From 4b2899bb6ecf5c4fad17877354a811ab15190986 Mon Sep 17 00:00:00 2001
From: davidcaste <davidcaste@gmail.com>
Date: Wed, 16 Dec 2015 09:11:23 +0100
Subject: [PATCH] Fix replicaset config without authentication

According to MongoDB documentation[1], "enabling internal authentication
(in a replicaset) enables access control". Therefore, if MongoDB is
configured without authentication (`auth = no`) a `keyFile` line
must not appear in the configuration file.

This commit attempts to solve the problem described above. An extra
check has been added to ensure the `keyFile` configuration option is
added only if replicaset authorization _and_ authentication is enabled.

[1]: https://docs.mongodb.org/v3.0/tutorial/enable-internal-authentication/
---
 templates/mongod.conf.j2 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/templates/mongod.conf.j2 b/templates/mongod.conf.j2
index 53c8d59..88ebe5f 100644
--- a/templates/mongod.conf.j2
+++ b/templates/mongod.conf.j2
@@ -27,5 +27,7 @@ smallfiles = {{ mongodb_conf_smallfiles|to_nice_json }}
 replSet = {{ mongodb_conf_replSet }}
 replIndexPrefetch = {{ mongodb_conf_replIndexPrefetch }}
 oplogSize = {{ mongodb_conf_oplogSize }}
+{% endif %}
+{% if mongodb_conf_replSet and mongodb_conf_auth %}
 keyFile = {{ mongodb_conf_keyFile }}
 {% endif %}