---

- name: check_etcd | Check if etcd is up and reachable
  uri:
    url: "{{ vault_etcd_url.split(',') | first }}/health"
    validate_certs: no
    client_cert: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem"
    client_key: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem"

    return_content: yes
  until: vault_etcd_health_check.status == 200 or vault_etcd_health_check.status == 401
  retries: 3
  delay: 2
  delegate_to: "{{ groups['etcd'][0] }}"
  run_once: true
  failed_when: false
  register: vault_etcd_health_check

- name: check_etcd | Set fact based off the etcd_health_check response
  set_fact:
    vault_etcd_available: "{{ vault_etcd_health_check.content  }}"
- set_fact:
    vault_etcd_available: "{{ vault_etcd_available.health|d()|bool }}"

- name: check_etcd | Fail if etcd is not available and needed
  fail:
    msg: >
        Unable to start Vault cluster! Etcd is not available at
        {{ vault_etcd_url.split(',') | first }} however it is needed by Vault as a backend.
  when: vault_etcd_needed|d() and not vault_etcd_available