deploy and configure mongodb on dev

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2019-07-31 13:48:48 -04:00 · 2019-07-31 13:48:48 -04:00 · f4243d8939
parent 08e02096c8
commit f4243d8939
6 changed files with 35 additions and 20 deletions
--- a/ansible/group_vars/db.dev.yml
+++ b/ansible/group_vars/db.dev.yml
@ -0,0 +1,28 @@
+---
+# versions
+mongodb_version: "4.0"
+mongodb_pymongo_pip_version: 3.8.0
+
+# listening address & port
+mongodb_net_port: 27017
+mongodb_net_bindip: '0.0.0.0'
+
+# Security credentials
+mongodb_root_admin_name: root
+mongodb_root_admin_password: '{{lookup("passwordstore", "service/dev/mongodb/root-pass")}}'
+mongodb_user_admin_name: admin
+mongodb_user_admin_password: '{{lookup("passwordstore", "service/dev/mongodb/admin-pass")}}'
+mongodb_root_backup_name: backup
+mongodb_root_backup_password: '{{lookup("passwordstore", "service/dev/mongodb/backup-pass")}}'
+
+mongodb_security_authorization: 'enabled'
+mongodb_users:
+  - name: '{{lookup("passwordstore", "service/dev/mongodb/user-name")}}'
+    password: '{{lookup("passwordstore", "service/dev/mongodb/user-pass")}}'
+    roles: readWrite
+    database: 'dev-dap-ps'
+
+# disable replication on dev
+mongodb_replication_replset: ""
+mongodb_security_keyfile: ""
+mongodb_oplog_users: []
--- a/ansible/group_vars/mongodb.yml
+++ b/ansible/group_vars/mongodb.yml
@ -1,4 +0,0 @@
---
-mongo_db_name: dev-dap-ps
-mongo_db_user: '{{lookup("passwordstore", "service/mongodb/user")}}'
-mongo_db_pass: '{{lookup("passwordstore", "service/mongodb/pass")}}'
--- a/ansible/main.yml
+++ b/ansible/main.yml
@ -1,20 +1,10 @@
 ---
 - name: Configure MongoDB
-  hosts: mongodb
-  vars:
-    backup_name: mongodb-backups
-    backup_number: 1
-    backup_hour: 4
-    backup_day: '*'
-    backup_directory: '/var/tmp/backups'
-    backup_base_domain: 's3.amazonaws.com'
-    backup_bucket_name: 's3://dev-dap-ps-mongodb-backups'
-    backup_access_key: '{{lookup("passwordstore", "cloud/aws/s3/mongodb-backups/access-key")}}'
-    backup_secret_key: '{{lookup("passwordstore", "cloud/aws/s3/mongodb-backups/secret-key")}}'
+  hosts: db.dev
  roles:
+    - mongodb-firewall
    - mongodb
-    - infra-role-s3cmd-backup
  post_tasks:
-    - name: Here's the MongoDB URI string
+    - name: MongoDB URI string
      debug:
-        msg: 'mongodb://{{ mongo_db_user }}:{{ mongo_db_pass }}@{{ dns_entry }}:{{ mongo_cont_port }}/{{ mongo_db_name }}'
+        msg: 'mongodb://{{ mongodb_users[0].name }}:{{ mongodb_users[0].password }}@{{ dns_entry }}:{{ mongodb_net_port }}/{{ mongodb_users[0].database }}'
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -20,5 +20,5 @@
  scm: git

 - name: mongodb
-  src: git@github.com/UnderGreen/ansible-role-mongodb.git
+  src: https://github.com/UnderGreen/ansible-role-mongodb.git
  scm: git
--- a/ansible/roles/mongodb-firewall/tasks/main.yml
+++ b/ansible/roles/mongodb-firewall/tasks/main.yml
@ -2,6 +2,7 @@
 - name: Enable MongoDB port
  iptables:
    comment: 'MongoDB'
+    chain: INPUT
    jump: ACCEPT
    source: '0.0.0.0/0'
    protocol: 'tcp'
--- a/dev.tf
+++ b/dev.tf
@ -29,7 +29,7 @@ locals {

 module "dev_db" {
  source     = "./modules/aws-ec2-instance"
-  groups     = ["mongodb", "db"]
+  groups     = ["mongodb"]
  env        = "db"
  stage      = "dev"
  host_count = 1