https?|file)://.*"))

- name: "Upgrade Splunk"
  include_tasks: install_splunk.yml
  when:
    - not splunk_install
    - not first_run
    - splunk_upgrade | bool

- name: Remove First Login
  include_tasks: post_install_subtasks/remove_first_login.yml
  when:
    - first_run | bool

# This needs to be done before any encrypted passkeys are generated
- name: setup splunk_secret
  include_tasks: post_install_subtasks/set_splunk_secret.yml
  when:
    - first_run | bool

- name: Generate user_seed.conf
  include_tasks: post_install_subtasks/set_user_seed.yml
  when:
    - first_run | bool

- name: setup the [general] pass4SymmKey in system/local
  include_tasks: "{{ playbook_dir }}/common/tasks/set_conf_stanza.yml"
  vars:
    conf_file: "server.conf"
    conf_directory: "{{ splunk_home_uf }}/etc/system/local"
    stanza_name: general
    conf_stanzas:
      - pass4SymmKey: "{{ splunk_general_pass4SymmKey }}"

- name: Enable Splunk Service
  include_tasks: post_install_subtasks/enable_service.yml
  when:
    - splunk_enable_service and ansible_system is match("Linux")
    - first_run | bool

- name: Start Splunk
  include_tasks: start_splunk.yml

- name: Clean user_seed.conf
  include_tasks: post_install_subtasks/clean_user_seed.yml
  when:
    - first_run | bool

- name: Get splunk.secret if not provided initially
  include_tasks: post_install_subtasks/register_splunk_secret.yml
  when:
    - first_run | bool
    - splunk_secret is undefined or splunk_secret is none