diff --git a/defaults/main.yml b/defaults/main.yml index 4249507..79204e7 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -31,6 +31,7 @@ mongodb_net_port: 27017 # Specify port number mongodb_net_ssl: disabled # Enable or disable ssl connections mongodb_net_ssl_mode: "" # Set the ssl mode (RequireSSL / preferSSL / AllowSSL / disabled) mongodb_net_ssl_pemfile: "" # Location of the pemfile to use for ssl +mongodb_net_ssl_host: "" # Valid ssl hostname ## processManagement Options # Fork server process diff --git a/tasks/main.yml b/tasks/main.yml index be24901..e0a1d95 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,5 +1,18 @@ --- +- name: Check value of variable mongodb_net_ssl_host + fail: + msg: 'Set mongodb_net_ssl_mode is preferSSL or set valid hostname for mongodb_net_ssl_host!' + when: ( mongodb_net_ssl_mode == 'requireSSL' + and mongodb_net_ssl_host == '' ) + +- name: Check value of variable mongodb_login_host + fail: + msg: 'Set mongodb_login_host equal mongodb_net_ssl_host!' + when: ( mongodb_net_ssl_mode == 'requireSSL' + and mongodb_net_ssl_host != mongodb_login_host + and not mongodb_replication_replset ) + - name: Include OS-specific variables include_vars: "{{ item }}" with_first_found: @@ -32,7 +45,7 @@ - name: Check where admin user already exists command: > - mongo --quiet -u {{ mongodb_user_admin_name }} \ + mongo --quiet {{ '--ssl --host ' + mongodb_net_ssl_host if mongodb_net_ssl_mode == 'requireSSL' else '' }} -u {{ mongodb_user_admin_name }} \ -p {{ mongodb_user_admin_password }} --port {{ mongodb_net_port }} --eval 'db.version()' admin register: mongodb_user_admin_check changed_when: false @@ -61,6 +74,7 @@ login_password: "{{ mongodb_user_admin_password }}" login_port: "{{ mongodb_login_port|default(27017) }}" login_host: "{{ mongodb_login_host|default('localhost') }}" + ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}" with_items: - "{{ mongodb_users | default([]) }}" when: ( mongodb_replication_replset @@ -79,6 +93,8 @@ login_user: "{{ mongodb_user_admin_name }}" login_password: "{{ mongodb_user_admin_password }}" login_port: "{{ mongodb_net_port }}" + login_host: "{{ mongodb_login_host|default('localhost') }}" + ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}" with_items: - "{{ mongodb_users | default([]) }}" when: ( mongodb_security_authorization == 'enabled' @@ -99,6 +115,7 @@ login_password: "{{ mongodb_user_admin_password }}" login_port: "{{ mongodb_login_port|default(27017) }}" login_host: "{{ mongodb_login_host|default('localhost') }}" + ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}" with_items: - "{{ mongodb_oplog_users | default([]) }}" when: ( mongodb_replication_replset | length > 0 diff --git a/tasks/replication.yml b/tasks/replication.yml index aa3294b..2464636 100644 --- a/tasks/replication.yml +++ b/tasks/replication.yml @@ -14,6 +14,7 @@ hidden: "{{ item.hidden|default(false) }}" priority: "{{ item.priority|default(1.0) }}" votes: "{{ item.votes|default(omit) }}" + ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}" when: mongodb_security_authorization == 'enabled' with_items: - "{{ mongodb_replication_params|default([]) }}" @@ -30,6 +31,7 @@ hidden: "{{ item.hidden|default(false) }}" priority: "{{ item.priority|default(1.0) }}" votes: "{{ item.votes|default(omit) }}" + ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}" when: mongodb_security_authorization == 'disabled' with_items: - "{{ mongodb_replication_params|default([]) }}" diff --git a/tasks/replication_init_auth.yml b/tasks/replication_init_auth.yml index 76657db..1532d4b 100644 --- a/tasks/replication_init_auth.yml +++ b/tasks/replication_init_auth.yml @@ -13,6 +13,7 @@ hidden: "{{ item.hidden|default(false) }}" priority: "{{ item.priority|default(1.0) }}" votes: "{{ item.votes|default(omit) }}" + ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}" with_items: - "{{ mongodb_replication_params|default([]) }}" register: mongodb_replica_init @@ -35,6 +36,7 @@ hidden: "{{ item.hidden|default(false) }}" priority: "{{ item.priority|default(1.0) }}" votes: "{{ item.votes|default(omit) }}" + ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}" when: mongodb_replica_init is failed with_items: - "{{ mongodb_replication_params|default([]) }}"