2019-05-20 09:36:58 +02:00
# Ansible role for MongoDB [![Build Status](https://travis-ci.org/UnderGreen/ansible-role-mongodb.svg?branch=master)](https://travis-ci.org/UnderGreen/ansible-role-mongodb)
2017-06-22 11:39:58 -07:00
Ansible role which manages [MongoDB ](http://www.mongodb.org/ ).
2014-06-04 19:09:28 +04:00
2019-05-20 09:36:58 +02:00
- Install and configure the MongoDB;
- Configure mongodb users
- Configure replication
- Provide handlers for restart and reload;
- Setup MMS authomation agent;
2014-06-04 19:09:28 +04:00
2016-04-17 21:27:43 +06:00
MongoDB support matrix:
2019-09-11 11:50:45 +02:00
| Distribution | < MongoDB 3 . 2 | MongoDB 3 . 4 | MongoDB 3 . 6 | MongoDB 4 . 0 | MongoDB 4 . 2 |
| -------------- | :-----------: | :----------------: | :----------------: | :----------------: | :----------------: |
2019-09-11 12:06:03 +02:00
| Ubuntu 14.04 | :no_entry: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: |
2019-09-11 11:50:45 +02:00
| Ubuntu 16.04 | :no_entry: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| Ubuntu 18.04 | :no_entry: | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
2019-09-11 12:06:03 +02:00
| Debian 8.x | :no_entry: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: |
2019-09-11 11:50:45 +02:00
| Debian 9.x | :no_entry: | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| RHEL 6.x | :no_entry: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| RHEL 7.x | :no_entry: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| Amazon Linux 2 | :no_entry: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
2018-02-26 15:43:06 +07:00
2018-02-26 16:07:44 +07:00
- :white_check_mark: - fully tested, should works fine
- :interrobang: - maybe works, not tested
- :x: - don't have official support
- :no_entry: - MongoDB has reached EOL
2016-04-17 21:27:43 +06:00
2014-06-04 19:09:28 +04:00
#### Variables
```yaml
2016-04-17 19:43:00 +06:00
# You can use this variable to control installation source of MongoDB
# 'mongodb' will be installed from Debian/Ubuntu repos
# 'mongodb-org' will be installed from MongoDB official repos
2015-01-07 14:31:53 +03:00
mongodb_package: mongodb-org
2015-01-05 14:37:28 +01:00
2016-04-17 19:43:00 +06:00
# You can control installed version via this param.
2019-05-09 22:57:34 +02:00
# Should be '3.4', '3.6' or '4.0'. This role doesn't support MongoDB < 3.4.
2016-04-17 19:43:00 +06:00
# I will recommend you to use latest version of MongoDB.
2018-02-26 15:43:06 +07:00
mongodb_version: "3.6"
2016-04-17 19:43:00 +06:00
2019-05-20 09:36:58 +02:00
mongodb_pymongo_from_pip: true # Install latest PyMongo via PIP or package manager
mongodb_pymongo_pip_version: 3.6.1 # Choose PyMong version to install from pip. If not set use latest
mongodb_user_update_password: "on_create" # MongoDB user password update default policy
2015-04-06 23:37:34 +02:00
mongodb_manage_service: true
2019-11-25 12:54:21 +03:00
mongodb_manage_systemd_unit: true
2015-04-02 21:48:03 +02:00
2018-12-18 10:50:38 +01:00
# Disable transparent hugepages on systemd debian based installations
mongodb_disable_transparent_hugepages: false
2016-04-27 14:51:53 +10:00
mongodb_user: "{{ 'mongod' if ('RedHat' == ansible_os_family) else 'mongodb' }}"
2015-05-09 23:15:49 +02:00
mongodb_uid:
mongodb_gid:
2015-02-17 23:01:17 +06:00
mongodb_daemon_name: "{{ 'mongod' if ('mongodb-org' in mongodb_package) else 'mongodb' }}"
2016-04-17 19:43:00 +06:00
## net Options
2019-05-20 09:36:58 +02:00
mongodb_net_bindip: 127.0.0.1 # Comma separated list of ip addresses to listen on
mongodb_net_http_enabled: false # Enable http interface
mongodb_net_ipv6: false # Enable IPv6 support (disabled by default)
mongodb_net_maxconns: 65536 # Max number of simultaneous connections
mongodb_net_port: 27017 # Specify port number
2016-04-17 19:43:00 +06:00
## processManagement Options
2019-05-20 09:36:58 +02:00
mongodb_processmanagement_fork: false # Fork server process
2016-04-17 19:43:00 +06:00
## security Options
# Disable or enable security. Possible values: 'disabled', 'enabled'
mongodb_security_authorization: "disabled"
2019-05-20 09:36:58 +02:00
mongodb_security_keyfile: /etc/mongodb-keyfile # Specify path to keyfile with password for inter-process authentication
2016-04-17 19:43:00 +06:00
## storage Options
2019-05-20 09:36:58 +02:00
mongodb_storage_dbpath: /data/db # Directory for datafiles
mongodb_storage_dirperdb: false # Use one directory per DB
2018-09-11 10:03:13 +02:00
2019-05-27 15:00:59 -04:00
# The storage engine for the mongod database
mongodb_storage_engine: "wiredTiger"
2016-04-17 19:43:00 +06:00
# mmapv1 specific options
2019-05-20 09:36:58 +02:00
mongodb_storage_quota_enforced: false # Limits each database to a certain number of files
mongodb_storage_quota_maxfiles: 8 # Number of quota files per DB
mongodb_storage_smallfiles: false # Very useful for non-data nodes
2016-04-17 19:43:00 +06:00
2019-05-20 09:36:58 +02:00
mongodb_storage_journal_enabled: true # Enable journaling
mongodb_storage_prealloc: true # Disable data file preallocation
2016-04-17 19:43:00 +06:00
2019-04-19 10:44:50 +02:00
# WiredTiger Options
2019-05-20 09:36:58 +02:00
mongodb_wiredtiger_cache_size: 1 # Cache size for wiredTiger in GB
2019-04-19 10:44:50 +02:00
2016-04-17 19:43:00 +06:00
## systemLog Options
## The destination to which MongoDB sends all log output. Specify either 'file' or 'syslog'.
## If you specify 'file', you must also specify mongodb_systemlog_path.
mongodb_systemlog_destination: "file"
2019-05-20 09:36:58 +02:00
mongodb_systemlog_logappend: true # Append to logpath instead of over-writing
mongodb_systemlog_path: /var/log/mongodb/{{ mongodb_daemon_name }}.log # Log file to send write to instead of stdout
2016-04-17 19:43:00 +06:00
## replication Options
2019-05-20 09:36:58 +02:00
mongodb_replication_replset: # Enable replication < setname > [/< optionalseedhostlist > ]
mongodb_replication_replindexprefetch: "all" # specify index prefetching behavior (if secondary) [none|_id_only|all]
mongodb_replication_oplogsize: 1024 # specifies a maximum size in megabytes for the replication operation log
2014-12-26 18:32:50 +03:00
2018-01-09 12:44:53 +01:00
## setParameter options
# Configure setParameter option.
2018-02-15 13:18:05 +07:00
# Example :
2019-05-20 09:36:58 +02:00
mongodb_set_parameters:
{
"enableLocalhostAuthBypass": "true",
"authenticationMechanisms": "SCRAM-SHA-1,MONGODB-CR",
}
2018-01-09 12:44:53 +01:00
2014-12-19 17:39:09 +03:00
# MMS Agent
2019-04-25 10:33:47 -03:00
mongodb_mms_agent_pkg: https://cloud.mongodb.com/download/agent/monitoring/mongodb-mms-monitoring-agent_7.2.0.488-1_amd64.ubuntu1604.deb
2014-12-19 17:39:09 +03:00
mongodb_mms_group_id: ""
mongodb_mms_api_key: ""
mongodb_mms_base_url: https://mms.mongodb.com
2014-07-10 20:07:35 +04:00
# Log rotation
2019-05-20 09:36:58 +02:00
mongodb_logrotate: true # Rotate mongodb logs.
2014-07-10 20:07:35 +04:00
mongodb_logrotate_options:
- compress
- copytruncate
- daily
- dateext
- rotate 7
- size 10M
2015-02-17 23:01:17 +06:00
# password for inter-process authentication
# please regenerate this file on production environment with command 'openssl rand -base64 741'
mongodb_keyfile_content: |
8pYcxvCqoe89kcp33KuTtKVf5MoHGEFjTnudrq5BosvWRoIxLowmdjrmUpVfAivh
CHjqM6w0zVBytAxH1lW+7teMYe6eDn2S/O/1YlRRiW57bWU3zjliW3VdguJar5i9
Z+1a8lI+0S9pWynbv9+Ao0aXFjSJYVxAm/w7DJbVRGcPhsPmExiSBDw8szfQ8PAU
2hwRl7nqPZZMMR+uQThg/zV9rOzHJmkqZtsO4UJSilG9euLCYrzW2hdoPuCrEDhu
Vsi5+nwAgYR9dP2oWkmGN1dwRe0ixSIM2UzFgpaXZaMOG6VztmFrlVXh8oFDRGM0
cGrFHcnGF7oUGfWnI2Cekngk64dHA2qD7WxXPbQ/svn9EfTY5aPw5lXzKA87Ds8p
KHVFUYvmA6wVsxb/riGLwc+XZlb6M9gqHn1XSpsnYRjF6UzfRcRR2WyCxLZELaqu
iKxLKB5FYqMBH7Sqg3qBCtE53vZ7T1nefq5RFzmykviYP63Uhu/A2EQatrMnaFPl
TTG5CaPjob45CBSyMrheYRWKqxdWN93BTgiTW7p0U6RB0/OCUbsVX6IG3I9N8Uqt
l8Kc+7aOmtUqFkwo8w30prIOjStMrokxNsuK9KTUiPu2cj7gwYQ574vV3hQvQPAr
hhb9ohKr0zoPQt31iTj0FDkJzPepeuzqeq8F51HB56RZKpXdRTfY8G6OaOT68cV5
vP1O6T/okFKrl41FQ3CyYN5eRHyRTK99zTytrjoP2EbtIZ18z+bg/angRHYNzbgk
lc3jpiGzs1ZWHD0nxOmHCMhU4usEcFbV6FlOxzlwrsEhHkeiununlCsNHatiDgzp
ZWLnP/mXKV992/Jhu0Z577DHlh+3JIYx0PceB9yzACJ8MNARHF7QpBkhtuGMGZpF
T+c73exupZFxItXs1Bnhe3djgE3MKKyYvxNUIbcTJoe7nhVMrwO/7lBSpVLvC4p3
wR700U0LDaGGQpslGtiE56SemgoP
# names and passwords for administrative users
mongodb_user_admin_name: siteUserAdmin
mongodb_user_admin_password: passw0rd
mongodb_root_admin_name: siteRootAdmin
mongodb_root_admin_password: passw0rd
2019-09-23 10:12:08 +02:00
mongodb_root_backup_name: backupuser
mongodb_root_backup_password: passw0rd
2014-06-04 19:09:28 +04:00
```
#### Usage
2018-08-20 21:27:32 -04:00
Add `undergreen.mongodb` to your roles and set vars in your playbook file.
2014-06-04 19:09:28 +04:00
2015-02-17 23:01:17 +06:00
Example vars for authorization:
2019-05-20 09:36:58 +02:00
2014-06-04 19:09:28 +04:00
```yaml
2016-05-19 11:07:36 -03:00
mongodb_security_authorization: "enabled"
2015-02-17 23:01:17 +06:00
mongodb_users:
- {
name: testUser,
password: passw0rd,
roles: readWrite,
database: app_development
}
2014-06-04 19:09:28 +04:00
```
2019-05-20 09:36:58 +02:00
2018-09-03 23:06:22 +03:00
Example vars for oplog user:
2019-05-20 09:36:58 +02:00
2018-09-03 23:06:22 +03:00
```yaml
mongodb_oplog_users:
- {
user: oplog,
password: passw0rd
}
```
2019-05-20 09:36:58 +02:00
2015-02-17 23:01:17 +06:00
Required vars to change on production:
2019-05-20 09:36:58 +02:00
2015-02-17 23:01:17 +06:00
```yaml
mongodb_user_admin_password
mongodb_root_admin_password
2019-04-24 13:27:10 -07:00
mongodb_root_backup_password
2016-04-17 19:43:00 +06:00
# if you use replication and authorization
mongodb_security_keyfile
2015-02-17 23:01:17 +06:00
```
2019-05-20 09:36:58 +02:00
2015-02-17 23:01:17 +06:00
Example vars for replication:
2019-05-20 09:36:58 +02:00
2015-02-17 23:01:17 +06:00
```yaml
2016-04-17 19:43:00 +06:00
# It's a 'master' node
mongodb_login_host: 192.168.56.2
2015-02-17 23:01:17 +06:00
# mongodb_replication_params should be configured on each replica set node
mongodb_replication_params:
2019-05-20 09:36:58 +02:00
- {
host_name: 192.168.56.2,
host_port: "{{ mongodb_net_port }}",
host_type: replica,
}
2015-02-17 23:01:17 +06:00
# host_type can be replica(default) and arbiter
```
2019-05-20 09:36:58 +02:00
2015-06-22 15:39:57 +06:00
And inventory file for replica set:
2019-05-20 09:36:58 +02:00
2015-06-22 15:39:57 +06:00
```ini
[mongo_master]
2016-04-17 19:43:00 +06:00
192.158.56.2 mongodb_master=True # it is't a really master of MongoDB replica set,
2015-06-22 15:39:57 +06:00
# use this variable for replica set init only
2016-04-17 19:43:00 +06:00
# or when master is moved from initial master node
2015-06-22 15:39:57 +06:00
[mongo_replicas]
192.168.56.3
192.168.56.4
2016-04-17 19:43:00 +06:00
[mongo:children]
mongo_master
mongo_replicas
2015-06-22 15:39:57 +06:00
```
2014-06-04 19:09:28 +04:00
2015-02-17 23:01:17 +06:00
Licensed under the GPLv2 License. See the [LICENSE.md ](LICENSE.md ) file for details.
2014-06-04 19:09:28 +04:00
#### Feedback, bug-reports, requests, ...
2015-02-17 23:01:17 +06:00
Are [welcome ](https://github.com/UnderGreen/ansible-role-mongodb/issues )!