This role prints passwords in Ansible outputs (e.g. when creating
users, etc.). This is a problem because passwords must never appear
in plaintext under any circunstances.
This commit attempts to fix the problem described above. The option
"no_log: true" has been added to tasks which may print passwords
during Ansible execution.
The role checks if the system is running or not systemd. It checks the
name of the process with PID1, and if it contains the string "systemd"
assumes that the host is systemd-based. Unfortunately that check fails
in Ubuntu Xenial:
vagrant@mongo-xenial:~$ cat /proc/1/cmdline
/sbin/init
A better approach may be to check if /sbin/init is a symlink or a
binary. In systemd-based systems (e.g. Ubuntu Xenial), /sbin/init is a
symlink to the systemd binary:
vagrant@mongo-xenial:~$ file /sbin/init
/sbin/init: symbolic link to /lib/systemd/systemd
In Ubuntu Trusty /sbin/init is a binary:
vagrant@mongo-trusty:~$ file /sbin/init
/sbin/init: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.24,
BuildID[sha1]=7a4c688d009fc1f06ffc692f5f42ab09e68582b2, strippe
This commit attempts to solve the problem described above. The systemd
check has been rewritten to check if /sbin/init is a binary or a
symlink.
Since the service could have been stopped manually (outside Ansible) we should ensure that the service is started before waiting for the port to come up.
The init scripts that are provided assume that forking is enabled by
default. This has been left in defaults, to preserve the capability for
users to override this option.
While we could define this in the per-platform variables, including this
in the defaults maintains backwards compatability for users that want to
override this value.
This provides initial support for installing the relevant MongoDB
packages for a RedHat based OS. This currently only supports RHEL/CentOS
6 in order to keep the initial scope relatively constrained.
This has been working so far since the tests have only cared about
Ubuntu as a target. Now that RedHat is an option, the default needs to
be overriden.
Looks like when this variable was introduced, this particular task was
missed.
This has also been moved to the configuration stage, since it seems to
fit with the task for ensuring the log directory exists, too.
According to MongoDB documentation[1], "enabling internal authentication
(in a replicaset) enables access control". Therefore, if MongoDB is
configured without authentication (`auth = no`) a `keyFile` line
must not appear in the configuration file.
This commit attempts to solve the problem described above. An extra
check has been added to ensure the `keyFile` configuration option is
added only if replicaset authorization _and_ authentication is enabled.
[1]: https://docs.mongodb.org/v3.0/tutorial/enable-internal-authentication/