Added authorization based on local fact

2015-02-17 19:17:20 +06:00 · 2015-02-17 19:17:20 +06:00 · 845f25d5a2
parent 4c3919d920
commit 845f25d5a2
2 changed files with 64 additions and 4 deletions
--- a/tasks/auth_initialization.yml
+++ b/tasks/auth_initialization.yml
@ -1,5 +1,8 @@
 ---

+- include: auth_initialization_ald.yml
+  when: ansible_local.mongodb.mongodb.mongodb_login_port is defined
+
 - name: create administrative user siteRootAdmin
  mongodb_user:
    database: admin
@ -7,13 +10,14 @@
    password: "{{ item.password }}"
    roles: "{{ item.roles }}"
    login_host: 127.0.0.1
-    login_port: "{{ mongodb_conf_port|default(27017) }}"
  with_items:
    - {
      name: "{{ mongodb_root_admin_name }}",
      password: "{{ mongodb_root_admin_password }}",
      roles: "root"
      }
+  register: rootadmin_user_result
+  when: ansible_local.mongodb.mongodb.mongodb_login_port is undefined

 - name: create administrative user siteUserAdmin
  mongodb_user:
@ -22,13 +26,14 @@
    password: "{{ item.password }}"
    roles: "{{ item.roles }}"
    login_host: 127.0.0.1
-    login_port: "{{ mongodb_conf_port|default(27017) }}"
  with_items:
    - {
      name: "{{ mongodb_user_admin_name }}",
      password: "{{ mongodb_user_admin_password }}",
      roles: "userAdminAnyDatabase"
      }
+  register: useradmin_user_result
+  when: ansible_local.mongodb.mongodb.mongodb_login_port is undefined

 - name: create normal users
  mongodb_user:
@ -38,9 +43,21 @@
    roles: "{{ item.roles }}"
    replica_set: "{{ mongodb_conf_replSet }}"
    login_host: 127.0.0.1
-    login_port: "{{ mongodb_conf_port|default(27017) }}"
    login_user: "{{ mongodb_user_admin_name }}"
    login_password: "{{ mongodb_user_admin_password }}"
  with_items:
    - "{{ mongodb_users }}"
-  when: mongodb_users is defined
+  when: mongodb_users is defined and ansible_local.mongodb.mongodb_login_port is undefined
+
+- name: Create facts.d directory
+  file:
+    state: directory
+    recurse: yes
+    path: /etc/ansible/facts.d
+  when: rootadmin_user_result|changed or useradmin_user_result|changed
+
+- name: Create facts file for mongodb
+  copy:
+    dest: /etc/ansible/facts.d/mongodb.fact
+    content: "[mongodb]\nmongodb_login_port={{ mongodb_conf_port }}\n"
+  when: rootadmin_user_result|changed or useradmin_user_result|changed
--- a/tasks/auth_initialization_ald.yml
+++ b/tasks/auth_initialization_ald.yml
@ -0,0 +1,43 @@
+- name: create administrative user siteRootAdmin
+  mongodb_user:
+    database: admin
+    name: "{{ item.name }}"
+    password: "{{ item.password }}"
+    roles: "{{ item.roles }}"
+    login_host: 127.0.0.1
+    login_port: "{{ ansible_local.mongodb.mongodb.mongodb_login_port|default(27017) }}"
+  with_items:
+    - {
+      name: "{{ mongodb_root_admin_name }}",
+      password: "{{ mongodb_root_admin_password }}",
+      roles: "root"
+      }
+
+- name: create administrative user siteUserAdmin
+  mongodb_user:
+    database: admin
+    name: "{{ item.name }}"
+    password: "{{ item.password }}"
+    roles: "{{ item.roles }}"
+    login_host: 127.0.0.1
+    login_port: "{{ ansible_local.mongodb.mongodb_login_port|default(27017) }}"
+  with_items:
+    - {
+      name: "{{ mongodb_user_admin_name }}",
+      password: "{{ mongodb_user_admin_password }}",
+      roles: "userAdminAnyDatabase"
+      }
+
+- name: create normal users
+  mongodb_user:
+    database: "{{ item.database }}"
+    name: "{{ item.name }}"
+    password: "{{ item.password }}"
+    roles: "{{ item.roles }}"
+    replica_set: "{{ mongodb_conf_replSet }}"
+    login_host: 127.0.0.1
+    login_port: "{{ ansible_local.mongodb.mongodb_login_port|default(27017) }}"
+    login_user: "{{ mongodb_user_admin_name }}"
+    login_password: "{{ mongodb_user_admin_password }}"
+  with_items:
+    - "{{ mongodb_users }}"