Commit #d9393b1 did not completely fixed the systemd-related issues.
The handler "reload systemd" has a "when" clause which fails in
systemd-based systems.
This commit attempts to fix the problem described above. The "when"
clause in the handler "reload systemd" has been fixed. Some facts has
been added in the install playbook, in order to make the code more
simple and easier to maintain.
This role prints passwords in Ansible outputs (e.g. when creating
users, etc.). This is a problem because passwords must never appear
in plaintext under any circunstances.
This commit attempts to fix the problem described above. The option
"no_log: true" has been added to tasks which may print passwords
during Ansible execution.
The role checks if the system is running or not systemd. It checks the
name of the process with PID1, and if it contains the string "systemd"
assumes that the host is systemd-based. Unfortunately that check fails
in Ubuntu Xenial:
vagrant@mongo-xenial:~$ cat /proc/1/cmdline
/sbin/init
A better approach may be to check if /sbin/init is a symlink or a
binary. In systemd-based systems (e.g. Ubuntu Xenial), /sbin/init is a
symlink to the systemd binary:
vagrant@mongo-xenial:~$ file /sbin/init
/sbin/init: symbolic link to /lib/systemd/systemd
In Ubuntu Trusty /sbin/init is a binary:
vagrant@mongo-trusty:~$ file /sbin/init
/sbin/init: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.24,
BuildID[sha1]=7a4c688d009fc1f06ffc692f5f42ab09e68582b2, strippe
This commit attempts to solve the problem described above. The systemd
check has been rewritten to check if /sbin/init is a binary or a
symlink.
Since the service could have been stopped manually (outside Ansible) we should ensure that the service is started before waiting for the port to come up.
Looks like when this variable was introduced, this particular task was
missed.
This has also been moved to the configuration stage, since it seems to
fit with the task for ensuring the log directory exists, too.
According to MongoDB documentation[1], "enabling internal authentication
(in a replicaset) enables access control". Therefore, if MongoDB is
configured without authentication (`auth = no`) a `keyFile` line
must not appear in the configuration file.
This commit attempts to solve the problem described above. An extra
check has been added to ensure the `keyFile` configuration option is
added only if replicaset authorization _and_ authentication is enabled.
[1]: https://docs.mongodb.org/v3.0/tutorial/enable-internal-authentication/