Global refactoring of authorization and replication

This commit is contained in:
Sergei Antipov 2015-06-22 14:59:25 +06:00
parent 528b8a8413
commit 9442794314
9 changed files with 103 additions and 137 deletions

View File

@ -1,7 +1,9 @@
---
- name: Move back mongod.conf
template: src=mongod_init.conf.j2 dest=/etc/mongod.conf owner=root group=root mode=0644
- include: auth_initialization_ald.yml
when: ansible_local.mongodb.mongodb.mongodb_login_port is defined
- name: Restart mongodb service
service: name={{ mongodb_daemon_name }} state=restarted
- name: create administrative user siteUserAdmin
mongodb_user:
@ -9,15 +11,13 @@
name: "{{ item.name }}"
password: "{{ item.password }}"
roles: "{{ item.roles }}"
login_host: "{{ mongodb_listen_ip }}"
login_port: "{{ mongodb_conf_port }}"
with_items:
- {
name: "{{ mongodb_user_admin_name }}",
password: "{{ mongodb_user_admin_password }}",
roles: "userAdminAnyDatabase"
}
register: useradmin_user_result
when: ansible_local.mongodb.mongodb.mongodb_login_port is undefined
- name: create administrative user siteRootAdmin
mongodb_user:
@ -25,37 +25,16 @@
name: "{{ item.name }}"
password: "{{ item.password }}"
roles: "{{ item.roles }}"
login_host: "{{ mongodb_listen_ip }}"
login_user: "{{ mongodb_user_admin_name }}"
login_password: "{{ mongodb_user_admin_password }}"
login_port: "{{ mongodb_conf_port }}"
with_items:
- {
name: "{{ mongodb_root_admin_name }}",
password: "{{ mongodb_root_admin_password }}",
roles: "root"
}
register: rootadmin_user_result
when: ansible_local.mongodb.mongodb.mongodb_login_port is undefined
- name: create normal users
mongodb_user:
database: "{{ item.database }}"
name: "{{ item.name }}"
password: "{{ item.password }}"
roles: "{{ item.roles }}"
replica_set: "{{ mongodb_conf_replSet }}"
login_host: "{{ mongodb_listen_ip }}"
login_user: "{{ mongodb_user_admin_name }}"
login_password: "{{ mongodb_user_admin_password }}"
with_items:
- "{{ mongodb_users }}"
when: mongodb_users is defined and ansible_local.mongodb.mongodb.mongodb_login_port is undefined
- name: Create facts.d directory
file: path=/etc/ansible/facts.d state=directory recurse=yes
when: (ansible_local.mongodb.mongodb.mongodb_login_port is undefined) and (rootadmin_user_result|changed or useradmin_user_result|changed or config_result|changed)
- name: Create facts file for mongodb
template: src=mongodb.fact.j2 dest=/etc/ansible/facts.d/mongodb.fact
when: (ansible_local.mongodb.mongodb.mongodb_login_port is undefined) and (rootadmin_user_result|changed or useradmin_user_result|changed or config_result|changed)
- name: Move back mongod.conf
template: src=mongod.conf.j2 dest=/etc/mongod.conf owner=root group=root mode=0644
- name: Restart mongodb service
service: name={{ mongodb_daemon_name }} state=restarted

View File

@ -1,47 +0,0 @@
---
- name: create administrative user siteUserAdmin port=yes
mongodb_user:
database: admin
name: "{{ item.name }}"
password: "{{ item.password }}"
roles: "{{ item.roles }}"
login_host: "{{ mongodb_listen_ip }}"
login_port: "{{ ansible_local.mongodb.mongodb.mongodb_login_port }}"
with_items:
- {
name: "{{ mongodb_user_admin_name }}",
password: "{{ mongodb_user_admin_password }}",
roles: "userAdminAnyDatabase"
}
- name: create administrative user siteRootAdmin port=yes
mongodb_user:
database: admin
name: "{{ item.name }}"
password: "{{ item.password }}"
roles: "{{ item.roles }}"
login_host: "{{ mongodb_listen_ip }}"
login_port: "{{ ansible_local.mongodb.mongodb.mongodb_login_port }}"
login_user: "{{ mongodb_user_admin_name }}"
login_password: "{{ mongodb_user_admin_password }}"
with_items:
- {
name: "{{ mongodb_root_admin_name }}",
password: "{{ mongodb_root_admin_password }}",
roles: "root"
}
- name: create normal users port=yes
mongodb_user:
database: "{{ item.database }}"
name: "{{ item.name }}"
password: "{{ item.password }}"
roles: "{{ item.roles }}"
replica_set: "{{ mongodb_conf_replSet }}"
login_host: "{{ mongodb_listen_ip }}"
login_port: "{{ ansible_local.mongodb.mongodb.mongodb_login_port }}"
login_user: "{{ mongodb_user_admin_name }}"
login_password: "{{ mongodb_user_admin_password }}"
with_items:
- "{{ mongodb_users }}"
when: mongodb_users is defined

View File

@ -1,25 +1,5 @@
---
- name: set mongodb gid
group: name=mongodb gid={{ mongodb_gid }} state=present
when: mongodb_gid
- name: set mongodb uid
user: name=mongodb uid={{ mongodb_uid }} group=mongodb state=present
when: mongodb_uid
- name: reset mongodb folder and subfolders with new uid
file: path={{ mongodb_conf_dbpath }} owner=mongodb group=mongodb follow=yes recurse=yes state=directory
when: mongodb_uid
- name: Register default MongoDB listen IP
set_fact: mongodb_listen_ip=127.0.0.1
when: ansible_local.mongodb.mongodb.mongodb_listen_ip is undefined
- name: Register MongoDB listen IP
set_fact: mongodb_listen_ip={{ ansible_local.mongodb.mongodb.mongodb_listen_ip }}
when: ansible_local.mongodb.mongodb.mongodb_listen_ip is defined
- name: Create keyFile
copy:
dest: "{{ mongodb_conf_keyFile }}"
@ -33,32 +13,17 @@
template: src=logrotate.conf.j2 dest=/etc/logrotate.d/mongodb.conf
when: mongodb_logrotate
- name: ensure mongodb started and enabled
service: name={{ mongodb_daemon_name }} state=started enabled=yes
when: mongodb_manage_service
- name: set mongodb gid
group: name=mongodb gid={{ mongodb_gid }} state=present
when: mongodb_gid
- name: get pid of mongod
command: pidof mongod
register: mongod_pid
changed_when: false
ignore_errors: True
- name: set mongodb uid
user: name=mongodb uid={{ mongodb_uid }} group=mongodb state=present
when: mongodb_uid
- name: temporary start mongod if not started
command: '/usr/bin/mongod --config /etc/mongod.conf --fork'
when: mongod_pid.rc != 0
- name: wait MongoDB port is listening
wait_for: host="{{ mongodb_listen_ip }}" port="{{ mongodb_conf_port }}" delay=10 timeout=60 state=started
when: mongodb_force_wait_for_port or "'systemd' in systemd.stdout"
- include: auth_initialization.yml
when: mongodb_conf_auth
- name: Create mongodb user
user: name={{mongodb_user}} group={{mongodb_user}}
- name: Configure database directory
file: state=directory path={{ mongodb_conf_dbpath }} owner={{mongodb_user}} group={{mongodb_user}} mode=0755
- name: reset mongodb folder and subfolders with new uid
file: path={{ mongodb_conf_dbpath }} owner=mongodb group=mongodb follow=yes recurse=yes state=directory
when: mongodb_uid
- name: Create log dir if missing
file: state=directory recurse=yes dest={{ mongodb_conf_logpath|dirname }} owner={{ mongodb_user }} group={{mongodb_user}} mode=0755
@ -89,16 +54,6 @@
when: ansible_os_family == 'Debian' and mongodb_disable_thp
notify: restart sysfsutils
- name: get pid of mongod
command: pidof mongod
register: mongod_new_pid
changed_when: false
when: mongod_pid.rc != 0
- name: kill temporary mongod if started
command: kill {{ mongod_new_pid.stdout }}
when: mongod_pid.rc != 0
- name: mongodb restart
service: name={{ mongodb_daemon_name }} state=restarted
when: config_result|changed and mongodb_manage_service

View File

@ -49,4 +49,3 @@
- name: Install PyMongo from PIP
pip: name=pymongo state=latest
when: mongodb_pymongo_from_pip

View File

@ -7,8 +7,21 @@
- include: configure.yml
tags: [mongodb]
- include: replication_init_auth.yml
when: ( mongodb_conf_replSet is defined and mongodb_conf_auth
and mongodb_master is defined and mongodb_master )
tags: [mongodb]
- include: replication.yml
when: mongodb_conf_replSet != ""
when: mongodb_conf_replSet is defined
tags: [mongodb]
- include: auth_initialization.yml
when: mongodb_conf_auth and not mongodb_conf_replSet
tags: [mongodb]
- include: user_add.yml
when: mongodb_conf_auth and mongodb_users
tags: [mongodb]
- include: mms-agent.yml

View File

@ -0,0 +1,33 @@
---
- name: Replication configuration
mongodb_replication:
login_host: "{{ mongodb_conf_bind_ip|default('localhost') }}"
login_port: "{{ mongodb_conf_port|default(27017) }}"
login_user: "{{ mongodb_root_admin_name }}"
login_password: "{{ mongodb_root_admin_password }}"
replica_set: "{{ mongodb_conf_replSet }}"
host_name: "{{ item.host_name }}"
host_port: "{{ item.host_port|default(27017) }}"
host_type: "{{ item.host_type|default('replica') }}"
with_items:
- "{{ mongodb_replication_params }}"
register: mongodb_replica_init
ignore_errors: true
- include: auth_initialization.yml
when: mongodb_replica_init|failed
- name: Replication configuration
mongodb_replication:
login_host: "{{ mongodb_conf_bind_ip|default('localhost') }}"
login_port: "{{ mongodb_conf_port|default(27017) }}"
login_user: "{{ mongodb_root_admin_name }}"
login_password: "{{ mongodb_root_admin_password }}"
replica_set: "{{ mongodb_conf_replSet }}"
host_name: "{{ item.host_name }}"
host_port: "{{ item.host_port|default(27017) }}"
host_type: "{{ item.host_type|default('replica') }}"
with_items:
- "{{ mongodb_replication_params }}"
when: mongodb_replica_init|failed

14
tasks/user_add.yml Normal file
View File

@ -0,0 +1,14 @@
---
- name: create normal users
mongodb_user:
database: "{{ item.database }}"
name: "{{ item.name }}"
password: "{{ item.password }}"
roles: "{{ item.roles }}"
replica_set: "{{ mongodb_conf_replSet }}"
login_user: "{{ mongodb_user_admin_name }}"
login_password: "{{ mongodb_user_admin_password }}"
login_port: "{{ mongodb_conf_port }}"
with_items:
- "{{ mongodb_users }}"

View File

@ -0,0 +1,23 @@
# {{ ansible_managed }}
noauth = true
bind_ip = 127.0.0.1
cpu = {{ mongodb_conf_cpu|to_nice_json }}
dbpath = {{ mongodb_conf_dbpath }}
fork = {{ mongodb_conf_fork|to_nice_json }}
httpinterface = {{ mongodb_conf_httpinterface|to_nice_json }}
ipv6 = {{ mongodb_conf_ipv6|to_nice_json }}
journal = {{ mongodb_conf_journal|to_nice_json }}
logappend = {{ mongodb_conf_logappend|to_nice_json }}
logpath = {{ mongodb_conf_logpath }}
maxConns = {{ mongodb_conf_maxConns }}
noprealloc = {{ mongodb_conf_noprealloc|to_nice_json }}
noscripting = {{ mongodb_conf_noscripting|to_nice_json }}
notablescan = {{ mongodb_conf_notablescan|to_nice_json }}
port = {{ mongodb_conf_port }}
quota = {{ mongodb_conf_quota|to_nice_json }}
{% if mongodb_conf_quota %}
quotaFiles = {{ mongodb_conf_quotaFiles }}
{% endif %}
syslog = {{ mongodb_conf_syslog|to_nice_json }}
smallfiles = {{ mongodb_conf_smallfiles|to_nice_json }}

View File

@ -1,3 +0,0 @@
[mongodb]
mongodb_login_port={{ mongodb_conf_port }}
mongodb_listen_ip={{ mongodb_conf_bind_ip }}