First commit.

This commit is contained in:
Andrea Dell'Amico 2021-10-12 15:00:33 +02:00
parent 3ba2fbc32d
commit 37ed51d2d8
Signed by: andrea.dellamico
GPG Key ID: 147ABE6CEB9E20FF
15 changed files with 645 additions and 55 deletions

109
README.md
View File

@ -1,31 +1,104 @@
Role Name Role Name
========= =========
A brief description of the role goes here. A role that installs MongoDB
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables Role Variables
-------------- --------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. The most important variables are listed below:
``` yaml
mongodb_install_from_external_repo: False
mongodb_repo_keys:
- 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5
- EA312927
- 0C49F3730359A14518585931BC711F9BA15703C6
mongodb_apt_repository: "deb http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/{{ mongodb_version }} multiverse"
mongodb_old_repositories:
- "deb http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/3.0 multiverse"
- "deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen"
mongodb_install_packages: True
mongodb_install_server: True
mongodb_install_conf: True
mongodb_upgrade_from_older_version: False
mongodb_version: 3.6
# Set to 'latest' if you want to get the latest available package
mongodb_pkg_state: present
mongodb_server_pkgs_external_repo:
- mongodb-org
- mongodb-org-mongos
- mongodb-org-server
- mongodb-org-shell
- mongodb-org-tools
mongodb_client_pkgs_external_repo:
- mongodb-org-shell
mongodb_server_pkgs:
- mongodb
- mongodb-server
- mongo-tools
mongodb_client_pkgs:
- mongodb-clients
mongodb_start_server: 'yes'
mongodb_tcp_port: 27017
mongo_bind_ip: 0.0.0.0
mongodb_http_interface: 'false'
mongodb_user: mongodb
mongodb_group: mongodb
mongodb_logdir: /var/log/mongodb
mongodb_log_file: mongod.log
mongodb_logpath: '{{ mongodb_logdir }}/{{ mongodb_log_file }}'
mongodb_dbpath: /var/lib/mongodb
mongodb_directoryperdb: 'false'
mongodb_conf_file: /etc/mongod.conf
mongodb_daemon: /usr/bin/mongod
mongod_additional_options: ""
mongodb_allowed_hosts:
- 127.0.0.1/8
- '{{ ansible_default_ipv4.address }}/32'
mongodb_storage_engine: wiredTiger
mongodb_ssl_enabled: True
mongodb_ssl_letsencrypt_managed: True
mongodb_ssl_letsencrypt_ca_dir: '/etc/ssl/certs'
# Default CA file on Ubuntu
mongodb_ssl_letsencrypt_ca_filename: 'ca-certificates.crt'
# Options: disabled, requireSSL, allowSSL, preferSSL
mongodb_ssl_mode: requireSSL
mongodb_ssl_cert_dir: /etc/pki/mongodb
mongodb_ssl_certkey_file: '{{ mongodb_ssl_cert_dir }}/mongodb.pem'
mongodb_ssl_CA_file: '{{ mongodb_ssl_letsencrypt_ca_dir }}/{{ mongodb_ssl_letsencrypt_ca_filename }}'
mongodb_ssl_allowConnectionsWithoutCertificates: 'true'
mongodb_ssl_disabled_protocols: 'TLS1_0,TLS1_1'
# Do not change the default. We do not manage a logrotate configuration yet
mongodb_logrotate_management: True
mongodb_systemlog_external_logrotate: False
mongodb_systemlog_destination: file
mongodb_log_retain_days: 7
# Not used anymore inside the template. Now we use different values based on mongodb_systemlog_external_logrotate
mongodb_systemlog_logappend: 'true'
mongodb_systemlog_logrotate: reopen
mongodb_cluster_enabled: False
mongodb_authorization_enabled: False
mongodb_replicaset: storagedev
mongodb_replica_keyfile: '{{ mongodb_dbpath }}/replica_keyfile'
# User and password are stored in the variables mongo_monitoring_u and mongo_monitoring_pwd
```
Dependencies Dependencies
------------ ------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. None
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License License
------- -------
@ -35,4 +108,4 @@ EUPL-1.2
Author Information Author Information
------------------ ------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed). Andrea Dell'Amico, <andrea.dellamico@isti.cnr.it>

View File

@ -1,2 +1,86 @@
--- ---
# defaults file for ansible-role-template mongodb_install_from_external_repo: False
mongodb_repo_keys:
- 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5
- EA312927
- 0C49F3730359A14518585931BC711F9BA15703C6
mongodb_apt_repository: "deb http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/{{ mongodb_version }} multiverse"
mongodb_old_repositories:
- "deb http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/3.0 multiverse"
- "deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen"
mongodb_install_packages: True
mongodb_install_server: True
mongodb_install_conf: True
mongodb_upgrade_from_older_version: False
mongodb_version: 3.6
# Set to 'latest' if you want to get the latest available package
mongodb_pkg_state: present
mongodb_server_pkgs_external_repo:
- mongodb-org
- mongodb-org-mongos
- mongodb-org-server
- mongodb-org-shell
- mongodb-org-tools
mongodb_client_pkgs_external_repo:
- mongodb-org-shell
mongodb_server_pkgs:
- mongodb
- mongodb-server
- mongo-tools
mongodb_client_pkgs:
- mongodb-clients
mongodb_start_server: 'yes'
mongodb_tcp_port: 27017
mongo_bind_ip: 0.0.0.0
mongodb_http_interface: 'false'
mongodb_user: mongodb
mongodb_group: mongodb
mongodb_logdir: /var/log/mongodb
mongodb_log_file: mongod.log
mongodb_logpath: '{{ mongodb_logdir }}/{{ mongodb_log_file }}'
mongodb_dbpath: /var/lib/mongodb
mongodb_directoryperdb: 'false'
mongodb_conf_file: /etc/mongod.conf
mongodb_daemon: /usr/bin/mongod
mongod_additional_options: ""
mongodb_allowed_hosts:
- 127.0.0.1/8
- '{{ ansible_default_ipv4.address }}/32'
mongodb_storage_engine: wiredTiger
mongodb_ssl_enabled: True
mongodb_ssl_letsencrypt_managed: True
mongodb_ssl_letsencrypt_ca_dir: '/etc/ssl/certs'
# Default CA file on Ubuntu
mongodb_ssl_letsencrypt_ca_filename: 'ca-certificates.crt'
# Options: disabled, requireSSL, allowSSL, preferSSL
mongodb_ssl_mode: requireSSL
mongodb_ssl_cert_dir: /etc/pki/mongodb
mongodb_ssl_certkey_file: '{{ mongodb_ssl_cert_dir }}/mongodb.pem'
mongodb_ssl_CA_file: '{{ mongodb_ssl_letsencrypt_ca_dir }}/{{ mongodb_ssl_letsencrypt_ca_filename }}'
mongodb_ssl_allowConnectionsWithoutCertificates: 'true'
mongodb_ssl_disabled_protocols: 'TLS1_0,TLS1_1'
# Do not change the default. We do not manage a logrotate configuration yet
mongodb_logrotate_management: True
mongodb_systemlog_external_logrotate: False
mongodb_systemlog_destination: file
mongodb_log_retain_days: 7
# Not used anymore inside the template. Now we use different values based on mongodb_systemlog_external_logrotate
mongodb_systemlog_logappend: 'true'
mongodb_systemlog_logrotate: reopen
mongodb_cluster_enabled: False
mongodb_authorization_enabled: False
mongodb_replicaset: storagedev
mongodb_replica_keyfile: '{{ mongodb_dbpath }}/replica_keyfile'
# User and password are stored in the variables mongo_monitoring_u and mongo_monitoring_pwd

View File

@ -1,2 +1,9 @@
--- ---
# handlers file for ansible-role-template - name: Restart mongod
service: name=mongod state=restarted
when: "'{{ mongodb_start_server }}' == 'yes'"
- name: Restart mongodb
service: name=mongodb state=restarted
when: "'{{ mongodb_start_server }}' == 'yes'"

View File

@ -1,46 +1,23 @@
galaxy_info: galaxy_info:
author: your name author: Andrea Dell'Amico
description: your description description: Systems Architect
company: your company (optional) company: ISTI-CNR
# If the issue tracker for your role is not on github, uncomment the issue_tracker_url: https://redmine-s2i2s.isti.cnr.it/projects/provisioning
# next line and provide a value
issue_tracker_url: https://support.d4science.org/projects/automatic-provisioning/issues
license: EUPL-1.2 license: EUPL 1.2+
min_ansible_version: 2.8 min_ansible_version: 2.8
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
# Optionally specify the branch Galaxy will use when accessing the GitHub
# repo for this role. During role install, if no tags are available,
# Galaxy will use this branch. During import Galaxy will access files on
# this branch. If Travis integration is configured, only notifications for this
# branch will be accepted. Otherwise, in all cases, the repo's default branch
# (usually master) will be used.
#github_branch:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit: # To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/ # https://galaxy.ansible.com/api/v1/platforms/
# #
platforms: platforms:
- name: Ubuntu - name: Ubuntu
versions: versions:
- bionic - bionic
galaxy_tags: [] galaxy_tags:
# List tags for your role here, one per line. A tag is a keyword that describes - mongodb
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: [] dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

View File

@ -1,2 +1,4 @@
--- ---
# tasks file for ansible-role-template - import_tasks: mongodb.yml
- import_tasks: mongodb-letsencrypt-acmetool.yml
when: mongodb_ssl_letsencrypt_managed

View File

@ -0,0 +1,38 @@
---
- block:
- name: Create the acme hooks directory if it does not yet exist
file:
dest: '{{ letsencrypt_acme_services_scripts_dir }}'
state: directory
owner: root
group: root
- name: Install a script that fix the letsencrypt certificate for mongodb and then reload the service
template:
src: mongodb-letsencrypt-acmetool.sh.j2
dest: '{{ letsencrypt_acme_services_scripts_dir }}/mongodb'
owner: root
group: root
mode: 4555
- name: Create the mongodb certificate directory
file:
dest: '{{ mongodb_ssl_cert_dir }}'
state: directory
owner: root
group: mongodb
mode: 0750
- name: Verify if the mongodb pem file exists
stat:
path: '{{ mongodb_ssl_certkey_file }}'
register: mongodb_pem
- name: Copy the certificate and its key where the mongo server expects it
command: "{{ letsencrypt_acme_services_scripts_dir }}/mongodb"
when: not mongodb_pem.stat.exists
when:
- mongodb_ssl_letsencrypt_managed
- letsencrypt_acme_install
tags: [ 'mongodb', 'letsencrypt', 'mongodb_letsencrypt' ]

131
tasks/mongodb.yml Normal file
View File

@ -0,0 +1,131 @@
---
- block:
- name: Check if Service mongod Exists
stat: path=/etc/init/mongod
register: service_mongod_status
tags: mongodb
- name: Ensure mongod is stopped and disabled
service: name=mongod state=stopped enabled=no
when:
- service_mongod_status.stat.exists
- mongodb_start_server is defined
- mongodb_start_server == 'no'
- mongodb_install_conf
when:
- mongodb_install_server
- mongodb_install_from_external_repo
tags: mongodb
- block:
- name: Install the mongodb-org apt keys
apt_key: keyserver='hkp://keyserver.ubuntu.com:80' id={{ item }} state=present
with_items: '{{ mongodb_repo_keys }}'
when: mongodb_install_from_external_repo
register: apt_key_update_cache
- name: Remove the old mongodb-org apt repositories
apt_repository: repo='{{ item }}' state=absent update_cache=yes
with_items: '{{ mongodb_old_repositories }}'
when: mongodb_upgrade_from_older_version
- name: Install the mongodb-org repository
apt_repository: repo="{{ mongodb_apt_repository }}" update_cache=yes state=present
- name: Install/Update the mongodb-org configuration
template: src=mongod-{{ mongodb_version }}.conf.j2 dest=/etc/mongod.conf owner=root group=root mode=0444 backup=yes
when: mongodb_install_conf
notify: Restart mongodb
tags: [ 'mongodb', 'mongodb_update_conf', 'mongodb_keyfile' ]
when:
- mongodb_install_server
- mongodb_install_from_external_repo
tags: [ 'mongodb' ]
- block:
- name: We are upgrading, install the latest version of the mongodb-org packages, external repository
apt: pkg={{ mongodb_server_pkgs_external_repo }} state=latest update_cache=yes cache_valid_time=1800
when: mongodb_upgrade_from_older_version
- name: Install the mongodb-org packages, external repository
apt: pkg={{ mongodb_server_pkgs_external_repo }} state={{ mongodb_pkg_state }} update_cache=yes cache_valid_time=1800
- name: Install the mongodb-org defaults file
template: src=mongod-default.j2 dest=/etc/default/mongod owner=root group=root mode=0444
when: mongodb_install_conf
notify: Restart mongod
tags: [ 'mongodb', 'mongodb_update_conf' ]
when:
- mongodb_install_server
- mongodb_install_packages
- mongodb_install_from_external_repo
tags: mongodb
- block:
- name: We are upgrading, install the latest version of the mongodb packages
apt: pkg={{ mongodb_server_pkgs }} state=latest update_cache=yes cache_valid_time=1800
when: mongodb_upgrade_from_older_version
- name: Install the mongodb packages
apt: pkg={{ mongodb_server_pkgs }} state={{ mongodb_pkg_state }} update_cache=yes cache_valid_time=1800
- name: Install/Update the mongodb configuration
template: src=mongod-{{ mongodb_version }}.conf.j2 dest=/etc/mongodb.conf owner=root group=root mode=0444 backup=yes
when: mongodb_install_conf
notify: Restart mongod
tags: [ 'mongodb', 'mongodb_update_conf' ]
when:
- mongodb_install_server
- mongodb_install_packages
- not mongodb_install_from_external_repo
tags: mongodb
- block:
- name: Create the mongodb log directory
file: dest={{ mongodb_logdir }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755
when: mongodb_install_conf
- name: Create the mongodb db directory
file: dest={{ mongodb_dbpath }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755
when: mongodb_install_conf
- name: Install the cron job that manages log files rotation
template: src=mongo_log_rotate.sh.j2 dest=/etc/cron.daily/mongo_log_rotate owner=root group=root mode=0555
when: not mongodb_systemlog_external_logrotate
when: mongodb_install_server
tags: mongodb
- block:
- name: Ensure mongodb is started and enabled
service: name=mongodb state=started enabled=yes
when:
- mongodb_install_server
- mongodb_start_server == 'yes'
- not mongodb_install_from_external_repo
tags: mongodb
- block:
- name: Ensure mongodb-org is started and enabled
service: name=mongod state=started enabled=yes
when:
- mongodb_install_server
- mongodb_start_server == 'yes'
- mongodb_install_from_external_repo
tags: mongodb
- block:
- name: Install the mongodb client packages
apt: pkg={{ mongodb_client_pkgs }} state={{ mongodb_pkg_state }} cache_valid_time=1800
- name: Install the mongodb client packages, external repository
apt: pkg={{ mongodb_client_pkgs_external_repo }} state={{ mongodb_pkg_state }} cache_valid_time=1800
when: not mongodb_install_server
tags: [ 'mongodb', 'mongodb_client' ]

View File

@ -0,0 +1,14 @@
#!/bin/bash
MONGO_PID_FILE={{ mongodb_dbpath }}/mongod.lock
LOG_RETAIN_DAYS={{ mongodb_log_retain_days }}
RETVAL=
MONGO_PID=$( cat $MONGO_PID_FILE )
# Tell mongo to rotate its log file
kill -SIGUSR1 $MONGO_PID
RETVAL=$?
# Remove the old log files
find {{ mongodb_logdir }} -name "{{ mongodb_log_file }}.*" -ctime +$LOG_RETAIN_DAYS -exec rm -f {} \;

View File

@ -0,0 +1,54 @@
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: {{ mongodb_dbpath }}
journal:
enabled: true
directoryPerDB: {{ mongodb_directoryperdb }}
engine: {{ mongodb_storage_engine }}
# mmapv1:
# wiredTiger:
# where to write logging data.
systemLog:
destination: {{ mongodb_systemlog_destination }}
path: {{ mongodb_logpath }}
{% if not mongodb_systemlog_external_logrotate %}
logRotate: rename
logAppend: false
{% else %}
logRotate: reopen
logAppend: true
{% endif %}
# network interfaces
net:
port: {{ mongodb_tcp_port }}
bindIp: {{ mongo_bind_ip }}
http:
enabled: {{ mongodb_http_interface }}
JSONPEnabled: {{ mongodb_http_interface }}
RESTInterfaceEnabled: {{ mongodb_http_interface }}
{% if mongodb_ssl_enabled %}
ssl:
mode: {{ mongodb_ssl_mode }}
PEMKeyFile: '{{ mongodb_ssl_certkey_file }}'
CAFile: '{{ mongodb_ssl_CA_file }}'
{% endif %}
#processManagement:
{%if mongodb_cluster_enabled %}
security:
keyFile: /data/mongo_home/dev-d4science-keyfile
replication:
oplogSizeMB: 2000
replSetName: {{ mongodb_replicaset }}
{% endif %}
#sharding:

View File

@ -0,0 +1,54 @@
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: {{ mongodb_dbpath }}
journal:
enabled: true
directoryPerDB: {{ mongodb_directoryperdb }}
engine: {{ mongodb_storage_engine }}
# mmapv1:
# wiredTiger:
# where to write logging data.
systemLog:
destination: {{ mongodb_systemlog_destination }}
path: {{ mongodb_logpath }}
{% if not mongodb_systemlog_external_logrotate %}
logRotate: rename
logAppend: false
{% else %}
logRotate: reopen
logAppend: true
{% endif %}
# network interfaces
net:
port: {{ mongodb_tcp_port }}
bindIp: {{ mongo_bind_ip }}
http:
enabled: {{ mongodb_http_interface }}
JSONPEnabled: {{ mongodb_http_interface }}
RESTInterfaceEnabled: {{ mongodb_http_interface }}
{% if mongodb_ssl_enabled %}
ssl:
mode: {{ mongodb_ssl_mode }}
PEMKeyFile: '{{ mongodb_ssl_certkey_file }}'
CAFile: '{{ mongodb_ssl_CA_file }}'
{% endif %}
#processManagement:
{%if mongodb_cluster_enabled %}
security:
keyFile: /data/mongo_home/dev-d4science-keyfile
replication:
oplogSizeMB: 2000
replSetName: {{ mongodb_replicaset }}
{% endif %}
#sharding:

View File

@ -0,0 +1,61 @@
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: {{ mongodb_dbpath }}
journal:
enabled: true
directoryPerDB: {{ mongodb_directoryperdb }}
engine: {{ mongodb_storage_engine }}
# mmapv1:
# wiredTiger:
# where to write logging data.
systemLog:
destination: {{ mongodb_systemlog_destination }}
{% if mongodb_logrotate_management %}
{% if not mongodb_systemlog_external_logrotate %}
logRotate: rename
logAppend: false
{% else %}
logRotate: reopen
logAppend: true
{% endif %}
{% else %}
logAppend: true
{% endif %}
path: {{ mongodb_logpath }}
# network information
net:
port: {{ mongodb_tcp_port }}
bindIp: {{ mongo_bind_ip }}
{% if mongodb_ssl_enabled %}
ssl:
mode: {{ mongodb_ssl_mode }}
PEMKeyFile: '{{ mongodb_ssl_certkey_file }}'
CAFile: '{{ mongodb_ssl_CA_file }}'
disabledProtocols: {{ mongodb_ssl_disabled_protocols }}
allowConnectionsWithoutCertificates: {{ mongodb_ssl_allowConnectionsWithoutCertificates }}
{% endif %}
#processManagement:
{% if mongodb_authorization_enabled or mongodb_cluster_enabled %}
security:
{% endif %}
{% if mongodb_authorization_enabled %}
authorization: enabled
{% endif %}
{%if mongodb_cluster_enabled %}
keyFile: {{ mongodb_replica_keyfile }}
replication:
oplogSizeMB: {{ mongodb_oplog_size }}
replSetName: {{ mongodb_replicaset }}
{% endif %}
#sharding:

View File

@ -0,0 +1,52 @@
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: {{ mongodb_dbpath }}
journal:
enabled: true
directoryPerDB: {{ mongodb_directoryperdb }}
engine: {{ mongodb_storage_engine }}
# mmapv1:
# wiredTiger:
# where to write logging data.
systemLog:
destination: {{ mongodb_systemlog_destination }}
path: {{ mongodb_logpath }}
{% if not mongodb_systemlog_external_logrotate %}
logRotate: rename
logAppend: false
{% else %}
logRotate: reopen
logAppend: true
{% endif %}
# network interfaces
net:
port: {{ mongodb_tcp_port }}
bindIp: {{ mongo_bind_ip }}
{% if mongodb_ssl_enabled %}
ssl:
mode: {{ mongodb_ssl_mode }}
PEMKeyFile: '{{ mongodb_ssl_certkey_file }}'
CAFile: '{{ mongodb_ssl_CA_file }}'
disabledProtocols: {{ mongodb_ssl_disabled_protocols }}
allowConnectionsWithoutCertificates: {{ mongodb_ssl_allowConnectionsWithoutCertificates }}
{% endif %}
#processManagement:
{%if mongodb_cluster_enabled %}
security:
keyFile: /data/mongo_home/dev-d4science-keyfile
replication:
oplogSizeMB: 2000
replSetName: {{ mongodb_replicaset }}
{% endif %}
#sharding:

View File

@ -0,0 +1,6 @@
ENABLE_MONGOD="{{ mongodb_start_server }}"
CONF={{ mongodb_conf_file }}
DAEMON={{ mongodb_daemon }}
DAEMONUSER={{ mongodb_user }}
DAEMON_OPTS="{{ mongod_additional_options }} --config $CONF"

View File

@ -0,0 +1,35 @@
#!/bin/bash
H_NAME={{ letsencrypt_acme_sh_certificates_install_dir }}
LE_SERVICES_SCRIPT_DIR=/usr/lib/acme/hooks
LE_CERTS_DIR=/var/lib/acme/live/$H_NAME
LE_LOG_DIR=/var/log/letsencrypt
[ ! -d $LE_LOG_DIR ] && mkdir $LE_LOG_DIR
MONGODB_CERTDIR=/etc/pki/mongodb
MONGODB_CERTFILE=$MONGODB_CERTDIR/mongodb.pem
DATE=$( date )
echo "$DATE" > $LE_LOG_DIR/mongodb.log
[ ! -d $MONGODB_CERTDIR ] && mkdir $MONGODB_CERTDIR
echo "Building the new certificate file" >> $LE_LOG_DIR/mongodb.log
cat ${LE_CERTS_DIR}/{cert,privkey} > ${MONGODB_CERTFILE}
chmod 440 ${MONGODB_CERTFILE}
chgrp mongodb ${MONGODB_CERTFILE}
{% if mongodb_ssl_enabled %}
echo "Reload the mongod service" >> "$LE_LOG_DIR/mongodb.log"
{% if mongodb_install_from_external_repo %}
service mongod stop >> "$LE_LOG_DIR/mongodb.log" 2>&1
sleep 10
service mongod start >> "$LE_LOG_DIR/mongodb.log" 2>&1
{% else %}
systemctl stop mongodb >> "$LE_LOG_DIR/mongodb.log" 2>&1
sleep 10
systemctl start mongodb >> "$LE_LOG_DIR/mongodb.log" 2>&1
{% endif %}
{% endif %}
echo "Done." >> $LE_LOG_DIR/mongodb.log
exit 0

View File

@ -1,2 +1,4 @@
--- ---
# vars file for ansible-role-template # IMPORTANT: mongodb does not support ecdsa keys, but it starts anyway without any error.
letsencrypt_acme_sh_use_ecc: False
trusted_ca_letsencrypt_install: '{{ mongodb_ssl_letsencrypt_managed }}'