Move sentinel-specific database setup to the sentinel role from mongodb role

f50ceaf4 · bow · 2c5b0320 · f50ceaf4 · f50ceaf4 · f50ceaf4
Commit f50ceaf4 authored Jan 25, 2016 by bow
--- a/deployment/ansible-role-mongodb/defaults/main.yml
+++ b/deployment/ansible-role-mongodb/defaults/main.yml
@@ -9,8 +9,6 @@ mongodb_user_admin_password: userAdmin

 mongodb_users: []

-mongodb_sentinel_users: []
-
 ## System options ##
 # MongoDB package name (mongodb-org for vendor, mongodb for apt)
 mongodb_package: mongodb-org
@@ -33,9 +31,6 @@ mongodb_daemon_name: "{{ 'mongod' if ('mongodb-org' in mongodb_package) else 'mo
 # PyMongo version to install -- if evaluates to no, will install from apt instead
 mongodb_pymongo_pip_version: "2.9"

-# JS script that runs after installation for ensuring indices exist
-mongodb_js_index_script: "dbIndexSetup.js"
-
 # Location for misc files
 mongodb_misc_dir: /opt/mongodb


--- a/deployment/ansible-role-mongodb/tasks/main.yml
+++ b/deployment/ansible-role-mongodb/tasks/main.yml
@@ -9,7 +9,3 @@
 - include: config_auth.yml
  when: mongodb_conf_auth
  tags: [mongodb]
-
- include: config_db.yml
-  tags: [mongodb]
-
--- a/deployment/ansible-role-sentinel/defaults/main.yml
+++ b/deployment/ansible-role-sentinel/defaults/main.yml
@@ -15,15 +15,36 @@ sentinel_unit_tests: no
 # Whether to run integration tests before deploying. #
 sentinel_integration_tests: no

-# Sentinel database user. #
-sentinel_database_user: sentinel-api  ## TODO: sync with the mongodb role
-
-# Sentinel database user password. #
-sentinel_database_password: api  ## TODO: sync with the mongodb role
+# Sentinel-specific MongoDB users. #
+sentinel_mongodb_user_name: sentinel-api
+sentinel_mongodb_user_password: api
+
+sentinel_mongodb_users:
+  - database: sentinel
+    name: sentinel-owner
+    password: owner
+    roles: dbOwner
+  - database: sentinel
+    name: "{{ sentinel_mongodb_user_name }}"
+    password: "{{ sentinel_mongodb_user_password }}"
+    roles: readWrite
+
+# Sentinel API admin user. #
+sentinel_api_users:
+  # The default admin user
+  - id: dev
+    email: dev@sentinel.dev
+    password: dev
+    active_key: dev
+    verified: yes
+    is_admin: yes

 # Directory for storing Sentinel-related files. #
 sentinel_dir: /opt/sentinel

+# Script for creating Sentinel database index. #
+sentinel_mongodb_js_script: "dbIndexSetup.js"
+
 # Path for all deployments. #
 sentinel_deployments_dir: "{{ sentinel_dir }}/deployments"


--- a/deployment/ansible-role-mongodb/files/dbIndexSetup.js
+++ b/deployment/ansible-role-mongodb/files/dbIndexSetup.js
--- a/deployment/ansible-role-sentinel/tasks/deploy.yml
+++ b/deployment/ansible-role-sentinel/tasks/deploy.yml
@@ -62,6 +62,9 @@
  set_fact: sentinel_version="{{ cmd_sentinel_version.stdout_lines|last|replace('[info] ', '') }}"
  when: cmd_sentinel_version|success

+- include: deploy_db.yml
+  tags: [sentinel, deploy]
+
 - include: deploy_jar.yml
  tags: [sentinel, deploy]


--- a/deployment/ansible-role-mongodb/tasks/config_db.yml
+++ b/deployment/ansible-role-mongodb/tasks/config_db.yml
 ---

- name: copy index config script if defined
-  copy: src={{ mongodb_js_index_script }} dest={{ mongodb_misc_dir }} owner={{ mongodb_user }} group={{ mongodb_user }} mode=0644
-  when: mongodb_js_index_script is defined
+- name: copy database indexing script if defined
+  copy: src={{ sentinel_mongodb_js_script }} dest={{ sentinel_dir }} owner={{ sentinel_user }} group={{ sentinel_user }} mode=0644
+  when: sentinel_mongodb_js_script is defined

- name: run database config script
-  shell: /usr/bin/mongo --quiet {{ mongodb_conf_bind_ip }}:{{ mongodb_conf_port }}/sentinel {{ mongodb_misc_dir }}/{{ mongodb_js_index_script }} -u {{ mongodb_root_name }} -p {{ mongodb_root_password }} --authenticationDatabase admin
-  when: mongodb_js_index_script is defined
+- name: run database indexing script
+  shell: /usr/bin/mongo --quiet {{ mongodb_conf_bind_ip }}:{{ mongodb_conf_port }}/sentinel {{ sentinel_dir }}/{{ sentinel_mongodb_js_script }} -u {{ mongodb_root_name }} -p {{ mongodb_root_password }} --authenticationDatabase admin
+  when: sentinel_mongodb_js_script is defined
  register: js_index_script
  changed_when: js_index_script.stdout != ""

@@ -15,19 +15,19 @@
  register: api_users_exist
  changed_when: api_users_exist.stdout != "1" or api_users_exist.rc != 0
  with_items:
-    - "{{ mongodb_sentinel_users }}"
-  when: mongodb_sentinel_users is defined and mongodb_sentinel_users
+    - "{{ sentinel_api_users }}"
+  when: sentinel_api_users is defined and sentinel_api_users

 - name: copy users config script if required
-  template: src=sentinelUsersSetup.js.j2 dest={{ mongodb_misc_dir }}/sentinelUsersSetup.js owner={{ mongodb_user }} group={{ mongodb_user }} mode=0600
+  template: src=sentinelUsersSetup.js.j2 dest={{ sentinel_dir }}/sentinelUsersSetup.js owner={{ sentinel_user }} group={{ sentinel_user }} mode=0600
  when: api_users_exist|changed

 - name: run api users config script if required
-  shell: /usr/bin/mongo --quiet {{ mongodb_conf_bind_ip }}:{{ mongodb_conf_port }}/sentinel {{ mongodb_misc_dir }}/sentinelUsersSetup.js -u {{ mongodb_root_name }} -p {{ mongodb_root_password }} --authenticationDatabase admin
+  shell: /usr/bin/mongo --quiet {{ mongodb_conf_bind_ip }}:{{ mongodb_conf_port }}/sentinel {{ sentinel_dir }}/sentinelUsersSetup.js -u {{ mongodb_root_name }} -p {{ mongodb_root_password }} --authenticationDatabase admin
  register: api_users
  changed_when: api_users.stdout != ""
  when: api_users_exist|changed

 - name: remove api users config script if present
-  file: path={{ mongodb_misc_dir }}/sentinelUsersSetup.js state=absent
+  file: path={{ sentinel_dir }}/sentinelUsersSetup.js state=absent
  when: api_users_exist|changed
--- a/deployment/ansible-role-sentinel/templates/sentinel.conf.j2
+++ b/deployment/ansible-role-sentinel/templates/sentinel.conf.j2
 # {{ ansible_managed }}

-mongodb.userName={{ mongodb_user_sentinel_name }}
-mongodb.password={{ mongodb_user_sentinel_password }}
+mongodb.userName={{ sentinel_mongodb_user_name }}
+mongodb.password={{ sentinel_mongodb_user_password }}
 {% if sentinel_production %}
 sentinel.env=production
 {% else %}

--- a/deployment/ansible-role-mongodb/templates/sentinelUsersSetup.js.j2
+++ b/deployment/ansible-role-mongodb/templates/sentinelUsersSetup.js.j2
@@ -14,7 +14,7 @@ var addUserIfNotExist = function(user) {
 }

 var users = [
-{% for user in mongodb_sentinel_users %}
+{% for user in sentinel_api_users %}
  {
    id: "{{ user.id }}",
    email: "{{ user.email }}",

--- a/deployment/ansible-role-sentinel/vars/main.yml
+++ b/deployment/ansible-role-sentinel/vars/main.yml
 ---

-# Sentinel-specific MongoDB users. #
-mongodb_user_sentinel_name: sentinel-api
-mongodb_user_sentinel_password: api
-
-mongodb_users:
-  - database: sentinel
-    name: sentinel-owner
-    password: owner
-    roles: dbOwner
-  - database: sentinel
-    name: "{{ mongodb_user_sentinel_name }}"
-    password: "{{ mongodb_user_sentinel_password }}"
-    roles: readWrite
-
-# Sentinel API admin user. #
-mongodb_sentinel_users:
-  # The default admin user
-  - id: dev
-    email: dev@sentinel.dev
-    password: dev
-    active_key: dev
-    verified: yes
-    is_admin: yes
+mongodb_users: "{{ sentinel_mongodb_users }}"