diff --git a/ansible/group_vars/mongodb.yml b/ansible/group_vars/mongodb.yml new file mode 100644 index 0000000..91396a6 --- /dev/null +++ b/ansible/group_vars/mongodb.yml @@ -0,0 +1,4 @@ +--- +mongo_db_name: dev-dap-ps +mongo_db_user: '{{lookup("passwordstore", "service/mongodb/user")}}' +mongo_db_pass: '{{lookup("passwordstore", "service/mongodb/pass")}}' diff --git a/ansible/inventory/default b/ansible/inventory/default index 81d41fc..09e30d6 100644 --- a/ansible/inventory/default +++ b/ansible/inventory/default @@ -3,6 +3,9 @@ [all] node-01.us-east-1a.mongodb.test hostname=node-01.us-east-1a.mongodb.test ansible_host=3.88.159.109 env=dapps stage=default data_center=us-east-1a region=us-east-1a dns_entry=node-01.us-east-1a.mongodb.test.hosts.dap.ps +[mongodb] +node-01.us-east-1a.mongodb.test + [dap-ps-dev] node-01.us-east-1a.mongodb.test diff --git a/ansible/main.yml b/ansible/main.yml new file mode 100644 index 0000000..a967b13 --- /dev/null +++ b/ansible/main.yml @@ -0,0 +1,10 @@ +--- +- name: Configure MongoDB + hosts: mongodb + roles: + - role: mongodb + post_tasks: + - name: Here's the MongoDB URI string + debug: + msg: 'mongodb://{{ mongo_db_user }}:{{ mongo_db_pass }}@{{ dns_entry }}:{{ mongo_cont_port }}/{{ mongo_db_name }}' + diff --git a/ansible/roles/mongodb/README.md b/ansible/roles/mongodb/README.md new file mode 100644 index 0000000..00bdd27 --- /dev/null +++ b/ansible/roles/mongodb/README.md @@ -0,0 +1,11 @@ +# Description + +This role configures a [MongoDB](https://www.mongodb.com/) container using the [`mongo`](ttps://hub.docker.com/_/mongo) Docker image. + +# Configuration + +__TODO__ + +# Known Issues + +__TODO__ diff --git a/ansible/roles/mongodb/defaults/main.yml b/ansible/roles/mongodb/defaults/main.yml new file mode 100644 index 0000000..ec348d7 --- /dev/null +++ b/ansible/roles/mongodb/defaults/main.yml @@ -0,0 +1,18 @@ +--- +mongo_cont_name: mongodb +# https://hub.docker.com/_/mongo +mongo_cont_tag: '4.1.13-bionic' +mongo_cont_image: 'mongo:{{ mongo_cont_tag }}' +mongo_cont_vol: '/docker/{{ mongo_cont_name }}' +mongo_cont_uid: 999 +mongo_host_uid: '{{ 100000 + mongo_cont_uid - 1 | int }}' +mongo_cont_port: 27017 + +mongo_db_name: ~ +mongo_db_user: ~ +mongo_db_pass: ~ + +# general container config +cont_state: started +cont_recreate: false +cont_restart: false diff --git a/ansible/roles/mongodb/handlers/main.yml b/ansible/roles/mongodb/handlers/main.yml new file mode 100644 index 0000000..bd6da46 --- /dev/null +++ b/ansible/roles/mongodb/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: Save iptables rules + shell: iptables-save > /etc/iptables/rules.v4 diff --git a/ansible/roles/mongodb/tasks/container.yml b/ansible/roles/mongodb/tasks/container.yml new file mode 100644 index 0000000..c8bc49b --- /dev/null +++ b/ansible/roles/mongodb/tasks/container.yml @@ -0,0 +1,26 @@ +--- +- name: Create data directory + file: + path: '{{ mongo_cont_vol }}/data' + state: directory + owner: '{{ mongo_host_uid }}' + group: docker + recurse: true + +- name: Start the MongoDB container + docker_container: + name: '{{ mongo_cont_name }}' + image: '{{ mongo_cont_image }}' + pull: true + restart_policy: always + state: '{{ cont_state }}' + recreate: '{{ cont_recreate }}' + restart: '{{ cont_restart }}' + env: + ONGO_INITDB_DATABASE: '{{ mongo_db_name | mandatory }}' + MONGO_INITDB_ROOT_USERNAME: '{{ mongo_db_user | mandatory }}' + MONGO_INITDB_ROOT_PASSWORD: '{{ mongo_db_pass | mandatory }}' + ports: + - '0.0.0.0:{{ mongo_cont_port }}:{{ mongo_cont_port }}/tcp' + volumes: + - '{{ mongo_cont_vol }}/data:/data/db' diff --git a/ansible/roles/mongodb/tasks/firewall.yml b/ansible/roles/mongodb/tasks/firewall.yml new file mode 100644 index 0000000..e611641 --- /dev/null +++ b/ansible/roles/mongodb/tasks/firewall.yml @@ -0,0 +1,12 @@ +--- +- name: Enable MongoDB port + iptables: + comment: '{{ mongo_cont_name }}' + action: insert + chain: DOCKER-USER + jump: ACCEPT + source: '0.0.0.0/0' + protocol: 'tcp' + destination_port: '{{ mongo_cont_port }}' + notify: + - Save iptables rules diff --git a/ansible/roles/mongodb/tasks/main.yml b/ansible/roles/mongodb/tasks/main.yml new file mode 100644 index 0000000..1054d4e --- /dev/null +++ b/ansible/roles/mongodb/tasks/main.yml @@ -0,0 +1,3 @@ +--- +- import_tasks: container.yml +- import_tasks: firewall.yml diff --git a/db.tf b/db.tf index 223c1d0..4a687cb 100644 --- a/db.tf +++ b/db.tf @@ -59,7 +59,7 @@ resource "aws_instance" "mongodb" { } groups = ["${var.group}"] extra_vars = { - hostname = "node-01.${var.zone}.${var.env}.test" + hostname = "node-01.${var.zone}.mongodb.test" ansible_ssh_user = "${var.ssh_user}" data_center = "${var.zone}" stage = "${terraform.workspace}" @@ -79,7 +79,7 @@ resource "gandi_zonerecord" "mongodb" { resource "ansible_host" "main" { inventory_hostname = "${aws_instance.mongodb.tags.Name}" - groups = ["${var.group}", "${var.zone}"] + groups = ["mongodb", "${var.group}", "${var.zone}"] vars { ansible_host = "${aws_instance.mongodb.public_ip}" hostname = "${aws_instance.mongodb.tags.Name}"