# Zabbix monitoring of the internal IPA server

# ipa-healthcheck can only be run by root, so cron the
# output to where Zabbix can find it
- name: Set cron for ipa-healthcheck
  ansible.builtin.cron:
    name: "Dump IPA healthcheck as root for Zabbix"
    minute: "*/5"
    user: root
    job: "/usr/bin/ipa-healthcheck --output-type prometheus --all > /etc/zabbix/ipa-healthcheck.log 2> /dev/null"
  tags:
    - ipa/server
    - zabbix_agent

- name: Install Zabbix agent config drop-in
  ansible.builtin.copy:
    src: zabbix/agent-ipa-backup.conf
    dest: /etc/zabbix/zabbix_agentd.d/ipa-backup.conf
    mode: '0644'
  notify:
    - Restart zabbix agent
  tags:
    - ipa/server
    - zabbix_agent

- name: Zabbix API Block
  vars:
    ansible_zabbix_auth_key: "{{ zabbix_auth_key }}"
    ansible_network_os: "{{ zabbix_network_os }}"
    ansible_connection: "{{ zabbix_connection }}"
    ansible_httpapi_port: "{{ zabbix_httpapi_port }}"
    ansible_httpapi_use_ssl: "{{ zabbix_httpapi_use_ssl }}"
    ansible_httpapi_validate_certs: "{{ zabbix_httpapi_validate_certs }}"
    ansible_host: "{{ zabbix_server }}"
    ansible_zabbix_url_path: "{{ zabbix_url_path }}"
  tags:
    - ipa/server
    - zabbix_api
  block:
    - name: Import IPA template file
      community.zabbix.zabbix_template:
        template_yaml: "{{ lookup('file', 'zabbix/template-ipa.yml') }}"
        state: present
      run_once: true

    - name: Ensure IPA Zabbix hostgroup is present
      community.zabbix.zabbix_group:
        host_groups:
          - IPA Servers
        state: present
      run_once: true

    - name: Add self to IPA template in Zabbix
      community.zabbix.zabbix_host:
        host_name: "{{ inventory_hostname }}"
        host_groups: IPA Servers
        link_templates: IPA Monitoring
        force: false