Global refactoring of authorization and replication
This commit is contained in:
parent
528b8a8413
commit
9442794314
|
@ -1,7 +1,9 @@
|
|||
---
|
||||
- name: Move back mongod.conf
|
||||
template: src=mongod_init.conf.j2 dest=/etc/mongod.conf owner=root group=root mode=0644
|
||||
|
||||
- include: auth_initialization_ald.yml
|
||||
when: ansible_local.mongodb.mongodb.mongodb_login_port is defined
|
||||
- name: Restart mongodb service
|
||||
service: name={{ mongodb_daemon_name }} state=restarted
|
||||
|
||||
- name: create administrative user siteUserAdmin
|
||||
mongodb_user:
|
||||
|
@ -9,15 +11,13 @@
|
|||
name: "{{ item.name }}"
|
||||
password: "{{ item.password }}"
|
||||
roles: "{{ item.roles }}"
|
||||
login_host: "{{ mongodb_listen_ip }}"
|
||||
login_port: "{{ mongodb_conf_port }}"
|
||||
with_items:
|
||||
- {
|
||||
name: "{{ mongodb_user_admin_name }}",
|
||||
password: "{{ mongodb_user_admin_password }}",
|
||||
roles: "userAdminAnyDatabase"
|
||||
}
|
||||
register: useradmin_user_result
|
||||
when: ansible_local.mongodb.mongodb.mongodb_login_port is undefined
|
||||
|
||||
- name: create administrative user siteRootAdmin
|
||||
mongodb_user:
|
||||
|
@ -25,37 +25,16 @@
|
|||
name: "{{ item.name }}"
|
||||
password: "{{ item.password }}"
|
||||
roles: "{{ item.roles }}"
|
||||
login_host: "{{ mongodb_listen_ip }}"
|
||||
login_user: "{{ mongodb_user_admin_name }}"
|
||||
login_password: "{{ mongodb_user_admin_password }}"
|
||||
login_port: "{{ mongodb_conf_port }}"
|
||||
with_items:
|
||||
- {
|
||||
name: "{{ mongodb_root_admin_name }}",
|
||||
password: "{{ mongodb_root_admin_password }}",
|
||||
roles: "root"
|
||||
}
|
||||
register: rootadmin_user_result
|
||||
when: ansible_local.mongodb.mongodb.mongodb_login_port is undefined
|
||||
|
||||
- name: create normal users
|
||||
mongodb_user:
|
||||
database: "{{ item.database }}"
|
||||
name: "{{ item.name }}"
|
||||
password: "{{ item.password }}"
|
||||
roles: "{{ item.roles }}"
|
||||
replica_set: "{{ mongodb_conf_replSet }}"
|
||||
login_host: "{{ mongodb_listen_ip }}"
|
||||
login_user: "{{ mongodb_user_admin_name }}"
|
||||
login_password: "{{ mongodb_user_admin_password }}"
|
||||
with_items:
|
||||
- "{{ mongodb_users }}"
|
||||
when: mongodb_users is defined and ansible_local.mongodb.mongodb.mongodb_login_port is undefined
|
||||
|
||||
- name: Create facts.d directory
|
||||
file: path=/etc/ansible/facts.d state=directory recurse=yes
|
||||
when: (ansible_local.mongodb.mongodb.mongodb_login_port is undefined) and (rootadmin_user_result|changed or useradmin_user_result|changed or config_result|changed)
|
||||
|
||||
- name: Create facts file for mongodb
|
||||
template: src=mongodb.fact.j2 dest=/etc/ansible/facts.d/mongodb.fact
|
||||
when: (ansible_local.mongodb.mongodb.mongodb_login_port is undefined) and (rootadmin_user_result|changed or useradmin_user_result|changed or config_result|changed)
|
||||
- name: Move back mongod.conf
|
||||
template: src=mongod.conf.j2 dest=/etc/mongod.conf owner=root group=root mode=0644
|
||||
|
||||
- name: Restart mongodb service
|
||||
service: name={{ mongodb_daemon_name }} state=restarted
|
||||
|
|
|
@ -1,47 +0,0 @@
|
|||
---
|
||||
- name: create administrative user siteUserAdmin port=yes
|
||||
mongodb_user:
|
||||
database: admin
|
||||
name: "{{ item.name }}"
|
||||
password: "{{ item.password }}"
|
||||
roles: "{{ item.roles }}"
|
||||
login_host: "{{ mongodb_listen_ip }}"
|
||||
login_port: "{{ ansible_local.mongodb.mongodb.mongodb_login_port }}"
|
||||
with_items:
|
||||
- {
|
||||
name: "{{ mongodb_user_admin_name }}",
|
||||
password: "{{ mongodb_user_admin_password }}",
|
||||
roles: "userAdminAnyDatabase"
|
||||
}
|
||||
|
||||
- name: create administrative user siteRootAdmin port=yes
|
||||
mongodb_user:
|
||||
database: admin
|
||||
name: "{{ item.name }}"
|
||||
password: "{{ item.password }}"
|
||||
roles: "{{ item.roles }}"
|
||||
login_host: "{{ mongodb_listen_ip }}"
|
||||
login_port: "{{ ansible_local.mongodb.mongodb.mongodb_login_port }}"
|
||||
login_user: "{{ mongodb_user_admin_name }}"
|
||||
login_password: "{{ mongodb_user_admin_password }}"
|
||||
with_items:
|
||||
- {
|
||||
name: "{{ mongodb_root_admin_name }}",
|
||||
password: "{{ mongodb_root_admin_password }}",
|
||||
roles: "root"
|
||||
}
|
||||
|
||||
- name: create normal users port=yes
|
||||
mongodb_user:
|
||||
database: "{{ item.database }}"
|
||||
name: "{{ item.name }}"
|
||||
password: "{{ item.password }}"
|
||||
roles: "{{ item.roles }}"
|
||||
replica_set: "{{ mongodb_conf_replSet }}"
|
||||
login_host: "{{ mongodb_listen_ip }}"
|
||||
login_port: "{{ ansible_local.mongodb.mongodb.mongodb_login_port }}"
|
||||
login_user: "{{ mongodb_user_admin_name }}"
|
||||
login_password: "{{ mongodb_user_admin_password }}"
|
||||
with_items:
|
||||
- "{{ mongodb_users }}"
|
||||
when: mongodb_users is defined
|
|
@ -1,25 +1,5 @@
|
|||
---
|
||||
|
||||
- name: set mongodb gid
|
||||
group: name=mongodb gid={{ mongodb_gid }} state=present
|
||||
when: mongodb_gid
|
||||
|
||||
- name: set mongodb uid
|
||||
user: name=mongodb uid={{ mongodb_uid }} group=mongodb state=present
|
||||
when: mongodb_uid
|
||||
|
||||
- name: reset mongodb folder and subfolders with new uid
|
||||
file: path={{ mongodb_conf_dbpath }} owner=mongodb group=mongodb follow=yes recurse=yes state=directory
|
||||
when: mongodb_uid
|
||||
|
||||
- name: Register default MongoDB listen IP
|
||||
set_fact: mongodb_listen_ip=127.0.0.1
|
||||
when: ansible_local.mongodb.mongodb.mongodb_listen_ip is undefined
|
||||
|
||||
- name: Register MongoDB listen IP
|
||||
set_fact: mongodb_listen_ip={{ ansible_local.mongodb.mongodb.mongodb_listen_ip }}
|
||||
when: ansible_local.mongodb.mongodb.mongodb_listen_ip is defined
|
||||
|
||||
- name: Create keyFile
|
||||
copy:
|
||||
dest: "{{ mongodb_conf_keyFile }}"
|
||||
|
@ -33,32 +13,17 @@
|
|||
template: src=logrotate.conf.j2 dest=/etc/logrotate.d/mongodb.conf
|
||||
when: mongodb_logrotate
|
||||
|
||||
- name: ensure mongodb started and enabled
|
||||
service: name={{ mongodb_daemon_name }} state=started enabled=yes
|
||||
when: mongodb_manage_service
|
||||
- name: set mongodb gid
|
||||
group: name=mongodb gid={{ mongodb_gid }} state=present
|
||||
when: mongodb_gid
|
||||
|
||||
- name: get pid of mongod
|
||||
command: pidof mongod
|
||||
register: mongod_pid
|
||||
changed_when: false
|
||||
ignore_errors: True
|
||||
- name: set mongodb uid
|
||||
user: name=mongodb uid={{ mongodb_uid }} group=mongodb state=present
|
||||
when: mongodb_uid
|
||||
|
||||
- name: temporary start mongod if not started
|
||||
command: '/usr/bin/mongod --config /etc/mongod.conf --fork'
|
||||
when: mongod_pid.rc != 0
|
||||
|
||||
- name: wait MongoDB port is listening
|
||||
wait_for: host="{{ mongodb_listen_ip }}" port="{{ mongodb_conf_port }}" delay=10 timeout=60 state=started
|
||||
when: mongodb_force_wait_for_port or "'systemd' in systemd.stdout"
|
||||
|
||||
- include: auth_initialization.yml
|
||||
when: mongodb_conf_auth
|
||||
|
||||
- name: Create mongodb user
|
||||
user: name={{mongodb_user}} group={{mongodb_user}}
|
||||
|
||||
- name: Configure database directory
|
||||
file: state=directory path={{ mongodb_conf_dbpath }} owner={{mongodb_user}} group={{mongodb_user}} mode=0755
|
||||
- name: reset mongodb folder and subfolders with new uid
|
||||
file: path={{ mongodb_conf_dbpath }} owner=mongodb group=mongodb follow=yes recurse=yes state=directory
|
||||
when: mongodb_uid
|
||||
|
||||
- name: Create log dir if missing
|
||||
file: state=directory recurse=yes dest={{ mongodb_conf_logpath|dirname }} owner={{ mongodb_user }} group={{mongodb_user}} mode=0755
|
||||
|
@ -89,16 +54,6 @@
|
|||
when: ansible_os_family == 'Debian' and mongodb_disable_thp
|
||||
notify: restart sysfsutils
|
||||
|
||||
- name: get pid of mongod
|
||||
command: pidof mongod
|
||||
register: mongod_new_pid
|
||||
changed_when: false
|
||||
when: mongod_pid.rc != 0
|
||||
|
||||
- name: kill temporary mongod if started
|
||||
command: kill {{ mongod_new_pid.stdout }}
|
||||
when: mongod_pid.rc != 0
|
||||
|
||||
- name: mongodb restart
|
||||
service: name={{ mongodb_daemon_name }} state=restarted
|
||||
when: config_result|changed and mongodb_manage_service
|
||||
|
|
|
@ -49,4 +49,3 @@
|
|||
- name: Install PyMongo from PIP
|
||||
pip: name=pymongo state=latest
|
||||
when: mongodb_pymongo_from_pip
|
||||
|
||||
|
|
|
@ -7,8 +7,21 @@
|
|||
- include: configure.yml
|
||||
tags: [mongodb]
|
||||
|
||||
- include: replication_init_auth.yml
|
||||
when: ( mongodb_conf_replSet is defined and mongodb_conf_auth
|
||||
and mongodb_master is defined and mongodb_master )
|
||||
tags: [mongodb]
|
||||
|
||||
- include: replication.yml
|
||||
when: mongodb_conf_replSet != ""
|
||||
when: mongodb_conf_replSet is defined
|
||||
tags: [mongodb]
|
||||
|
||||
- include: auth_initialization.yml
|
||||
when: mongodb_conf_auth and not mongodb_conf_replSet
|
||||
tags: [mongodb]
|
||||
|
||||
- include: user_add.yml
|
||||
when: mongodb_conf_auth and mongodb_users
|
||||
tags: [mongodb]
|
||||
|
||||
- include: mms-agent.yml
|
||||
|
|
|
@ -0,0 +1,33 @@
|
|||
---
|
||||
|
||||
- name: Replication configuration
|
||||
mongodb_replication:
|
||||
login_host: "{{ mongodb_conf_bind_ip|default('localhost') }}"
|
||||
login_port: "{{ mongodb_conf_port|default(27017) }}"
|
||||
login_user: "{{ mongodb_root_admin_name }}"
|
||||
login_password: "{{ mongodb_root_admin_password }}"
|
||||
replica_set: "{{ mongodb_conf_replSet }}"
|
||||
host_name: "{{ item.host_name }}"
|
||||
host_port: "{{ item.host_port|default(27017) }}"
|
||||
host_type: "{{ item.host_type|default('replica') }}"
|
||||
with_items:
|
||||
- "{{ mongodb_replication_params }}"
|
||||
register: mongodb_replica_init
|
||||
ignore_errors: true
|
||||
|
||||
- include: auth_initialization.yml
|
||||
when: mongodb_replica_init|failed
|
||||
|
||||
- name: Replication configuration
|
||||
mongodb_replication:
|
||||
login_host: "{{ mongodb_conf_bind_ip|default('localhost') }}"
|
||||
login_port: "{{ mongodb_conf_port|default(27017) }}"
|
||||
login_user: "{{ mongodb_root_admin_name }}"
|
||||
login_password: "{{ mongodb_root_admin_password }}"
|
||||
replica_set: "{{ mongodb_conf_replSet }}"
|
||||
host_name: "{{ item.host_name }}"
|
||||
host_port: "{{ item.host_port|default(27017) }}"
|
||||
host_type: "{{ item.host_type|default('replica') }}"
|
||||
with_items:
|
||||
- "{{ mongodb_replication_params }}"
|
||||
when: mongodb_replica_init|failed
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
|
||||
- name: create normal users
|
||||
mongodb_user:
|
||||
database: "{{ item.database }}"
|
||||
name: "{{ item.name }}"
|
||||
password: "{{ item.password }}"
|
||||
roles: "{{ item.roles }}"
|
||||
replica_set: "{{ mongodb_conf_replSet }}"
|
||||
login_user: "{{ mongodb_user_admin_name }}"
|
||||
login_password: "{{ mongodb_user_admin_password }}"
|
||||
login_port: "{{ mongodb_conf_port }}"
|
||||
with_items:
|
||||
- "{{ mongodb_users }}"
|
|
@ -0,0 +1,23 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
noauth = true
|
||||
bind_ip = 127.0.0.1
|
||||
cpu = {{ mongodb_conf_cpu|to_nice_json }}
|
||||
dbpath = {{ mongodb_conf_dbpath }}
|
||||
fork = {{ mongodb_conf_fork|to_nice_json }}
|
||||
httpinterface = {{ mongodb_conf_httpinterface|to_nice_json }}
|
||||
ipv6 = {{ mongodb_conf_ipv6|to_nice_json }}
|
||||
journal = {{ mongodb_conf_journal|to_nice_json }}
|
||||
logappend = {{ mongodb_conf_logappend|to_nice_json }}
|
||||
logpath = {{ mongodb_conf_logpath }}
|
||||
maxConns = {{ mongodb_conf_maxConns }}
|
||||
noprealloc = {{ mongodb_conf_noprealloc|to_nice_json }}
|
||||
noscripting = {{ mongodb_conf_noscripting|to_nice_json }}
|
||||
notablescan = {{ mongodb_conf_notablescan|to_nice_json }}
|
||||
port = {{ mongodb_conf_port }}
|
||||
quota = {{ mongodb_conf_quota|to_nice_json }}
|
||||
{% if mongodb_conf_quota %}
|
||||
quotaFiles = {{ mongodb_conf_quotaFiles }}
|
||||
{% endif %}
|
||||
syslog = {{ mongodb_conf_syslog|to_nice_json }}
|
||||
smallfiles = {{ mongodb_conf_smallfiles|to_nice_json }}
|
|
@ -1,3 +0,0 @@
|
|||
[mongodb]
|
||||
mongodb_login_port={{ mongodb_conf_port }}
|
||||
mongodb_listen_ip={{ mongodb_conf_bind_ip }}
|
Loading…
Reference in New Issue