diff --git a/defaults/main.yml b/defaults/main.yml
index f2074034..0f22e0fa 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -37,9 +37,9 @@ security_package_state: "latest"
 # The following three default exclusions are highly recommended for AIDE to
 # work properly, but additional exclusions can be added to this list if needed.
 security_aide_exclude_dirs:
-  - /var/lib/lxc
   - /openstack
   - /opt
+  - /var
 #
 # By default, the AIDE database won't be initialized immediately since it can
 # consume plenty of CPU and I/O resources while it runs. To initialize the
diff --git a/handlers/main.yml b/handlers/main.yml
index 0e71ca3d..c563a6c8 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -59,11 +59,5 @@
   command: augenrules --load
   notify: restart auditd
 
-# This will take a while to complete the first run, so we will fork it into
-# the background so it doesn't hold up the whole playbook.
-- name: initialize AIDE
-  shell: "aideinit -b"
-  when: security_initialize_aide | bool
-
 - name: rehash aliases
   command: newaliases
diff --git a/releasenotes/notes/aide-initialization-fix-16ab0223747d7719.yaml b/releasenotes/notes/aide-initialization-fix-16ab0223747d7719.yaml
new file mode 100644
index 00000000..cb5eb950
--- /dev/null
+++ b/releasenotes/notes/aide-initialization-fix-16ab0223747d7719.yaml
@@ -0,0 +1,17 @@
+---
+features:
+  - |
+    AIDE is configured to skip the entire ``/var`` directory when it does the
+    database initialization and when it performs checks. This reduces disk
+    I/O and allows these jobs to complete faster.
+
+    This also allows the initialization to become a blocking process and
+    Ansible will wait for the initialization to complete prior to running the
+    next task.
+fixes:
+  - |
+    AIDE initialization is now always run on subsequent playbook runs when
+    ``security_initialize_aide`` is set to ``yes``. The initialization will
+    be skipped if AIDE isn't installed or if the AIDE database already exists.
+
+    See `bug 1616281 <https://launchpad.net/bugs/1616281>`_ for more details.
diff --git a/tasks/aide.yml b/tasks/aide.yml
new file mode 100644
index 00000000..6eb2adcc
--- /dev/null
+++ b/tasks/aide.yml
@@ -0,0 +1,115 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: V-38489 - Install AIDE (with apt)
+  apt:
+    name: "{{ item }}"
+    state: "{{ security_package_state }}"
+  with_items:
+    - aide
+    - aide-common
+  when: ansible_pkg_mgr == 'apt'
+  tags:
+    - aide
+    - cat2
+    - V-38489
+
+- name: V-38489 - Install AIDE (with yum)
+  yum:
+    name: aide
+    state: "{{ security_package_state }}"
+  when: ansible_pkg_mgr == 'yum'
+  tags:
+    - aide
+    - cat2
+    - V-38489
+
+- name: Verify that AIDE configuration directory exists
+  stat:
+    path: /etc/aide/aide.conf.d
+  register: aide_conf
+  always_run: true
+  tags:
+    - always
+
+- name: V-38489 - Exclude certain directories from AIDE
+  template:
+    src: ZZ_aide_exclusions.j2
+    dest: /etc/aide/aide.conf.d/ZZ_aide_exclusions
+  when: aide_conf.stat.exists | bool
+  tags:
+    - aide
+    - cat2
+    - V-38489
+
+- name: Check to see if AIDE database is already in place
+  stat:
+    path: "{{ aide_database_file }}"
+  register: aide_database
+  always_run: True
+  tags:
+    - always
+
+- name: V-38489 - Initialize AIDE (this will take a few minutes)
+  shell: "aideinit"
+  register: aide_init
+  when:
+    - aide_conf.stat.exists | bool
+    - not aide_database.stat.exists | bool
+    - security_initialize_aide | bool
+  tags:
+    - aide
+    - cat2
+    - V-38489
+
+# NOTE(mhayden): This is only needed for CentOS 7 and RHEL 7 since Ubuntu
+# copies the new AIDE database into place automatically with its AIDE wrapper
+# script.
+- name: V-38489 - Move AIDE database into place
+  shell: "mv /var/lib/aide/aide.db.new.gz {{ aide_database_file }}"
+  when:
+    - aide_init | changed
+    - ansible_os_family | lower == 'redhat'
+  tags:
+    - aide
+    - cat2
+    - V-38489
+
+# NOTE(mhayden): This is only needed for CentOS 7 and RHEL 7 since the AIDE
+# package doesn't come with a cron job file. Ubuntu packages a cron job for
+# AIDE checks already.
+- name: Create AIDE cron job (for V-38670)
+  cron:
+    name: aide
+    cron_file: aide
+    user: root
+    special_time: daily
+    job: "aide --check"
+  when:
+    - ansible_os_family | lower == 'redhat'
+  tags:
+    - aide
+    - cat2
+    - V-38670
+
+- name: Check for AIDE cron job (for V-38670)
+  stat:
+    path: "{{ aide_cron_job_path }}"
+  register: v38670_result
+  changed_when: False
+  tags:
+    - aide
+    - cat2
+    - V-38670
diff --git a/tasks/main.yml b/tasks/main.yml
index 85ef136a..20b61ad7 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -68,6 +68,7 @@
       - package
       - rpm
 
+  - include: aide.yml
   - include: auditd.yml
   - include: auth.yml
   - include: boot.yml
diff --git a/tasks/misc.yml b/tasks/misc.yml
index 88788a40..b7ad1810 100644
--- a/tasks/misc.yml
+++ b/tasks/misc.yml
@@ -42,13 +42,39 @@
   tags:
     - always
 
-- name: V-38489 - Exclude certain directories from AIDE and initialize DB
+- name: V-38489 - Exclude certain directories from AIDE
   template:
     src: ZZ_aide_exclusions.j2
     dest: /etc/aide/aide.conf.d/ZZ_aide_exclusions
   when: aide_conf.stat.exists | bool
-  notify:
-    - initialize AIDE
+  tags:
+    - cat2
+    - V-38489
+
+- name: Check to see if AIDE database is already in place
+  stat:
+    path: "{{ aide_database_file }}"
+  register: aide_database
+  always_run: True
+  tags:
+    - always
+
+- name: V-38489 - Initialize AIDE (this will take a few minutes)
+  shell: "aideinit"
+  register: aide_init
+  when:
+    - aide_conf.stat.exists | bool
+    - not aide_database.stat.exists | bool
+    - security_initialize_aide | bool
+  tags:
+    - cat2
+    - V-38489
+
+- name: V-38489 - Move AIDE database into place
+  shell: "mv /var/lib/aide/aide.db.new.gz {{ aide_database_file }}"
+  when:
+    - aide_init | changed
+    - ansible_os_family == 'RedHat'
   tags:
     - cat2
     - V-38489
diff --git a/vars/redhat.yml b/vars/redhat.yml
index 6f8cc3ce..d0c9ced8 100644
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@@ -19,6 +19,7 @@ pam_password_file: /etc/pam.d/password-auth
 vsftpd_conf_file: /etc/vsftpd/vsftpd.conf
 grub_conf_file: /boot/grub2/grub.cfg
 aide_cron_job_path: /etc/cron.d/aide
+aide_database_file: /var/lib/aide/aide.db.gz
 
 # Package names
 auditd_pkg: audit
diff --git a/vars/ubuntu.yml b/vars/ubuntu.yml
index de72467c..1ce251bf 100644
--- a/vars/ubuntu.yml
+++ b/vars/ubuntu.yml
@@ -22,6 +22,7 @@ pam_password_file: /etc/pam.d/common-password
 vsftpd_conf_file: /etc/vsftpd.conf
 grub_conf_file: /boot/grub/grub.cfg
 aide_cron_job_path: /etc/cron.daily/aide
+aide_database_file: /var/lib/aide/aide.db
 
 # Package names
 auditd_pkg: auditd