First commit.
parent
3ba2fbc32d
commit
37ed51d2d8
@ -1,2 +1,86 @@
|
|||||||
---
|
---
|
||||||
# defaults file for ansible-role-template
|
mongodb_install_from_external_repo: False
|
||||||
|
mongodb_repo_keys:
|
||||||
|
- 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5
|
||||||
|
- EA312927
|
||||||
|
- 0C49F3730359A14518585931BC711F9BA15703C6
|
||||||
|
mongodb_apt_repository: "deb http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/{{ mongodb_version }} multiverse"
|
||||||
|
|
||||||
|
mongodb_old_repositories:
|
||||||
|
- "deb http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/3.0 multiverse"
|
||||||
|
- "deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen"
|
||||||
|
|
||||||
|
mongodb_install_packages: True
|
||||||
|
mongodb_install_server: True
|
||||||
|
mongodb_install_conf: True
|
||||||
|
mongodb_upgrade_from_older_version: False
|
||||||
|
mongodb_version: 3.6
|
||||||
|
# Set to 'latest' if you want to get the latest available package
|
||||||
|
mongodb_pkg_state: present
|
||||||
|
mongodb_server_pkgs_external_repo:
|
||||||
|
- mongodb-org
|
||||||
|
- mongodb-org-mongos
|
||||||
|
- mongodb-org-server
|
||||||
|
- mongodb-org-shell
|
||||||
|
- mongodb-org-tools
|
||||||
|
|
||||||
|
mongodb_client_pkgs_external_repo:
|
||||||
|
- mongodb-org-shell
|
||||||
|
|
||||||
|
mongodb_server_pkgs:
|
||||||
|
- mongodb
|
||||||
|
- mongodb-server
|
||||||
|
- mongo-tools
|
||||||
|
|
||||||
|
mongodb_client_pkgs:
|
||||||
|
- mongodb-clients
|
||||||
|
|
||||||
|
mongodb_start_server: 'yes'
|
||||||
|
mongodb_tcp_port: 27017
|
||||||
|
mongo_bind_ip: 0.0.0.0
|
||||||
|
mongodb_http_interface: 'false'
|
||||||
|
mongodb_user: mongodb
|
||||||
|
mongodb_group: mongodb
|
||||||
|
mongodb_logdir: /var/log/mongodb
|
||||||
|
mongodb_log_file: mongod.log
|
||||||
|
mongodb_logpath: '{{ mongodb_logdir }}/{{ mongodb_log_file }}'
|
||||||
|
mongodb_dbpath: /var/lib/mongodb
|
||||||
|
mongodb_directoryperdb: 'false'
|
||||||
|
mongodb_conf_file: /etc/mongod.conf
|
||||||
|
mongodb_daemon: /usr/bin/mongod
|
||||||
|
mongod_additional_options: ""
|
||||||
|
mongodb_allowed_hosts:
|
||||||
|
- 127.0.0.1/8
|
||||||
|
- '{{ ansible_default_ipv4.address }}/32'
|
||||||
|
|
||||||
|
mongodb_storage_engine: wiredTiger
|
||||||
|
|
||||||
|
mongodb_ssl_enabled: True
|
||||||
|
mongodb_ssl_letsencrypt_managed: True
|
||||||
|
mongodb_ssl_letsencrypt_ca_dir: '/etc/ssl/certs'
|
||||||
|
# Default CA file on Ubuntu
|
||||||
|
mongodb_ssl_letsencrypt_ca_filename: 'ca-certificates.crt'
|
||||||
|
# Options: disabled, requireSSL, allowSSL, preferSSL
|
||||||
|
mongodb_ssl_mode: requireSSL
|
||||||
|
mongodb_ssl_cert_dir: /etc/pki/mongodb
|
||||||
|
mongodb_ssl_certkey_file: '{{ mongodb_ssl_cert_dir }}/mongodb.pem'
|
||||||
|
mongodb_ssl_CA_file: '{{ mongodb_ssl_letsencrypt_ca_dir }}/{{ mongodb_ssl_letsencrypt_ca_filename }}'
|
||||||
|
mongodb_ssl_allowConnectionsWithoutCertificates: 'true'
|
||||||
|
mongodb_ssl_disabled_protocols: 'TLS1_0,TLS1_1'
|
||||||
|
|
||||||
|
# Do not change the default. We do not manage a logrotate configuration yet
|
||||||
|
mongodb_logrotate_management: True
|
||||||
|
mongodb_systemlog_external_logrotate: False
|
||||||
|
mongodb_systemlog_destination: file
|
||||||
|
mongodb_log_retain_days: 7
|
||||||
|
# Not used anymore inside the template. Now we use different values based on mongodb_systemlog_external_logrotate
|
||||||
|
mongodb_systemlog_logappend: 'true'
|
||||||
|
mongodb_systemlog_logrotate: reopen
|
||||||
|
|
||||||
|
mongodb_cluster_enabled: False
|
||||||
|
mongodb_authorization_enabled: False
|
||||||
|
mongodb_replicaset: storagedev
|
||||||
|
mongodb_replica_keyfile: '{{ mongodb_dbpath }}/replica_keyfile'
|
||||||
|
|
||||||
|
# User and password are stored in the variables mongo_monitoring_u and mongo_monitoring_pwd
|
||||||
|
|
||||||
|
@ -1,2 +1,9 @@
|
|||||||
---
|
---
|
||||||
# handlers file for ansible-role-template
|
- name: Restart mongod
|
||||||
|
service: name=mongod state=restarted
|
||||||
|
when: "'{{ mongodb_start_server }}' == 'yes'"
|
||||||
|
|
||||||
|
- name: Restart mongodb
|
||||||
|
service: name=mongodb state=restarted
|
||||||
|
when: "'{{ mongodb_start_server }}' == 'yes'"
|
||||||
|
|
||||||
|
@ -1,46 +1,23 @@
|
|||||||
galaxy_info:
|
galaxy_info:
|
||||||
author: your name
|
author: Andrea Dell'Amico
|
||||||
description: your description
|
description: Systems Architect
|
||||||
company: your company (optional)
|
company: ISTI-CNR
|
||||||
|
|
||||||
# If the issue tracker for your role is not on github, uncomment the
|
issue_tracker_url: https://redmine-s2i2s.isti.cnr.it/projects/provisioning
|
||||||
# next line and provide a value
|
|
||||||
issue_tracker_url: https://support.d4science.org/projects/automatic-provisioning/issues
|
|
||||||
|
|
||||||
license: EUPL-1.2
|
license: EUPL 1.2+
|
||||||
|
|
||||||
min_ansible_version: 2.8
|
min_ansible_version: 2.8
|
||||||
|
|
||||||
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
|
||||||
# min_ansible_container_version:
|
|
||||||
|
|
||||||
# Optionally specify the branch Galaxy will use when accessing the GitHub
|
|
||||||
# repo for this role. During role install, if no tags are available,
|
|
||||||
# Galaxy will use this branch. During import Galaxy will access files on
|
|
||||||
# this branch. If Travis integration is configured, only notifications for this
|
|
||||||
# branch will be accepted. Otherwise, in all cases, the repo's default branch
|
|
||||||
# (usually master) will be used.
|
|
||||||
#github_branch:
|
|
||||||
|
|
||||||
#
|
|
||||||
# Provide a list of supported platforms, and for each platform a list of versions.
|
|
||||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
|
||||||
# To view available platforms and versions (or releases), visit:
|
# To view available platforms and versions (or releases), visit:
|
||||||
# https://galaxy.ansible.com/api/v1/platforms/
|
# https://galaxy.ansible.com/api/v1/platforms/
|
||||||
#
|
#
|
||||||
platforms:
|
platforms:
|
||||||
- name: Ubuntu
|
- name: Ubuntu
|
||||||
versions:
|
versions:
|
||||||
- bionic
|
- bionic
|
||||||
|
|
||||||
galaxy_tags: []
|
galaxy_tags:
|
||||||
# List tags for your role here, one per line. A tag is a keyword that describes
|
- mongodb
|
||||||
# and categorizes the role. Users find roles by searching for tags. Be sure to
|
|
||||||
# remove the '[]' above, if you add tags to this list.
|
|
||||||
#
|
|
||||||
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
|
|
||||||
# Maximum 20 tags per role.
|
|
||||||
|
|
||||||
dependencies: []
|
dependencies: []
|
||||||
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
|
||||||
# if you add dependencies to this list.
|
|
@ -1,2 +1,4 @@
|
|||||||
---
|
---
|
||||||
# tasks file for ansible-role-template
|
- import_tasks: mongodb.yml
|
||||||
|
- import_tasks: mongodb-letsencrypt-acmetool.yml
|
||||||
|
when: mongodb_ssl_letsencrypt_managed
|
||||||
|
@ -0,0 +1,38 @@
|
|||||||
|
---
|
||||||
|
- block:
|
||||||
|
- name: Create the acme hooks directory if it does not yet exist
|
||||||
|
file:
|
||||||
|
dest: '{{ letsencrypt_acme_services_scripts_dir }}'
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
|
||||||
|
- name: Install a script that fix the letsencrypt certificate for mongodb and then reload the service
|
||||||
|
template:
|
||||||
|
src: mongodb-letsencrypt-acmetool.sh.j2
|
||||||
|
dest: '{{ letsencrypt_acme_services_scripts_dir }}/mongodb'
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 4555
|
||||||
|
|
||||||
|
- name: Create the mongodb certificate directory
|
||||||
|
file:
|
||||||
|
dest: '{{ mongodb_ssl_cert_dir }}'
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: mongodb
|
||||||
|
mode: 0750
|
||||||
|
|
||||||
|
- name: Verify if the mongodb pem file exists
|
||||||
|
stat:
|
||||||
|
path: '{{ mongodb_ssl_certkey_file }}'
|
||||||
|
register: mongodb_pem
|
||||||
|
|
||||||
|
- name: Copy the certificate and its key where the mongo server expects it
|
||||||
|
command: "{{ letsencrypt_acme_services_scripts_dir }}/mongodb"
|
||||||
|
when: not mongodb_pem.stat.exists
|
||||||
|
|
||||||
|
when:
|
||||||
|
- mongodb_ssl_letsencrypt_managed
|
||||||
|
- letsencrypt_acme_install
|
||||||
|
tags: [ 'mongodb', 'letsencrypt', 'mongodb_letsencrypt' ]
|
@ -0,0 +1,131 @@
|
|||||||
|
---
|
||||||
|
- block:
|
||||||
|
- name: Check if Service mongod Exists
|
||||||
|
stat: path=/etc/init/mongod
|
||||||
|
register: service_mongod_status
|
||||||
|
tags: mongodb
|
||||||
|
|
||||||
|
- name: Ensure mongod is stopped and disabled
|
||||||
|
service: name=mongod state=stopped enabled=no
|
||||||
|
when:
|
||||||
|
- service_mongod_status.stat.exists
|
||||||
|
- mongodb_start_server is defined
|
||||||
|
- mongodb_start_server == 'no'
|
||||||
|
- mongodb_install_conf
|
||||||
|
|
||||||
|
when:
|
||||||
|
- mongodb_install_server
|
||||||
|
- mongodb_install_from_external_repo
|
||||||
|
tags: mongodb
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: Install the mongodb-org apt keys
|
||||||
|
apt_key: keyserver='hkp://keyserver.ubuntu.com:80' id={{ item }} state=present
|
||||||
|
with_items: '{{ mongodb_repo_keys }}'
|
||||||
|
when: mongodb_install_from_external_repo
|
||||||
|
register: apt_key_update_cache
|
||||||
|
|
||||||
|
- name: Remove the old mongodb-org apt repositories
|
||||||
|
apt_repository: repo='{{ item }}' state=absent update_cache=yes
|
||||||
|
with_items: '{{ mongodb_old_repositories }}'
|
||||||
|
when: mongodb_upgrade_from_older_version
|
||||||
|
|
||||||
|
- name: Install the mongodb-org repository
|
||||||
|
apt_repository: repo="{{ mongodb_apt_repository }}" update_cache=yes state=present
|
||||||
|
|
||||||
|
- name: Install/Update the mongodb-org configuration
|
||||||
|
template: src=mongod-{{ mongodb_version }}.conf.j2 dest=/etc/mongod.conf owner=root group=root mode=0444 backup=yes
|
||||||
|
when: mongodb_install_conf
|
||||||
|
notify: Restart mongodb
|
||||||
|
tags: [ 'mongodb', 'mongodb_update_conf', 'mongodb_keyfile' ]
|
||||||
|
|
||||||
|
when:
|
||||||
|
- mongodb_install_server
|
||||||
|
- mongodb_install_from_external_repo
|
||||||
|
tags: [ 'mongodb' ]
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: We are upgrading, install the latest version of the mongodb-org packages, external repository
|
||||||
|
apt: pkg={{ mongodb_server_pkgs_external_repo }} state=latest update_cache=yes cache_valid_time=1800
|
||||||
|
when: mongodb_upgrade_from_older_version
|
||||||
|
|
||||||
|
- name: Install the mongodb-org packages, external repository
|
||||||
|
apt: pkg={{ mongodb_server_pkgs_external_repo }} state={{ mongodb_pkg_state }} update_cache=yes cache_valid_time=1800
|
||||||
|
|
||||||
|
- name: Install the mongodb-org defaults file
|
||||||
|
template: src=mongod-default.j2 dest=/etc/default/mongod owner=root group=root mode=0444
|
||||||
|
when: mongodb_install_conf
|
||||||
|
notify: Restart mongod
|
||||||
|
tags: [ 'mongodb', 'mongodb_update_conf' ]
|
||||||
|
|
||||||
|
when:
|
||||||
|
- mongodb_install_server
|
||||||
|
- mongodb_install_packages
|
||||||
|
- mongodb_install_from_external_repo
|
||||||
|
tags: mongodb
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: We are upgrading, install the latest version of the mongodb packages
|
||||||
|
apt: pkg={{ mongodb_server_pkgs }} state=latest update_cache=yes cache_valid_time=1800
|
||||||
|
when: mongodb_upgrade_from_older_version
|
||||||
|
|
||||||
|
- name: Install the mongodb packages
|
||||||
|
apt: pkg={{ mongodb_server_pkgs }} state={{ mongodb_pkg_state }} update_cache=yes cache_valid_time=1800
|
||||||
|
|
||||||
|
- name: Install/Update the mongodb configuration
|
||||||
|
template: src=mongod-{{ mongodb_version }}.conf.j2 dest=/etc/mongodb.conf owner=root group=root mode=0444 backup=yes
|
||||||
|
when: mongodb_install_conf
|
||||||
|
notify: Restart mongod
|
||||||
|
tags: [ 'mongodb', 'mongodb_update_conf' ]
|
||||||
|
|
||||||
|
when:
|
||||||
|
- mongodb_install_server
|
||||||
|
- mongodb_install_packages
|
||||||
|
- not mongodb_install_from_external_repo
|
||||||
|
tags: mongodb
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: Create the mongodb log directory
|
||||||
|
file: dest={{ mongodb_logdir }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755
|
||||||
|
when: mongodb_install_conf
|
||||||
|
|
||||||
|
- name: Create the mongodb db directory
|
||||||
|
file: dest={{ mongodb_dbpath }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755
|
||||||
|
when: mongodb_install_conf
|
||||||
|
|
||||||
|
- name: Install the cron job that manages log files rotation
|
||||||
|
template: src=mongo_log_rotate.sh.j2 dest=/etc/cron.daily/mongo_log_rotate owner=root group=root mode=0555
|
||||||
|
when: not mongodb_systemlog_external_logrotate
|
||||||
|
|
||||||
|
when: mongodb_install_server
|
||||||
|
tags: mongodb
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: Ensure mongodb is started and enabled
|
||||||
|
service: name=mongodb state=started enabled=yes
|
||||||
|
|
||||||
|
when:
|
||||||
|
- mongodb_install_server
|
||||||
|
- mongodb_start_server == 'yes'
|
||||||
|
- not mongodb_install_from_external_repo
|
||||||
|
tags: mongodb
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: Ensure mongodb-org is started and enabled
|
||||||
|
service: name=mongod state=started enabled=yes
|
||||||
|
|
||||||
|
when:
|
||||||
|
- mongodb_install_server
|
||||||
|
- mongodb_start_server == 'yes'
|
||||||
|
- mongodb_install_from_external_repo
|
||||||
|
tags: mongodb
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: Install the mongodb client packages
|
||||||
|
apt: pkg={{ mongodb_client_pkgs }} state={{ mongodb_pkg_state }} cache_valid_time=1800
|
||||||
|
|
||||||
|
- name: Install the mongodb client packages, external repository
|
||||||
|
apt: pkg={{ mongodb_client_pkgs_external_repo }} state={{ mongodb_pkg_state }} cache_valid_time=1800
|
||||||
|
|
||||||
|
when: not mongodb_install_server
|
||||||
|
tags: [ 'mongodb', 'mongodb_client' ]
|
@ -0,0 +1,14 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
MONGO_PID_FILE={{ mongodb_dbpath }}/mongod.lock
|
||||||
|
LOG_RETAIN_DAYS={{ mongodb_log_retain_days }}
|
||||||
|
RETVAL=
|
||||||
|
|
||||||
|
MONGO_PID=$( cat $MONGO_PID_FILE )
|
||||||
|
# Tell mongo to rotate its log file
|
||||||
|
kill -SIGUSR1 $MONGO_PID
|
||||||
|
|
||||||
|
RETVAL=$?
|
||||||
|
|
||||||
|
# Remove the old log files
|
||||||
|
find {{ mongodb_logdir }} -name "{{ mongodb_log_file }}.*" -ctime +$LOG_RETAIN_DAYS -exec rm -f {} \;
|
@ -0,0 +1,54 @@
|
|||||||
|
# mongod.conf
|
||||||
|
|
||||||
|
# for documentation of all options, see:
|
||||||
|
# http://docs.mongodb.org/manual/reference/configuration-options/
|
||||||
|
|
||||||
|
# Where and how to store data.
|
||||||
|
storage:
|
||||||
|
dbPath: {{ mongodb_dbpath }}
|
||||||
|
journal:
|
||||||
|
enabled: true
|
||||||
|
directoryPerDB: {{ mongodb_directoryperdb }}
|
||||||
|
engine: {{ mongodb_storage_engine }}
|
||||||
|
# mmapv1:
|
||||||
|
# wiredTiger:
|
||||||
|
|
||||||
|
# where to write logging data.
|
||||||
|
systemLog:
|
||||||
|
destination: {{ mongodb_systemlog_destination }}
|
||||||
|
path: {{ mongodb_logpath }}
|
||||||
|
{% if not mongodb_systemlog_external_logrotate %}
|
||||||
|
logRotate: rename
|
||||||
|
logAppend: false
|
||||||
|
{% else %}
|
||||||
|
logRotate: reopen
|
||||||
|
logAppend: true
|
||||||
|
{% endif %}
|
||||||
|
# network interfaces
|
||||||
|
net:
|
||||||
|
port: {{ mongodb_tcp_port }}
|
||||||
|
bindIp: {{ mongo_bind_ip }}
|
||||||
|
http:
|
||||||
|
enabled: {{ mongodb_http_interface }}
|
||||||
|
JSONPEnabled: {{ mongodb_http_interface }}
|
||||||
|
RESTInterfaceEnabled: {{ mongodb_http_interface }}
|
||||||
|
{% if mongodb_ssl_enabled %}
|
||||||
|
ssl:
|
||||||
|
mode: {{ mongodb_ssl_mode }}
|
||||||
|
PEMKeyFile: '{{ mongodb_ssl_certkey_file }}'
|
||||||
|
CAFile: '{{ mongodb_ssl_CA_file }}'
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
#processManagement:
|
||||||
|
|
||||||
|
{%if mongodb_cluster_enabled %}
|
||||||
|
security:
|
||||||
|
keyFile: /data/mongo_home/dev-d4science-keyfile
|
||||||
|
|
||||||
|
replication:
|
||||||
|
oplogSizeMB: 2000
|
||||||
|
replSetName: {{ mongodb_replicaset }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
#sharding:
|
||||||
|
|
@ -0,0 +1,54 @@
|
|||||||
|
# mongod.conf
|
||||||
|
|
||||||
|
# for documentation of all options, see:
|
||||||
|
# http://docs.mongodb.org/manual/reference/configuration-options/
|
||||||
|
|
||||||
|
# Where and how to store data.
|
||||||
|
storage:
|
||||||
|
dbPath: {{ mongodb_dbpath }}
|
||||||
|
journal:
|
||||||
|
enabled: true
|
||||||
|
directoryPerDB: {{ mongodb_directoryperdb }}
|
||||||
|
engine: {{ mongodb_storage_engine }}
|
||||||
|
# mmapv1:
|
||||||
|
# wiredTiger:
|
||||||
|
|
||||||
|
# where to write logging data.
|
||||||
|
systemLog:
|
||||||
|
destination: {{ mongodb_systemlog_destination }}
|
||||||
|
path: {{ mongodb_logpath }}
|
||||||
|
{% if not mongodb_systemlog_external_logrotate %}
|
||||||
|
logRotate: rename
|
||||||
|
logAppend: false
|
||||||
|
{% else %}
|
||||||
|
logRotate: reopen
|
||||||
|
logAppend: true
|
||||||
|
{% endif %}
|
||||||
|
# network interfaces
|
||||||
|
net:
|
||||||
|
port: {{ mongodb_tcp_port }}
|
||||||
|
bindIp: {{ mongo_bind_ip }}
|
||||||
|
http:
|
||||||
|
enabled: {{ mongodb_http_interface }}
|
||||||
|
JSONPEnabled: {{ mongodb_http_interface }}
|
||||||
|
RESTInterfaceEnabled: {{ mongodb_http_interface }}
|
||||||
|
{% if mongodb_ssl_enabled %}
|
||||||
|
ssl:
|
||||||
|
mode: {{ mongodb_ssl_mode }}
|
||||||
|
PEMKeyFile: '{{ mongodb_ssl_certkey_file }}'
|
||||||
|
CAFile: '{{ mongodb_ssl_CA_file }}'
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
#processManagement:
|
||||||
|
|
||||||
|
{%if mongodb_cluster_enabled %}
|
||||||
|
security:
|
||||||
|
keyFile: /data/mongo_home/dev-d4science-keyfile
|
||||||
|
|
||||||
|
replication:
|
||||||
|
oplogSizeMB: 2000
|
||||||
|
replSetName: {{ mongodb_replicaset }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
#sharding:
|
||||||
|
|
@ -0,0 +1,61 @@
|
|||||||
|
# mongod.conf
|
||||||
|
|
||||||
|
# for documentation of all options, see:
|
||||||
|
# http://docs.mongodb.org/manual/reference/configuration-options/
|
||||||
|
|
||||||
|
# Where and how to store data.
|
||||||
|
storage:
|
||||||
|
dbPath: {{ mongodb_dbpath }}
|
||||||
|
journal:
|
||||||
|
enabled: true
|
||||||
|
directoryPerDB: {{ mongodb_directoryperdb }}
|
||||||
|
engine: {{ mongodb_storage_engine }}
|
||||||
|
# mmapv1:
|
||||||
|
# wiredTiger:
|
||||||
|
|
||||||
|
# where to write logging data.
|
||||||
|
systemLog:
|
||||||
|
destination: {{ mongodb_systemlog_destination }}
|
||||||
|
{% if mongodb_logrotate_management %}
|
||||||
|
{% if not mongodb_systemlog_external_logrotate %}
|
||||||
|
logRotate: rename
|
||||||
|
logAppend: false
|
||||||
|
{% else %}
|
||||||
|
logRotate: reopen
|
||||||
|
logAppend: true
|
||||||
|
{% endif %}
|
||||||
|
{% else %}
|
||||||
|
logAppend: true
|
||||||
|
{% endif %}
|
||||||
|
path: {{ mongodb_logpath }}
|
||||||
|
# network information
|
||||||
|
net:
|
||||||
|
port: {{ mongodb_tcp_port }}
|
||||||
|
bindIp: {{ mongo_bind_ip }}
|
||||||
|
{% if mongodb_ssl_enabled %}
|
||||||
|
ssl:
|
||||||
|
mode: {{ mongodb_ssl_mode }}
|
||||||
|
PEMKeyFile: '{{ mongodb_ssl_certkey_file }}'
|
||||||
|
CAFile: '{{ mongodb_ssl_CA_file }}'
|
||||||
|
disabledProtocols: {{ mongodb_ssl_disabled_protocols }}
|
||||||
|
allowConnectionsWithoutCertificates: {{ mongodb_ssl_allowConnectionsWithoutCertificates }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
#processManagement:
|
||||||
|
{% if mongodb_authorization_enabled or mongodb_cluster_enabled %}
|
||||||
|
security:
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if mongodb_authorization_enabled %}
|
||||||
|
authorization: enabled
|
||||||
|
{% endif %}
|
||||||
|
{%if mongodb_cluster_enabled %}
|
||||||
|
keyFile: {{ mongodb_replica_keyfile }}
|
||||||
|
|
||||||
|
replication:
|
||||||
|
oplogSizeMB: {{ mongodb_oplog_size }}
|
||||||
|
replSetName: {{ mongodb_replicaset }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
#sharding:
|
||||||
|
|
@ -0,0 +1,52 @@
|
|||||||
|
# mongod.conf
|
||||||
|
|
||||||
|
# for documentation of all options, see:
|
||||||
|
# http://docs.mongodb.org/manual/reference/configuration-options/
|
||||||
|
|
||||||
|
# Where and how to store data.
|
||||||
|
storage:
|
||||||
|
dbPath: {{ mongodb_dbpath }}
|
||||||
|
journal:
|
||||||
|
enabled: true
|
||||||
|
directoryPerDB: {{ mongodb_directoryperdb }}
|
||||||
|
engine: {{ mongodb_storage_engine }}
|
||||||
|
# mmapv1:
|
||||||
|
# wiredTiger:
|
||||||
|
|
||||||
|
# where to write logging data.
|
||||||
|
systemLog:
|
||||||
|
destination: {{ mongodb_systemlog_destination }}
|
||||||
|
path: {{ mongodb_logpath }}
|
||||||
|
{% if not mongodb_systemlog_external_logrotate %}
|
||||||
|
logRotate: rename
|
||||||
|
logAppend: false
|
||||||
|
{% else %}
|
||||||
|
logRotate: reopen
|
||||||
|
logAppend: true
|
||||||
|
{% endif %}
|
||||||
|
# network interfaces
|
||||||
|
net:
|
||||||
|
port: {{ mongodb_tcp_port }}
|
||||||
|
bindIp: {{ mongo_bind_ip }}
|
||||||
|
{% if mongodb_ssl_enabled %}
|
||||||
|
ssl:
|
||||||
|
mode: {{ mongodb_ssl_mode }}
|
||||||
|
PEMKeyFile: '{{ mongodb_ssl_certkey_file }}'
|
||||||
|
CAFile: '{{ mongodb_ssl_CA_file }}'
|
||||||
|
disabledProtocols: {{ mongodb_ssl_disabled_protocols }}
|
||||||
|
allowConnectionsWithoutCertificates: {{ mongodb_ssl_allowConnectionsWithoutCertificates }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
#processManagement:
|
||||||
|
|
||||||
|
{%if mongodb_cluster_enabled %}
|
||||||
|
security:
|
||||||
|
keyFile: /data/mongo_home/dev-d4science-keyfile
|
||||||
|
|
||||||
|
replication:
|
||||||
|
oplogSizeMB: 2000
|
||||||
|
replSetName: {{ mongodb_replicaset }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
#sharding:
|
||||||
|
|
@ -0,0 +1,6 @@
|
|||||||
|
ENABLE_MONGOD="{{ mongodb_start_server }}"
|
||||||
|
CONF={{ mongodb_conf_file }}
|
||||||
|
DAEMON={{ mongodb_daemon }}
|
||||||
|
DAEMONUSER={{ mongodb_user }}
|
||||||
|
DAEMON_OPTS="{{ mongod_additional_options }} --config $CONF"
|
||||||
|
|
@ -0,0 +1,35 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
H_NAME={{ letsencrypt_acme_sh_certificates_install_dir }}
|
||||||
|
LE_SERVICES_SCRIPT_DIR=/usr/lib/acme/hooks
|
||||||
|
LE_CERTS_DIR=/var/lib/acme/live/$H_NAME
|
||||||
|
LE_LOG_DIR=/var/log/letsencrypt
|
||||||
|
[ ! -d $LE_LOG_DIR ] && mkdir $LE_LOG_DIR
|
||||||
|
MONGODB_CERTDIR=/etc/pki/mongodb
|
||||||
|
MONGODB_CERTFILE=$MONGODB_CERTDIR/mongodb.pem
|
||||||
|
DATE=$( date )
|
||||||
|
echo "$DATE" > $LE_LOG_DIR/mongodb.log
|
||||||
|
|
||||||
|
[ ! -d $MONGODB_CERTDIR ] && mkdir $MONGODB_CERTDIR
|
||||||
|
|
||||||
|
echo "Building the new certificate file" >> $LE_LOG_DIR/mongodb.log
|
||||||
|
cat ${LE_CERTS_DIR}/{cert,privkey} > ${MONGODB_CERTFILE}
|
||||||
|
chmod 440 ${MONGODB_CERTFILE}
|
||||||
|
chgrp mongodb ${MONGODB_CERTFILE}
|
||||||
|
|
||||||
|
{% if mongodb_ssl_enabled %}
|
||||||
|
echo "Reload the mongod service" >> "$LE_LOG_DIR/mongodb.log"
|
||||||
|
{% if mongodb_install_from_external_repo %}
|
||||||
|
service mongod stop >> "$LE_LOG_DIR/mongodb.log" 2>&1
|
||||||
|
sleep 10
|
||||||
|
service mongod start >> "$LE_LOG_DIR/mongodb.log" 2>&1
|
||||||
|
{% else %}
|
||||||
|
systemctl stop mongodb >> "$LE_LOG_DIR/mongodb.log" 2>&1
|
||||||
|
sleep 10
|
||||||
|
systemctl start mongodb >> "$LE_LOG_DIR/mongodb.log" 2>&1
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
echo "Done." >> $LE_LOG_DIR/mongodb.log
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
|
@ -1,2 +1,4 @@
|
|||||||
---
|
---
|
||||||
# vars file for ansible-role-template
|
# IMPORTANT: mongodb does not support ecdsa keys, but it starts anyway without any error.
|
||||||
|
letsencrypt_acme_sh_use_ecc: False
|
||||||
|
trusted_ca_letsencrypt_install: '{{ mongodb_ssl_letsencrypt_managed }}'
|
||||||
|
Loading…
Reference in New Issue