From d6aa8e0ffa70ec3590a01eaec65626209db6c1b1 Mon Sep 17 00:00:00 2001 From: Sergei Antipov Date: Tue, 10 Feb 2015 13:45:52 +0600 Subject: [PATCH] Changes in autorization --- defaults/main.yml | 7 +++++-- tasks/authorization.yml | 18 +++++++++--------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index ba93b44..74f7ada 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -41,7 +41,6 @@ mongodb_shell: {} # Define mongo shell commands # dbname: # - db.setProfilingLevel(1, 50) - # MMS Agent mongodb_mms_agent_pkg: https://mms.mongodb.com/download/agent/automation/mongodb-mms-automation-agent-manager_1.4.2.783-1_amd64.deb mongodb_mms_group_id: "" @@ -59,6 +58,7 @@ mongodb_logrotate_options: - size 10M # password for inter-process authentication +# please regenerate this file on production environment with command 'openssl rand -base64 741' mongodb_keyfile_content: | 8pYcxvCqoe89kcp33KuTtKVf5MoHGEFjTnudrq5BosvWRoIxLowmdjrmUpVfAivh CHjqM6w0zVBytAxH1lW+7teMYe6eDn2S/O/1YlRRiW57bWU3zjliW3VdguJar5i9 @@ -77,6 +77,9 @@ mongodb_keyfile_content: | T+c73exupZFxItXs1Bnhe3djgE3MKKyYvxNUIbcTJoe7nhVMrwO/7lBSpVLvC4p3 wR700U0LDaGGQpslGtiE56SemgoP -# password for administrative users +# names and passwords for administrative users +mongodb_user_admin_name: siteUserAdmin mongodb_user_admin_password: passw0rd + +mongodb_root_admin_name: siteRootAdmin mongodb_root_admin_password: passw0rd diff --git a/tasks/authorization.yml b/tasks/authorization.yml index 1ddf707..4254c64 100644 --- a/tasks/authorization.yml +++ b/tasks/authorization.yml @@ -4,31 +4,31 @@ apt: name=python-pymongo - name: create administrative user siteRootAdmin - mongodb_user: + mongodb_user: database: admin name: "{{ item.name }}" password: "{{ item.password }}" roles: "{{ item.roles }}" login_host: "{{ mongodb_user_login_host|default('localhost') }}" with_items: - - { - name: siteRootAdmin, + - { + name: "{{ mongodb_root_admin_name }}", password: "{{ mongodb_root_admin_password }}", roles: "root" } - name: create administrative user siteUserAdmin - mongodb_user: + mongodb_user: database: admin name: "{{ item.name }}" password: "{{ item.password }}" roles: "{{ item.roles }}" login_host: "{{ mongodb_user_login_host|default('localhost') }}" - login_user: "siteRootAdmin" + login_user: "{{ mongodb_root_admin_name }}" login_password: "{{ mongodb_root_admin_password }}" with_items: - - { - name: siteUserAdmin, + - { + name: "{{ mongodb_user_admin_name }}", password: "{{ mongodb_user_admin_password }}", roles: "userAdminAnyDatabase" } @@ -40,8 +40,8 @@ password: "{{ item.password }}" roles: "{{ item.roles }}" login_host: "{{ mongodb_user_login_host|default('localhost') }}" - login_user: "siteRootAdmin" + login_user: "{{ mongodb_root_admin_name }}" login_password: "{{ mongodb_root_admin_password }}" with_items: - - {{ mongodb_users }} + - "{{ mongodb_users }}" when: mongodb_users is defined