- name: load zabbix secrets
  include_vars: '{{ item }}'
  with_fileglob:
  - vault/zabbix
  tags: always

- name: ensure zabbix packages are installed
  package:
    name={{ zbx_srv_required_packages|join(',') }}
    state=present
  tags:
  - install

- name: ensure users can connect to postgresql socket
  seboolean:
    name=selinuxuser_postgresql_connect_enabled
    state=yes
    persistent=yes

- name: ensure zabbix database user exists
  become: true
  become_user: postgres
  postgresql_user:
    name: "{{ zabbix_db_user }}"
    password: "{{ zabbix_db_password|d(omit) }}"
    state: present
- name: ensure zabbix database exists
  become: true
  become_user: postgres
  postgresql_db:
    name={{ zabbix_db_name }}
    owner={{ zabbix_db_user }}
    state=present
- name: ensure zabbix database is populated
  become: false
  zabbix_db_schema:
    username: '{{ zabbix_db_user }}'
    database: '{{ zabbix_db_name }}'
    password: '{{ zabbix_db_password|d(omit) }}'
    host: '{{ zabbix_db_host|d(omit) }}'

- name: ensure zabbix server temporary directory exists
  file:
    path=/var/tmp/zabbixsrv
    mode=0750
    owner=zabbixsrv
    group=zabbixsrv
    seuser=system_u
    setype=zabbix_tmp_t
    state=directory

- name: ensure zabbix server is configured
  template:
    src=zabbix_server.conf.j2
    dest=/etc/zabbix_server.conf
    owner=root
    group=zabbixsrv
    mode=0640
  notify: restart zabbix server

- name: ensure zabbix is allowed in firewall
  firewalld:
    port=10051/tcp
    permanent=no
    immediate=yes
    state=enabled
  notify: save firewalld configuration
  tags:
  - firewalld
- name: ensure zabbix server can connect to the network
  seboolean:
    name=zabbix_can_network
    state=yes
    persistent=yes

- name: ensure zabbix server starts at boot
  service:
    name=zabbix-server-pgsql
    enabled=yes
- meta: flush_handlers
- name: ensure zabbix server is running
  service:
    name=zabbix-server-pgsql
    state=started

- name: ensure php is configured for zabbix front end
  template:
    src=zabbix-php.httpd.conf.j2
    dest=/etc/httpd/conf.d/zabbix-php.conf
    mode=0644
  notify: reload httpd
- name: ensure zabbix web gui is configured
  template:
    src=zabbix.conf.php.j2
    dest=/etc/zabbix/web/zabbix.conf.php
    owner=root
    group=apache
    mode=0640
- name: ensure zabbix web gui redirect is configured
  template:
    src=zabbix-redir.httpd.conf.j2
    dest=/etc/httpd/conf.d/zabbix-redir.conf
    mode=0644
  notify: reload httpd
- name: ensure apache can connect to zabbix
  seboolean:
    name=httpd_can_network_connect
    persistent=yes
    state=yes