Commit a61fb06c authored by bow's avatar bow
Browse files

Update mongodb role with custom config + logging + initial users

parent 3d5eef99
---
## User-specific options ##
# Database root user
mongodb_user_root_name: db-root
mongodb_user_root_password: root
mongodb_user_sentinel_name: sentinel-api
mongodb_user_sentinel_password: api
## System options ##
# MongoDB package name (mongodb-org for vendor, mongodb for apt)
mongodb_package: mongodb-org
# APT keyserver
mongodb_apt_key_keyserver: hkp://keyserver.ubuntu.com:80
# Vendor APT key
mongodb_apt_key_id: EA312927
# Toggle transparent huge page
mongodb_disable_thp: true
# User name for the mongodb process
mongodb_user: mongodb
# Daemon name, which is different in the official repo and the vendor repo
mongodb_daemon_name: "{{ 'mongod' if ('mongodb-org' in mongodb_package) else 'mongodb' }}"
# PyMongo version to install -- if evaluates to false, will install from apt instead
mongodb_pymongo_pip_version: "2.9"
## Config file options ##
# Enable security
mongodb_conf_auth: true
# Comma separated list of ip addresses to listen on
mongodb_conf_bind_ip: 127.0.0.1
# Periodically show cpu and iowait utilization
mongodb_conf_cpu: true
# Directory for datafiles
mongodb_conf_dbpath: /data/mongodb
# Fork server process
mongodb_conf_fork: false
# Enable http interface
mongodb_conf_httpinterface: false
# Enable IPv6 support (disabled by default)
mongodb_conf_ipv6: false
# Enable journaling
mongodb_conf_journal: true
# Append to logpath instead of over-writing
mongodb_conf_logappend: true
# Log file to send write to instead of stdout
mongodb_conf_logpath: "/var/log/mongodb/{{ mongodb_daemon_name }}.log"
# Max number of simultaneous connections
mongodb_conf_maxConns: 10000
# Disable data file preallocation
mongodb_conf_noprealloc: false
# Disable smallfiles option
mongodb_conf_smallfiles: false
# Disable scripting engine
mongodb_conf_noscripting: false
# Do not allow table scans
mongodb_conf_notablescan: false
# Specify port number
mongodb_conf_port: 27017
# Limits each database to a certain number of files
mongodb_conf_quota: false
# Number of quota files
mongodb_conf_quotaFiles: 8
## logrotate options ##
# Log rotation toggle
mongodb_logrotate: true
# Log rotation options
mongodb_logrotate_options:
- size 10M
- weekly
- rotate 4
- dateext
- compress
- notifempty
- copytruncate
---
- name: reload mongodb
service: name={{ mongodb_daemon_name }} state=reloaded
- name: restart mongodb
service: name=mongod state=restarted enabled=yes
service: name={{ mongodb_daemon_name }} state=restarted
---
- name: check if database root user exists
shell: "/usr/bin/mongo --quiet -u {{ mongodb_user_root_name }} -p {{ mongodb_user_root_password }} --eval \"db.system.users.find({user: '{{ mongodb_user_root_name }}'}).count()\" admin || true"
register: root_user_exists
changed_when: root_user_exists.stdout != "1" or root_user_exists.rc != 0
- name: check if database sentinel user exists
shell: "/usr/bin/mongo --quiet -u {{ mongodb_user_root_name }} -p {{ mongodb_user_root_password }} --eval \"db.system.users.find({user: '{{ mongodb_user_sentinel_name }}'}).count()\" admin || true"
register: sentinel_user_exists
changed_when: sentinel_user_exists.stdout != "1" or sentinel_user_exists.rc != 0
- name: disable authentication on mongod.conf
template: src=mongod_noauth.conf.j2 dest=/etc/mongod.conf owner=root group=root mode=0644
when: root_user_exists|changed or sentinel_user_exists|changed
- name: restart mongodb
service: name={{ mongodb_daemon_name }} state=restarted
when: root_user_exists|changed or sentinel_user_exists|changed
- name: create database root user in admin
mongodb_user:
database: admin
name: "{{ item.name }}"
password: "{{ item.password }}"
roles: "{{ item.roles }}"
login_port: "{{ mongodb_conf_port }}"
state: present
with_items:
- {
name: "{{ mongodb_user_root_name }}",
password: "{{ mongodb_user_root_password }}",
roles: "root"
}
when: root_user_exists|changed
- name: create database sentinel user in sentinel
mongodb_user:
database: sentinel
name: "{{ item.name }}"
password: "{{ item.password }}"
roles: "{{ item.roles }}"
login_port: "{{ mongodb_conf_port }}"
state: present
with_items:
- {
name: "{{ mongodb_user_sentinel_name }}",
password: "{{ mongodb_user_sentinel_password }}",
roles: "readWrite"
}
when: sentinel_user_exists|changed
- name: restore mongod.conf
template: src=mongod.conf.j2 dest=/etc/mongod.conf owner=root group=root mode=0644
when: root_user_exists|changed or sentinel_user_exists|changed
- name: restart mongodb
service: name={{ mongodb_daemon_name }} state=restarted
when: root_user_exists|changed or sentinel_user_exists|changed
---
- name: set log rotation config
template: src=logrotate.conf.j2 dest=/etc/logrotate.d/mongodb.conf
when: mongodb_logrotate
- name: create log directory if missing
file: state=directory recurse=yes dest={{ mongodb_conf_logpath|dirname }} owner={{ mongodb_user }} group={{ mongodb_user }} mode=0755
- name: ensure logfile exists
stat: path={{ mongodb_conf_logpath }}
register: mongodb_log_conf
- name: create logfile if missing
file: state=touch dest={{ mongodb_conf_logpath }} owner={{ mongodb_user }} group={{ mongodb_user }} mode=0755
when: mongodb_log_conf is defined and not mongodb_log_conf.stat.exists
- name: set config
template: src=mongod.conf.j2 dest=/etc/mongod.conf backup=yes owner=root group=root mode=0644
register: mongodb_conf
- name: create data directory if missing
file: state=directory path={{ mongodb_conf_dbpath }} owner={{ mongodb_user }} group={{ mongodb_user }} mode=0755
- name: restart mongodb if config changed
service: name={{ mongodb_daemon_name }} state=restarted
when: mongodb_conf|changed
---
- name: add mongodb vendor apt key
apt_key: keyserver=hkp://keyserver.ubuntu.com:80 id=EA312927 state=present
- name: add mongodb vendor repository
apt_repository: repo="deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.2 main" state=present
- name: install mongodb-org
apt: pkg=mongodb-org state=present
- name: install PyMongo from apt
apt: pkg=python-pymongo state=latest
when: not mongodb_pymongo_pip_version
- name: install pip
apt: pkg={{ item }}
with_items:
- python-dev
- python-pip
when: mongodb_pymongo_pip_version
- name: install PyMongo from pip
pip: name=pymongo version="{{ mongodb_pymongo_pip_version }}" state=present
when: mongodb_pymongo_pip_version
---
- name: add mongodb vendor apt key
apt_key: keyserver=hkp://keyserver.ubuntu.com:80 id=EA312927 state=present
- include: install.yml
tags: [mongodb]
- name: add mongodb vendor repository
apt_repository: repo='deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.2 main' state=present
- include: configure.yml
tags: [mongodb]
- name: install mongodb-org
apt: pkg=mongodb-org state=present
- name: start mongodb
service: name=mongod state=started enabled=true
- include: auth_init.yml
when: mongodb_conf_auth
tags: [mongodb]
# {{ ansible_managed }}
{{ mongodb_conf_logpath }} {
{% for option in mongodb_logrotate_options %}
{{ option }}
{% endfor %}
}
# {{ ansible_managed }}
auth = {{ mongodb_conf_auth|to_nice_json }}
bind_ip = {{ mongodb_conf_bind_ip }}
cpu = {{ mongodb_conf_cpu|to_nice_json }}
dbpath = {{ mongodb_conf_dbpath }}
fork = {{ mongodb_conf_fork|to_nice_json }}
httpinterface = {{ mongodb_conf_httpinterface|to_nice_json }}
ipv6 = {{ mongodb_conf_ipv6|to_nice_json }}
journal = {{ mongodb_conf_journal|to_nice_json }}
logappend = {{ mongodb_conf_logappend|to_nice_json }}
logpath = {{ mongodb_conf_logpath }}
maxConns = {{ mongodb_conf_maxConns }}
noprealloc = {{ mongodb_conf_noprealloc|to_nice_json }}
noscripting = {{ mongodb_conf_noscripting|to_nice_json }}
notablescan = {{ mongodb_conf_notablescan|to_nice_json }}
port = {{ mongodb_conf_port }}
quota = {{ mongodb_conf_quota|to_nice_json }}
{% if mongodb_conf_quota %}
quotaFiles = {{ mongodb_conf_quotaFiles }}
{% endif %}
smallfiles = {{ mongodb_conf_smallfiles|to_nice_json }}
# {{ ansible_managed }}
noauth = true
bind_ip = 127.0.0.1
cpu = {{ mongodb_conf_cpu|to_nice_json }}
dbpath = {{ mongodb_conf_dbpath }}
fork = {{ mongodb_conf_fork|to_nice_json }}
httpinterface = {{ mongodb_conf_httpinterface|to_nice_json }}
ipv6 = {{ mongodb_conf_ipv6|to_nice_json }}
journal = {{ mongodb_conf_journal|to_nice_json }}
logappend = {{ mongodb_conf_logappend|to_nice_json }}
logpath = {{ mongodb_conf_logpath }}
maxConns = {{ mongodb_conf_maxConns }}
noprealloc = {{ mongodb_conf_noprealloc|to_nice_json }}
noscripting = {{ mongodb_conf_noscripting|to_nice_json }}
notablescan = {{ mongodb_conf_notablescan|to_nice_json }}
port = {{ mongodb_conf_port }}
quota = {{ mongodb_conf_quota|to_nice_json }}
{% if mongodb_conf_quota %}
quotaFiles = {{ mongodb_conf_quotaFiles }}
{% endif %}
smallfiles = {{ mongodb_conf_smallfiles|to_nice_json }}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment