--- - name: Check value of variable mongodb_net_ssl_host fail: msg: 'Set mongodb_net_ssl_mode is preferSSL or set valid hostname for mongodb_net_ssl_host!' when: ( mongodb_net_ssl_mode == 'requireSSL' and mongodb_net_ssl_host == '' ) - name: Check value of variable mongodb_login_host fail: msg: 'Set mongodb_login_host equal mongodb_net_ssl_host!' when: ( mongodb_net_ssl_mode == 'requireSSL' and mongodb_net_ssl_host != mongodb_login_host and not mongodb_replication_replset ) - name: Include OS-specific variables include_vars: "{{ item }}" with_first_found: - "{{ ansible_distribution_release }}.yml" - "{{ ansible_distribution }}.yml" - "{{ ansible_os_family }}.yml" - name: Include installation tasks include: "{{ item }}" with_first_found: - "install.{{ ansible_distribution | lower }}.yml" - "install.{{ ansible_os_family | lower }}.yml" tags: [mongodb] - name: Include configuration.yml include: configure.yml tags: [mongodb] - name: Include replication and auth configuration include: replication_init_auth.yml when: ( mongodb_replication_replset | length > 0 and mongodb_security_authorization == 'enabled' and mongodb_master is defined and mongodb_master ) tags: [mongodb] - name: Include replication configuration include: replication.yml when: mongodb_replication_replset | length > 0 tags: [mongodb] - name: Check where admin user already exists command: > mongo --quiet {{ '--ssl --host ' + mongodb_net_ssl_host if mongodb_net_ssl_mode == 'requireSSL' else '' }} -u {{ mongodb_user_admin_name }} \ -p {{ mongodb_user_admin_password }} --port {{ mongodb_net_port }} --eval 'db.version()' admin register: mongodb_user_admin_check changed_when: false check_mode: no ignore_errors: true when: ( mongodb_security_authorization == 'enabled' and not mongodb_replication_replset ) no_log: true tags: [mongodb] - name: Include authorization configuration include: auth_initialization.yml when: ( mongodb_security_authorization == 'enabled' and not mongodb_replication_replset and mongodb_user_admin_check.rc != 0 ) tags: [mongodb] - name: create normal users with replicaset mongodb_user: database: "{{ item.database }}" name: "{{ item.name }}" password: "{{ item.password }}" update_password: "{{ mongodb_user_update_password }}" roles: "{{ item.roles }}" login_user: "{{ mongodb_user_admin_name }}" login_password: "{{ mongodb_user_admin_password }}" login_port: "{{ mongodb_login_port|default(27017) }}" login_host: "{{ mongodb_login_host|default('localhost') }}" ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}" with_items: - "{{ mongodb_users | default([]) }}" when: ( mongodb_replication_replset and mongodb_security_authorization == 'enabled' and mongodb_master is defined and mongodb_master ) no_log: true tags: [mongodb] - name: create normal users without replicaset mongodb_user: database: "{{ item.database }}" name: "{{ item.name }}" password: "{{ item.password }}" update_password: "{{ mongodb_user_update_password }}" roles: "{{ item.roles }}" login_user: "{{ mongodb_user_admin_name }}" login_password: "{{ mongodb_user_admin_password }}" login_port: "{{ mongodb_net_port }}" login_host: "{{ mongodb_login_host|default('localhost') }}" ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}" with_items: - "{{ mongodb_users | default([]) }}" when: ( mongodb_security_authorization == 'enabled' and not mongodb_replication_replset ) no_log: true tags: [mongodb] - name: create oplog user with replicaset mongodb_user: database: admin user: "{{ item.user }}" password: "{{ item.password }}" update_password: "{{ mongodb_user_update_password }}" roles: - db: local role: read login_user: "{{ mongodb_user_admin_name }}" login_password: "{{ mongodb_user_admin_password }}" login_port: "{{ mongodb_login_port|default(27017) }}" login_host: "{{ mongodb_login_host|default('localhost') }}" ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}" with_items: - "{{ mongodb_oplog_users | default([]) }}" when: ( mongodb_replication_replset | length > 0 and mongodb_security_authorization == 'enabled' and mongodb_master is defined and mongodb_master ) no_log: false tags: [mongodb] - name: service started service: name: "{{ mongodb_daemon_name }}" state: started enabled: yes - name: Include MMS Agent configuration include: mms-agent.yml when: mongodb_mms_api_key | length > 0 tags: [mongodb]