mirror of
https://github.com/status-im/ansible-role-mongodb.git
synced 2025-01-12 14:34:13 +00:00
e5b79820c8
Add functionality to create oplog users
117 lines
3.9 KiB
YAML
117 lines
3.9 KiB
YAML
---
|
|
|
|
- name: Include OS-specific variables
|
|
include_vars: "{{ item }}"
|
|
with_first_found:
|
|
- "{{ ansible_distribution_release }}.yml"
|
|
- "{{ ansible_distribution }}.yml"
|
|
- "{{ ansible_os_family }}.yml"
|
|
|
|
- name: Include installation tasks
|
|
include: "install.{{ ansible_os_family | lower }}.yml"
|
|
tags: [mongodb]
|
|
|
|
- name: Include configuration.yml
|
|
include: configure.yml
|
|
tags: [mongodb]
|
|
|
|
- name: Include replication and auth configuration
|
|
include: replication_init_auth.yml
|
|
when: ( mongodb_replication_replset
|
|
and mongodb_replication_replset != ''
|
|
and mongodb_security_authorization == 'enabled'
|
|
and mongodb_master is defined and mongodb_master )
|
|
tags: [mongodb]
|
|
|
|
- name: Include replication configuration
|
|
include: replication.yml
|
|
when: mongodb_replication_replset and mongodb_replication_replset != ''
|
|
tags: [mongodb]
|
|
|
|
- name: Check where admin user already exists
|
|
command: >
|
|
mongo --quiet -u {{ mongodb_user_admin_name }} \
|
|
-p {{ mongodb_user_admin_password }} --port {{ mongodb_net_port }} --eval 'db.version()' admin
|
|
register: mongodb_user_admin_check
|
|
changed_when: false
|
|
check_mode: no
|
|
ignore_errors: true
|
|
when: ( mongodb_security_authorization == 'enabled'
|
|
and (not mongodb_replication_replset
|
|
or mongodb_replication_replset == '') )
|
|
no_log: true
|
|
tags: [mongodb]
|
|
|
|
- name: Include authorization configuration
|
|
include: auth_initialization.yml
|
|
when: ( mongodb_security_authorization == 'enabled'
|
|
and (not mongodb_replication_replset
|
|
or mongodb_replication_replset == '')
|
|
and mongodb_user_admin_check.rc != 0 )
|
|
tags: [mongodb]
|
|
|
|
- name: create normal users with replicaset
|
|
mongodb_user_fixed:
|
|
database: "{{ item.database }}"
|
|
name: "{{ item.name }}"
|
|
password: "{{ item.password }}"
|
|
update_password: "{{ mongodb_user_update_password }}"
|
|
roles: "{{ item.roles }}"
|
|
login_user: "{{ mongodb_user_admin_name }}"
|
|
login_password: "{{ mongodb_user_admin_password }}"
|
|
login_port: "{{ mongodb_login_port|default(27017) }}"
|
|
login_host: "{{ mongodb_login_host|default('localhost') }}"
|
|
with_items:
|
|
- "{{ mongodb_users | default([]) }}"
|
|
when: ( mongodb_replication_replset
|
|
and mongodb_replication_replset != ''
|
|
and mongodb_security_authorization == 'enabled'
|
|
and mongodb_master is defined and mongodb_master )
|
|
no_log: true
|
|
tags: [mongodb]
|
|
|
|
- name: create normal users without replicaset
|
|
mongodb_user_fixed:
|
|
database: "{{ item.database }}"
|
|
name: "{{ item.name }}"
|
|
password: "{{ item.password }}"
|
|
update_password: "{{ mongodb_user_update_password }}"
|
|
roles: "{{ item.roles }}"
|
|
login_user: "{{ mongodb_user_admin_name }}"
|
|
login_password: "{{ mongodb_user_admin_password }}"
|
|
login_port: "{{ mongodb_net_port }}"
|
|
with_items:
|
|
- "{{ mongodb_users | default([]) }}"
|
|
when: ( mongodb_security_authorization == 'enabled'
|
|
and (not mongodb_replication_replset
|
|
or mongodb_replication_replset == '') )
|
|
no_log: true
|
|
tags: [mongodb]
|
|
|
|
- name: create oplog user with replicaset
|
|
mongodb_user_fixed:
|
|
database: admin
|
|
user: "{{ item.user }}"
|
|
password: "{{ item.password }}"
|
|
update_password: "{{ mongodb_user_update_password }}"
|
|
roles:
|
|
- db: local
|
|
role: read
|
|
login_user: "{{ mongodb_user_admin_name }}"
|
|
login_password: "{{ mongodb_user_admin_password }}"
|
|
login_port: "{{ mongodb_login_port|default(27017) }}"
|
|
login_host: "{{ mongodb_login_host|default('localhost') }}"
|
|
with_items:
|
|
- "{{ mongodb_oplog_users | default([]) }}"
|
|
when: ( mongodb_replication_replset
|
|
and mongodb_replication_replset != ''
|
|
and mongodb_security_authorization == 'enabled'
|
|
and mongodb_master is defined and mongodb_master )
|
|
no_log: false
|
|
tags: [mongodb]
|
|
|
|
- name: Include MMS Agent configuration
|
|
include: mms-agent.yml
|
|
when: mongodb_mms_api_key != ""
|
|
tags: [mongodb]
|