ansible-role-mongodb/tasks/main.yml

---

- name: Check value of variable mongodb_net_ssl_host
  fail:
    msg: 'Set mongodb_net_ssl_mode is preferSSL or set valid hostname for mongodb_net_ssl_host!'
  when: ( mongodb_net_ssl_mode == 'requireSSL'
          and mongodb_net_ssl_host == '' )

- name: Check value of variable mongodb_login_host
  fail:
    msg: 'Set mongodb_login_host equal mongodb_net_ssl_host!'
  when: ( mongodb_net_ssl_mode == 'requireSSL'
          and mongodb_net_ssl_host != mongodb_login_host
          and not mongodb_replication_replset )

- name: Include OS-specific variables
  include_vars: "{{ item }}"
  with_first_found:
    - "{{ ansible_distribution_release }}.yml"
    - "{{ ansible_distribution }}.yml"
    - "{{ ansible_os_family }}.yml"

- name: Include installation tasks
  include: "{{ item }}"
  with_first_found:
    - "install.{{ ansible_distribution | lower }}.yml"
    - "install.{{ ansible_os_family | lower }}.yml"
  tags: [mongodb]

- name: Include configuration.yml
  include: configure.yml
  tags: [mongodb]

- name: Include replication and auth configuration
  include: replication_init_auth.yml
  when: ( mongodb_replication_replset | length > 0
        and mongodb_security_authorization == 'enabled'
        and mongodb_master is defined and mongodb_master )
  tags: [mongodb]

- name: Include replication configuration
  include: replication.yml
  when: mongodb_replication_replset | length > 0
  tags: [mongodb]

- name: Check where admin user already exists
  command: >
    mongo --quiet {{ '--ssl --host ' + mongodb_net_ssl_host if mongodb_net_ssl_mode == 'requireSSL' else '' }} -u {{ mongodb_user_admin_name }} \
          -p {{ mongodb_user_admin_password }} --port {{ mongodb_net_port }} --eval 'db.version()' admin
  register: mongodb_user_admin_check
  changed_when: false
  check_mode: no
  ignore_errors: true
  when: ( mongodb_security_authorization == 'enabled'
          and not mongodb_replication_replset )
  no_log: true
  tags: [mongodb]

- name: Include authorization configuration
  include: auth_initialization.yml
  when: ( mongodb_security_authorization == 'enabled'
          and not mongodb_replication_replset
          and mongodb_user_admin_check.rc != 0 )
  tags: [mongodb]

- name: create normal users with replicaset
  mongodb_user:
    database: "{{ item.database }}"
    name: "{{ item.name }}"
    password: "{{ item.password }}"
    update_password: "{{ mongodb_user_update_password }}"
    roles: "{{ item.roles }}"
    login_user: "{{ mongodb_user_admin_name }}"
    login_password: "{{ mongodb_user_admin_password }}"
    login_port: "{{ mongodb_login_port|default(27017) }}"
    login_host: "{{ mongodb_login_host|default('localhost') }}"
    ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}"
  with_items:
    - "{{ mongodb_users | default([]) }}"
  when: ( mongodb_replication_replset
        and mongodb_security_authorization == 'enabled'
        and mongodb_master is defined and mongodb_master )
  no_log: true
  tags: [mongodb]

- name: create normal users without replicaset
  mongodb_user:
    database: "{{ item.database }}"
    name: "{{ item.name }}"
    password: "{{ item.password }}"
    update_password: "{{ mongodb_user_update_password }}"
    roles: "{{ item.roles }}"
    login_user: "{{ mongodb_user_admin_name }}"
    login_password: "{{ mongodb_user_admin_password }}"
    login_port: "{{ mongodb_net_port }}"
    login_host: "{{ mongodb_login_host|default('localhost') }}"
    ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}"
  with_items:
    - "{{ mongodb_users | default([]) }}"
  when: ( mongodb_security_authorization == 'enabled'
          and not mongodb_replication_replset )
  no_log: true
  tags: [mongodb]

- name: create oplog user with replicaset
  mongodb_user:
    database: admin
    user: "{{ item.user }}"
    password: "{{ item.password }}"
    update_password: "{{ mongodb_user_update_password }}"
    roles:
      - db: local
        role: read
    login_user: "{{ mongodb_user_admin_name }}"
    login_password: "{{ mongodb_user_admin_password }}"
    login_port: "{{ mongodb_login_port|default(27017) }}"
    login_host: "{{ mongodb_login_host|default('localhost') }}"
    ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}"
  with_items:
    - "{{ mongodb_oplog_users | default([]) }}"
  when: ( mongodb_replication_replset | length > 0
        and mongodb_security_authorization == 'enabled'
        and mongodb_master is defined and mongodb_master )
  no_log: false
  tags: [mongodb]

- name: Include MMS Agent configuration
  include: mms-agent.yml
  when: mongodb_mms_api_key | length > 0
  tags: [mongodb]
Init role. 2014-06-04 19:03:58 +04:00			`---`

Add correct support mode requireSLL. 2019-06-05 15:16:18 +03:00			`- name: Check value of variable mongodb_net_ssl_host`
			`fail:`
			`msg: 'Set mongodb_net_ssl_mode is preferSSL or set valid hostname for mongodb_net_ssl_host!'`
			`when: ( mongodb_net_ssl_mode == 'requireSSL'`
			`and mongodb_net_ssl_host == '' )`

			`- name: Check value of variable mongodb_login_host`
			`fail:`
			`msg: 'Set mongodb_login_host equal mongodb_net_ssl_host!'`
			`when: ( mongodb_net_ssl_mode == 'requireSSL'`
			`and mongodb_net_ssl_host != mongodb_login_host`
			`and not mongodb_replication_replset )`

Introduce support for RedHat package installation This provides initial support for installing the relevant MongoDB packages for a RedHat based OS. This currently only supports RHEL/CentOS 6 in order to keep the initial scope relatively constrained. 2016-04-27 14:45:25 +10:00			`- name: Include OS-specific variables`
			`include_vars: "{{ item }}"`
			`with_first_found:`
Add debian testing 2018-02-23 00:43:04 +07:00			`- "{{ ansible_distribution_release }}.yml"`
Introduce support for RedHat package installation This provides initial support for installing the relevant MongoDB packages for a RedHat based OS. This currently only supports RHEL/CentOS 6 in order to keep the initial scope relatively constrained. 2016-04-27 14:45:25 +10:00			`- "{{ ansible_distribution }}.yml"`
			`- "{{ ansible_os_family }}.yml"`

Add debian testing 2018-02-23 00:43:04 +07:00			`- name: Include installation tasks`
Adding ansible_distribution filters and files for amazonlinux 2019-05-17 11:57:53 +02:00			`include: "{{ item }}"`
			`with_first_found:`
			`- "install.{{ ansible_distribution \| lower }}.yml"`
			`- "install.{{ ansible_os_family \| lower }}.yml"`
fixing systemd issue Updating systemd detection by getting PID 1 command line instead of checking systemd folder. This to avoid issues with Docker for example. 2015-03-04 11:05:08 +01:00			`tags: [mongodb]`
mongodb.yml -> main.yml 2015-02-17 15:01:36 +06:00
Support of mongodb 3 2016-04-17 19:43:00 +06:00			`- name: Include configuration.yml`
Fixes to use MongoDB 3.6 2018-02-21 01:23:43 +07:00			`include: configure.yml`
fixing systemd issue Updating systemd detection by getting PID 1 command line instead of checking systemd folder. This to avoid issues with Docker for example. 2015-03-04 11:05:08 +01:00			`tags: [mongodb]`
mongodb.yml -> main.yml 2015-02-17 15:01:36 +06:00
Support of mongodb 3 2016-04-17 19:43:00 +06:00			`- name: Include replication and auth configuration`
Fixes to use MongoDB 3.6 2018-02-21 01:23:43 +07:00			`include: replication_init_auth.yml`
Fixed for Ansible 2.8 2019-05-25 22:52:10 -04:00			`when: ( mongodb_replication_replset \| length > 0`
Support of mongodb 3 2016-04-17 19:43:00 +06:00			`and mongodb_security_authorization == 'enabled'`
Global refactoring of authorization and replication 2015-06-22 14:59:25 +06:00			`and mongodb_master is defined and mongodb_master )`
			`tags: [mongodb]`

Support of mongodb 3 2016-04-17 19:43:00 +06:00			`- name: Include replication configuration`
Fixes to use MongoDB 3.6 2018-02-21 01:23:43 +07:00			`include: replication.yml`
Multiple changes for linting warnings + propert handling of mongodb_version variable 2019-05-27 15:00:59 -04:00			`when: mongodb_replication_replset \| length > 0`
Global refactoring of authorization and replication 2015-06-22 14:59:25 +06:00			`tags: [mongodb]`

Moved EPEL installation command to Docker file. Travis now uses custom Docker image built from CentOS Dockerfile. nolog re-enabled for user admin checking. 2017-09-14 10:56:34 +02:00			`- name: Check where admin user already exists`
Support of mongodb 3 2016-04-17 19:43:00 +06:00			`command: >`
Add correct support mode requireSLL. 2019-06-05 15:16:18 +03:00			`mongo --quiet {{ '--ssl --host ' + mongodb_net_ssl_host if mongodb_net_ssl_mode == 'requireSSL' else '' }} -u {{ mongodb_user_admin_name }} \`
Add custom port in command to check if admin user exists 2017-04-10 16:04:24 +10:00			`-p {{ mongodb_user_admin_password }} --port {{ mongodb_net_port }} --eval 'db.version()' admin`
Support of mongodb 3 2016-04-17 19:43:00 +06:00			`register: mongodb_user_admin_check`
			`changed_when: false`
Fix warnings 2018-02-15 13:14:31 +07:00			`check_mode: no`
Support of mongodb 3 2016-04-17 19:43:00 +06:00			`ignore_errors: true`
			`when: ( mongodb_security_authorization == 'enabled'`
Fix for linting warnings 2019-05-21 15:42:02 -04:00			`and not mongodb_replication_replset )`
Moved EPEL installation command to Docker file. Travis now uses custom Docker image built from CentOS Dockerfile. nolog re-enabled for user admin checking. 2017-09-14 10:56:34 +02:00			`no_log: true`
Global refactoring of authorization and replication 2015-06-22 14:59:25 +06:00			`tags: [mongodb]`

Support of mongodb 3 2016-04-17 19:43:00 +06:00			`- name: Include authorization configuration`
Fixes to use MongoDB 3.6 2018-02-21 01:23:43 +07:00			`include: auth_initialization.yml`
Support of mongodb 3 2016-04-17 19:43:00 +06:00			`when: ( mongodb_security_authorization == 'enabled'`
Fix for linting warnings 2019-05-21 15:42:02 -04:00			`and not mongodb_replication_replset`
Support of mongodb 3 2016-04-17 19:43:00 +06:00			`and mongodb_user_admin_check.rc != 0 )`
			`tags: [mongodb]`

Fixed problem with concurrency race 2016-04-17 23:18:31 +06:00			`- name: create normal users with replicaset`
Fix all issues and warnings 2019-05-23 00:37:39 -04:00			`mongodb_user:`
Support of mongodb 3 2016-04-17 19:43:00 +06:00			`database: "{{ item.database }}"`
			`name: "{{ item.name }}"`
			`password: "{{ item.password }}"`
			`update_password: "{{ mongodb_user_update_password }}"`
			`roles: "{{ item.roles }}"`
			`login_user: "{{ mongodb_user_admin_name }}"`
			`login_password: "{{ mongodb_user_admin_password }}"`
Fixed problem with concurrency race 2016-04-17 23:18:31 +06:00			`login_port: "{{ mongodb_login_port\|default(27017) }}"`
			`login_host: "{{ mongodb_login_host\|default('localhost') }}"`
Add correct support mode requireSLL. 2019-06-05 15:16:18 +03:00			`ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}"`
Support of mongodb 3 2016-04-17 19:43:00 +06:00			`with_items:`
			`- "{{ mongodb_users \| default([]) }}"`
Fixed problem with concurrency race 2016-04-17 23:18:31 +06:00			`when: ( mongodb_replication_replset`
			`and mongodb_security_authorization == 'enabled'`
			`and mongodb_master is defined and mongodb_master )`
Do not show passwords in Ansible output This role prints passwords in Ansible outputs (e.g. when creating users, etc.). This is a problem because passwords must never appear in plaintext under any circunstances. This commit attempts to fix the problem described above. The option "no_log: true" has been added to tasks which may print passwords during Ansible execution. 2016-09-21 23:51:38 +02:00			`no_log: true`
Support of mongodb 3 2016-04-17 19:43:00 +06:00			`tags: [mongodb]`

Fixed problem with concurrency race 2016-04-17 23:18:31 +06:00			`- name: create normal users without replicaset`
Fix all issues and warnings 2019-05-23 00:37:39 -04:00			`mongodb_user:`
Fixed problem with concurrency race 2016-04-17 23:18:31 +06:00			`database: "{{ item.database }}"`
			`name: "{{ item.name }}"`
			`password: "{{ item.password }}"`
			`update_password: "{{ mongodb_user_update_password }}"`
			`roles: "{{ item.roles }}"`
			`login_user: "{{ mongodb_user_admin_name }}"`
			`login_password: "{{ mongodb_user_admin_password }}"`
			`login_port: "{{ mongodb_net_port }}"`
Add correct support mode requireSLL. 2019-06-05 15:16:18 +03:00			`login_host: "{{ mongodb_login_host\|default('localhost') }}"`
			`ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}"`
Fixed problem with concurrency race 2016-04-17 23:18:31 +06:00			`with_items:`
			`- "{{ mongodb_users \| default([]) }}"`
			`when: ( mongodb_security_authorization == 'enabled'`
Fix for linting warnings 2019-05-21 15:42:02 -04:00			`and not mongodb_replication_replset )`
Do not show passwords in Ansible output This role prints passwords in Ansible outputs (e.g. when creating users, etc.). This is a problem because passwords must never appear in plaintext under any circunstances. This commit attempts to fix the problem described above. The option "no_log: true" has been added to tasks which may print passwords during Ansible execution. 2016-09-21 23:51:38 +02:00			`no_log: true`
Fixed problem with concurrency race 2016-04-17 23:18:31 +06:00			`tags: [mongodb]`
Support of mongodb 3 2016-04-17 19:43:00 +06:00
Oplog user creation Add functionality to create oplog users 2018-09-03 23:06:22 +03:00			`- name: create oplog user with replicaset`
Fix all issues and warnings 2019-05-23 00:37:39 -04:00			`mongodb_user:`
Oplog user creation Add functionality to create oplog users 2018-09-03 23:06:22 +03:00			`database: admin`
			`user: "{{ item.user }}"`
			`password: "{{ item.password }}"`
			`update_password: "{{ mongodb_user_update_password }}"`
			`roles:`
			`- db: local`
			`role: read`
			`login_user: "{{ mongodb_user_admin_name }}"`
			`login_password: "{{ mongodb_user_admin_password }}"`
			`login_port: "{{ mongodb_login_port\|default(27017) }}"`
			`login_host: "{{ mongodb_login_host\|default('localhost') }}"`
Add correct support mode requireSLL. 2019-06-05 15:16:18 +03:00			`ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}"`
Oplog user creation Add functionality to create oplog users 2018-09-03 23:06:22 +03:00			`with_items:`
			`- "{{ mongodb_oplog_users \| default([]) }}"`
Multiple changes for linting warnings + propert handling of mongodb_version variable 2019-05-27 15:00:59 -04:00			`when: ( mongodb_replication_replset \| length > 0`
Oplog user creation Add functionality to create oplog users 2018-09-03 23:06:22 +03:00			`and mongodb_security_authorization == 'enabled'`
			`and mongodb_master is defined and mongodb_master )`
			`no_log: false`
			`tags: [mongodb]`

Support of mongodb 3 2016-04-17 19:43:00 +06:00			`- name: Include MMS Agent configuration`
Fixes to use MongoDB 3.6 2018-02-21 01:23:43 +07:00			`include: mms-agent.yml`
Multiple changes for linting warnings + propert handling of mongodb_version variable 2019-05-27 15:00:59 -04:00			`when: mongodb_mms_api_key \| length > 0`
fixing systemd issue Updating systemd detection by getting PID 1 command line instead of checking systemd folder. This to avoid issues with Docker for example. 2015-03-04 11:05:08 +01:00			`tags: [mongodb]`