First commit.
This commit is contained in:
parent
3ba2fbc32d
commit
37ed51d2d8
109
README.md
109
README.md
|
@ -1,31 +1,104 @@
|
||||||
Role Name
|
Role Name
|
||||||
=========
|
=========
|
||||||
|
|
||||||
A brief description of the role goes here.
|
A role that installs MongoDB
|
||||||
|
|
||||||
Requirements
|
|
||||||
------------
|
|
||||||
|
|
||||||
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
|
|
||||||
|
|
||||||
Role Variables
|
Role Variables
|
||||||
--------------
|
--------------
|
||||||
|
|
||||||
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
|
The most important variables are listed below:
|
||||||
|
|
||||||
|
``` yaml
|
||||||
|
mongodb_install_from_external_repo: False
|
||||||
|
mongodb_repo_keys:
|
||||||
|
- 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5
|
||||||
|
- EA312927
|
||||||
|
- 0C49F3730359A14518585931BC711F9BA15703C6
|
||||||
|
mongodb_apt_repository: "deb http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/{{ mongodb_version }} multiverse"
|
||||||
|
|
||||||
|
mongodb_old_repositories:
|
||||||
|
- "deb http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/3.0 multiverse"
|
||||||
|
- "deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen"
|
||||||
|
|
||||||
|
mongodb_install_packages: True
|
||||||
|
mongodb_install_server: True
|
||||||
|
mongodb_install_conf: True
|
||||||
|
mongodb_upgrade_from_older_version: False
|
||||||
|
mongodb_version: 3.6
|
||||||
|
# Set to 'latest' if you want to get the latest available package
|
||||||
|
mongodb_pkg_state: present
|
||||||
|
mongodb_server_pkgs_external_repo:
|
||||||
|
- mongodb-org
|
||||||
|
- mongodb-org-mongos
|
||||||
|
- mongodb-org-server
|
||||||
|
- mongodb-org-shell
|
||||||
|
- mongodb-org-tools
|
||||||
|
|
||||||
|
mongodb_client_pkgs_external_repo:
|
||||||
|
- mongodb-org-shell
|
||||||
|
|
||||||
|
mongodb_server_pkgs:
|
||||||
|
- mongodb
|
||||||
|
- mongodb-server
|
||||||
|
- mongo-tools
|
||||||
|
|
||||||
|
mongodb_client_pkgs:
|
||||||
|
- mongodb-clients
|
||||||
|
|
||||||
|
mongodb_start_server: 'yes'
|
||||||
|
mongodb_tcp_port: 27017
|
||||||
|
mongo_bind_ip: 0.0.0.0
|
||||||
|
mongodb_http_interface: 'false'
|
||||||
|
mongodb_user: mongodb
|
||||||
|
mongodb_group: mongodb
|
||||||
|
mongodb_logdir: /var/log/mongodb
|
||||||
|
mongodb_log_file: mongod.log
|
||||||
|
mongodb_logpath: '{{ mongodb_logdir }}/{{ mongodb_log_file }}'
|
||||||
|
mongodb_dbpath: /var/lib/mongodb
|
||||||
|
mongodb_directoryperdb: 'false'
|
||||||
|
mongodb_conf_file: /etc/mongod.conf
|
||||||
|
mongodb_daemon: /usr/bin/mongod
|
||||||
|
mongod_additional_options: ""
|
||||||
|
mongodb_allowed_hosts:
|
||||||
|
- 127.0.0.1/8
|
||||||
|
- '{{ ansible_default_ipv4.address }}/32'
|
||||||
|
|
||||||
|
mongodb_storage_engine: wiredTiger
|
||||||
|
|
||||||
|
mongodb_ssl_enabled: True
|
||||||
|
mongodb_ssl_letsencrypt_managed: True
|
||||||
|
mongodb_ssl_letsencrypt_ca_dir: '/etc/ssl/certs'
|
||||||
|
# Default CA file on Ubuntu
|
||||||
|
mongodb_ssl_letsencrypt_ca_filename: 'ca-certificates.crt'
|
||||||
|
# Options: disabled, requireSSL, allowSSL, preferSSL
|
||||||
|
mongodb_ssl_mode: requireSSL
|
||||||
|
mongodb_ssl_cert_dir: /etc/pki/mongodb
|
||||||
|
mongodb_ssl_certkey_file: '{{ mongodb_ssl_cert_dir }}/mongodb.pem'
|
||||||
|
mongodb_ssl_CA_file: '{{ mongodb_ssl_letsencrypt_ca_dir }}/{{ mongodb_ssl_letsencrypt_ca_filename }}'
|
||||||
|
mongodb_ssl_allowConnectionsWithoutCertificates: 'true'
|
||||||
|
mongodb_ssl_disabled_protocols: 'TLS1_0,TLS1_1'
|
||||||
|
|
||||||
|
# Do not change the default. We do not manage a logrotate configuration yet
|
||||||
|
mongodb_logrotate_management: True
|
||||||
|
mongodb_systemlog_external_logrotate: False
|
||||||
|
mongodb_systemlog_destination: file
|
||||||
|
mongodb_log_retain_days: 7
|
||||||
|
# Not used anymore inside the template. Now we use different values based on mongodb_systemlog_external_logrotate
|
||||||
|
mongodb_systemlog_logappend: 'true'
|
||||||
|
mongodb_systemlog_logrotate: reopen
|
||||||
|
|
||||||
|
mongodb_cluster_enabled: False
|
||||||
|
mongodb_authorization_enabled: False
|
||||||
|
mongodb_replicaset: storagedev
|
||||||
|
mongodb_replica_keyfile: '{{ mongodb_dbpath }}/replica_keyfile'
|
||||||
|
|
||||||
|
# User and password are stored in the variables mongo_monitoring_u and mongo_monitoring_pwd
|
||||||
|
```
|
||||||
|
|
||||||
Dependencies
|
Dependencies
|
||||||
------------
|
------------
|
||||||
|
|
||||||
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
|
None
|
||||||
|
|
||||||
Example Playbook
|
|
||||||
----------------
|
|
||||||
|
|
||||||
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
|
|
||||||
|
|
||||||
- hosts: servers
|
|
||||||
roles:
|
|
||||||
- { role: username.rolename, x: 42 }
|
|
||||||
|
|
||||||
License
|
License
|
||||||
-------
|
-------
|
||||||
|
@ -35,4 +108,4 @@ EUPL-1.2
|
||||||
Author Information
|
Author Information
|
||||||
------------------
|
------------------
|
||||||
|
|
||||||
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
|
Andrea Dell'Amico, <andrea.dellamico@isti.cnr.it>
|
||||||
|
|
|
@ -1,2 +1,86 @@
|
||||||
---
|
---
|
||||||
# defaults file for ansible-role-template
|
mongodb_install_from_external_repo: False
|
||||||
|
mongodb_repo_keys:
|
||||||
|
- 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5
|
||||||
|
- EA312927
|
||||||
|
- 0C49F3730359A14518585931BC711F9BA15703C6
|
||||||
|
mongodb_apt_repository: "deb http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/{{ mongodb_version }} multiverse"
|
||||||
|
|
||||||
|
mongodb_old_repositories:
|
||||||
|
- "deb http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/3.0 multiverse"
|
||||||
|
- "deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen"
|
||||||
|
|
||||||
|
mongodb_install_packages: True
|
||||||
|
mongodb_install_server: True
|
||||||
|
mongodb_install_conf: True
|
||||||
|
mongodb_upgrade_from_older_version: False
|
||||||
|
mongodb_version: 3.6
|
||||||
|
# Set to 'latest' if you want to get the latest available package
|
||||||
|
mongodb_pkg_state: present
|
||||||
|
mongodb_server_pkgs_external_repo:
|
||||||
|
- mongodb-org
|
||||||
|
- mongodb-org-mongos
|
||||||
|
- mongodb-org-server
|
||||||
|
- mongodb-org-shell
|
||||||
|
- mongodb-org-tools
|
||||||
|
|
||||||
|
mongodb_client_pkgs_external_repo:
|
||||||
|
- mongodb-org-shell
|
||||||
|
|
||||||
|
mongodb_server_pkgs:
|
||||||
|
- mongodb
|
||||||
|
- mongodb-server
|
||||||
|
- mongo-tools
|
||||||
|
|
||||||
|
mongodb_client_pkgs:
|
||||||
|
- mongodb-clients
|
||||||
|
|
||||||
|
mongodb_start_server: 'yes'
|
||||||
|
mongodb_tcp_port: 27017
|
||||||
|
mongo_bind_ip: 0.0.0.0
|
||||||
|
mongodb_http_interface: 'false'
|
||||||
|
mongodb_user: mongodb
|
||||||
|
mongodb_group: mongodb
|
||||||
|
mongodb_logdir: /var/log/mongodb
|
||||||
|
mongodb_log_file: mongod.log
|
||||||
|
mongodb_logpath: '{{ mongodb_logdir }}/{{ mongodb_log_file }}'
|
||||||
|
mongodb_dbpath: /var/lib/mongodb
|
||||||
|
mongodb_directoryperdb: 'false'
|
||||||
|
mongodb_conf_file: /etc/mongod.conf
|
||||||
|
mongodb_daemon: /usr/bin/mongod
|
||||||
|
mongod_additional_options: ""
|
||||||
|
mongodb_allowed_hosts:
|
||||||
|
- 127.0.0.1/8
|
||||||
|
- '{{ ansible_default_ipv4.address }}/32'
|
||||||
|
|
||||||
|
mongodb_storage_engine: wiredTiger
|
||||||
|
|
||||||
|
mongodb_ssl_enabled: True
|
||||||
|
mongodb_ssl_letsencrypt_managed: True
|
||||||
|
mongodb_ssl_letsencrypt_ca_dir: '/etc/ssl/certs'
|
||||||
|
# Default CA file on Ubuntu
|
||||||
|
mongodb_ssl_letsencrypt_ca_filename: 'ca-certificates.crt'
|
||||||
|
# Options: disabled, requireSSL, allowSSL, preferSSL
|
||||||
|
mongodb_ssl_mode: requireSSL
|
||||||
|
mongodb_ssl_cert_dir: /etc/pki/mongodb
|
||||||
|
mongodb_ssl_certkey_file: '{{ mongodb_ssl_cert_dir }}/mongodb.pem'
|
||||||
|
mongodb_ssl_CA_file: '{{ mongodb_ssl_letsencrypt_ca_dir }}/{{ mongodb_ssl_letsencrypt_ca_filename }}'
|
||||||
|
mongodb_ssl_allowConnectionsWithoutCertificates: 'true'
|
||||||
|
mongodb_ssl_disabled_protocols: 'TLS1_0,TLS1_1'
|
||||||
|
|
||||||
|
# Do not change the default. We do not manage a logrotate configuration yet
|
||||||
|
mongodb_logrotate_management: True
|
||||||
|
mongodb_systemlog_external_logrotate: False
|
||||||
|
mongodb_systemlog_destination: file
|
||||||
|
mongodb_log_retain_days: 7
|
||||||
|
# Not used anymore inside the template. Now we use different values based on mongodb_systemlog_external_logrotate
|
||||||
|
mongodb_systemlog_logappend: 'true'
|
||||||
|
mongodb_systemlog_logrotate: reopen
|
||||||
|
|
||||||
|
mongodb_cluster_enabled: False
|
||||||
|
mongodb_authorization_enabled: False
|
||||||
|
mongodb_replicaset: storagedev
|
||||||
|
mongodb_replica_keyfile: '{{ mongodb_dbpath }}/replica_keyfile'
|
||||||
|
|
||||||
|
# User and password are stored in the variables mongo_monitoring_u and mongo_monitoring_pwd
|
||||||
|
|
||||||
|
|
|
@ -1,2 +1,9 @@
|
||||||
---
|
---
|
||||||
# handlers file for ansible-role-template
|
- name: Restart mongod
|
||||||
|
service: name=mongod state=restarted
|
||||||
|
when: "'{{ mongodb_start_server }}' == 'yes'"
|
||||||
|
|
||||||
|
- name: Restart mongodb
|
||||||
|
service: name=mongodb state=restarted
|
||||||
|
when: "'{{ mongodb_start_server }}' == 'yes'"
|
||||||
|
|
||||||
|
|
|
@ -1,46 +1,23 @@
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
author: your name
|
author: Andrea Dell'Amico
|
||||||
description: your description
|
description: Systems Architect
|
||||||
company: your company (optional)
|
company: ISTI-CNR
|
||||||
|
|
||||||
# If the issue tracker for your role is not on github, uncomment the
|
issue_tracker_url: https://redmine-s2i2s.isti.cnr.it/projects/provisioning
|
||||||
# next line and provide a value
|
|
||||||
issue_tracker_url: https://support.d4science.org/projects/automatic-provisioning/issues
|
|
||||||
|
|
||||||
license: EUPL-1.2
|
license: EUPL 1.2+
|
||||||
|
|
||||||
min_ansible_version: 2.8
|
min_ansible_version: 2.8
|
||||||
|
|
||||||
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
|
||||||
# min_ansible_container_version:
|
|
||||||
|
|
||||||
# Optionally specify the branch Galaxy will use when accessing the GitHub
|
|
||||||
# repo for this role. During role install, if no tags are available,
|
|
||||||
# Galaxy will use this branch. During import Galaxy will access files on
|
|
||||||
# this branch. If Travis integration is configured, only notifications for this
|
|
||||||
# branch will be accepted. Otherwise, in all cases, the repo's default branch
|
|
||||||
# (usually master) will be used.
|
|
||||||
#github_branch:
|
|
||||||
|
|
||||||
#
|
|
||||||
# Provide a list of supported platforms, and for each platform a list of versions.
|
|
||||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
|
||||||
# To view available platforms and versions (or releases), visit:
|
# To view available platforms and versions (or releases), visit:
|
||||||
# https://galaxy.ansible.com/api/v1/platforms/
|
# https://galaxy.ansible.com/api/v1/platforms/
|
||||||
#
|
#
|
||||||
platforms:
|
platforms:
|
||||||
- name: Ubuntu
|
- name: Ubuntu
|
||||||
versions:
|
versions:
|
||||||
- bionic
|
- bionic
|
||||||
|
|
||||||
galaxy_tags: []
|
galaxy_tags:
|
||||||
# List tags for your role here, one per line. A tag is a keyword that describes
|
- mongodb
|
||||||
# and categorizes the role. Users find roles by searching for tags. Be sure to
|
|
||||||
# remove the '[]' above, if you add tags to this list.
|
|
||||||
#
|
|
||||||
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
|
|
||||||
# Maximum 20 tags per role.
|
|
||||||
|
|
||||||
dependencies: []
|
dependencies: []
|
||||||
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
|
||||||
# if you add dependencies to this list.
|
|
|
@ -1,2 +1,4 @@
|
||||||
---
|
---
|
||||||
# tasks file for ansible-role-template
|
- import_tasks: mongodb.yml
|
||||||
|
- import_tasks: mongodb-letsencrypt-acmetool.yml
|
||||||
|
when: mongodb_ssl_letsencrypt_managed
|
||||||
|
|
|
@ -0,0 +1,38 @@
|
||||||
|
---
|
||||||
|
- block:
|
||||||
|
- name: Create the acme hooks directory if it does not yet exist
|
||||||
|
file:
|
||||||
|
dest: '{{ letsencrypt_acme_services_scripts_dir }}'
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
|
||||||
|
- name: Install a script that fix the letsencrypt certificate for mongodb and then reload the service
|
||||||
|
template:
|
||||||
|
src: mongodb-letsencrypt-acmetool.sh.j2
|
||||||
|
dest: '{{ letsencrypt_acme_services_scripts_dir }}/mongodb'
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 4555
|
||||||
|
|
||||||
|
- name: Create the mongodb certificate directory
|
||||||
|
file:
|
||||||
|
dest: '{{ mongodb_ssl_cert_dir }}'
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: mongodb
|
||||||
|
mode: 0750
|
||||||
|
|
||||||
|
- name: Verify if the mongodb pem file exists
|
||||||
|
stat:
|
||||||
|
path: '{{ mongodb_ssl_certkey_file }}'
|
||||||
|
register: mongodb_pem
|
||||||
|
|
||||||
|
- name: Copy the certificate and its key where the mongo server expects it
|
||||||
|
command: "{{ letsencrypt_acme_services_scripts_dir }}/mongodb"
|
||||||
|
when: not mongodb_pem.stat.exists
|
||||||
|
|
||||||
|
when:
|
||||||
|
- mongodb_ssl_letsencrypt_managed
|
||||||
|
- letsencrypt_acme_install
|
||||||
|
tags: [ 'mongodb', 'letsencrypt', 'mongodb_letsencrypt' ]
|
|
@ -0,0 +1,131 @@
|
||||||
|
---
|
||||||
|
- block:
|
||||||
|
- name: Check if Service mongod Exists
|
||||||
|
stat: path=/etc/init/mongod
|
||||||
|
register: service_mongod_status
|
||||||
|
tags: mongodb
|
||||||
|
|
||||||
|
- name: Ensure mongod is stopped and disabled
|
||||||
|
service: name=mongod state=stopped enabled=no
|
||||||
|
when:
|
||||||
|
- service_mongod_status.stat.exists
|
||||||
|
- mongodb_start_server is defined
|
||||||
|
- mongodb_start_server == 'no'
|
||||||
|
- mongodb_install_conf
|
||||||
|
|
||||||
|
when:
|
||||||
|
- mongodb_install_server
|
||||||
|
- mongodb_install_from_external_repo
|
||||||
|
tags: mongodb
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: Install the mongodb-org apt keys
|
||||||
|
apt_key: keyserver='hkp://keyserver.ubuntu.com:80' id={{ item }} state=present
|
||||||
|
with_items: '{{ mongodb_repo_keys }}'
|
||||||
|
when: mongodb_install_from_external_repo
|
||||||
|
register: apt_key_update_cache
|
||||||
|
|
||||||
|
- name: Remove the old mongodb-org apt repositories
|
||||||
|
apt_repository: repo='{{ item }}' state=absent update_cache=yes
|
||||||
|
with_items: '{{ mongodb_old_repositories }}'
|
||||||
|
when: mongodb_upgrade_from_older_version
|
||||||
|
|
||||||
|
- name: Install the mongodb-org repository
|
||||||
|
apt_repository: repo="{{ mongodb_apt_repository }}" update_cache=yes state=present
|
||||||
|
|
||||||
|
- name: Install/Update the mongodb-org configuration
|
||||||
|
template: src=mongod-{{ mongodb_version }}.conf.j2 dest=/etc/mongod.conf owner=root group=root mode=0444 backup=yes
|
||||||
|
when: mongodb_install_conf
|
||||||
|
notify: Restart mongodb
|
||||||
|
tags: [ 'mongodb', 'mongodb_update_conf', 'mongodb_keyfile' ]
|
||||||
|
|
||||||
|
when:
|
||||||
|
- mongodb_install_server
|
||||||
|
- mongodb_install_from_external_repo
|
||||||
|
tags: [ 'mongodb' ]
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: We are upgrading, install the latest version of the mongodb-org packages, external repository
|
||||||
|
apt: pkg={{ mongodb_server_pkgs_external_repo }} state=latest update_cache=yes cache_valid_time=1800
|
||||||
|
when: mongodb_upgrade_from_older_version
|
||||||
|
|
||||||
|
- name: Install the mongodb-org packages, external repository
|
||||||
|
apt: pkg={{ mongodb_server_pkgs_external_repo }} state={{ mongodb_pkg_state }} update_cache=yes cache_valid_time=1800
|
||||||
|
|
||||||
|
- name: Install the mongodb-org defaults file
|
||||||
|
template: src=mongod-default.j2 dest=/etc/default/mongod owner=root group=root mode=0444
|
||||||
|
when: mongodb_install_conf
|
||||||
|
notify: Restart mongod
|
||||||
|
tags: [ 'mongodb', 'mongodb_update_conf' ]
|
||||||
|
|
||||||
|
when:
|
||||||
|
- mongodb_install_server
|
||||||
|
- mongodb_install_packages
|
||||||
|
- mongodb_install_from_external_repo
|
||||||
|
tags: mongodb
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: We are upgrading, install the latest version of the mongodb packages
|
||||||
|
apt: pkg={{ mongodb_server_pkgs }} state=latest update_cache=yes cache_valid_time=1800
|
||||||
|
when: mongodb_upgrade_from_older_version
|
||||||
|
|
||||||
|
- name: Install the mongodb packages
|
||||||
|
apt: pkg={{ mongodb_server_pkgs }} state={{ mongodb_pkg_state }} update_cache=yes cache_valid_time=1800
|
||||||
|
|
||||||
|
- name: Install/Update the mongodb configuration
|
||||||
|
template: src=mongod-{{ mongodb_version }}.conf.j2 dest=/etc/mongodb.conf owner=root group=root mode=0444 backup=yes
|
||||||
|
when: mongodb_install_conf
|
||||||
|
notify: Restart mongod
|
||||||
|
tags: [ 'mongodb', 'mongodb_update_conf' ]
|
||||||
|
|
||||||
|
when:
|
||||||
|
- mongodb_install_server
|
||||||
|
- mongodb_install_packages
|
||||||
|
- not mongodb_install_from_external_repo
|
||||||
|
tags: mongodb
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: Create the mongodb log directory
|
||||||
|
file: dest={{ mongodb_logdir }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755
|
||||||
|
when: mongodb_install_conf
|
||||||
|
|
||||||
|
- name: Create the mongodb db directory
|
||||||
|
file: dest={{ mongodb_dbpath }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755
|
||||||
|
when: mongodb_install_conf
|
||||||
|
|
||||||
|
- name: Install the cron job that manages log files rotation
|
||||||
|
template: src=mongo_log_rotate.sh.j2 dest=/etc/cron.daily/mongo_log_rotate owner=root group=root mode=0555
|
||||||
|
when: not mongodb_systemlog_external_logrotate
|
||||||
|
|
||||||
|
when: mongodb_install_server
|
||||||
|
tags: mongodb
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: Ensure mongodb is started and enabled
|
||||||
|
service: name=mongodb state=started enabled=yes
|
||||||
|
|
||||||
|
when:
|
||||||
|
- mongodb_install_server
|
||||||
|
- mongodb_start_server == 'yes'
|
||||||
|
- not mongodb_install_from_external_repo
|
||||||
|
tags: mongodb
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: Ensure mongodb-org is started and enabled
|
||||||
|
service: name=mongod state=started enabled=yes
|
||||||
|
|
||||||
|
when:
|
||||||
|
- mongodb_install_server
|
||||||
|
- mongodb_start_server == 'yes'
|
||||||
|
- mongodb_install_from_external_repo
|
||||||
|
tags: mongodb
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: Install the mongodb client packages
|
||||||
|
apt: pkg={{ mongodb_client_pkgs }} state={{ mongodb_pkg_state }} cache_valid_time=1800
|
||||||
|
|
||||||
|
- name: Install the mongodb client packages, external repository
|
||||||
|
apt: pkg={{ mongodb_client_pkgs_external_repo }} state={{ mongodb_pkg_state }} cache_valid_time=1800
|
||||||
|
|
||||||
|
when: not mongodb_install_server
|
||||||
|
tags: [ 'mongodb', 'mongodb_client' ]
|
|
@ -0,0 +1,14 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
MONGO_PID_FILE={{ mongodb_dbpath }}/mongod.lock
|
||||||
|
LOG_RETAIN_DAYS={{ mongodb_log_retain_days }}
|
||||||
|
RETVAL=
|
||||||
|
|
||||||
|
MONGO_PID=$( cat $MONGO_PID_FILE )
|
||||||
|
# Tell mongo to rotate its log file
|
||||||
|
kill -SIGUSR1 $MONGO_PID
|
||||||
|
|
||||||
|
RETVAL=$?
|
||||||
|
|
||||||
|
# Remove the old log files
|
||||||
|
find {{ mongodb_logdir }} -name "{{ mongodb_log_file }}.*" -ctime +$LOG_RETAIN_DAYS -exec rm -f {} \;
|
|
@ -0,0 +1,54 @@
|
||||||
|
# mongod.conf
|
||||||
|
|
||||||
|
# for documentation of all options, see:
|
||||||
|
# http://docs.mongodb.org/manual/reference/configuration-options/
|
||||||
|
|
||||||
|
# Where and how to store data.
|
||||||
|
storage:
|
||||||
|
dbPath: {{ mongodb_dbpath }}
|
||||||
|
journal:
|
||||||
|
enabled: true
|
||||||
|
directoryPerDB: {{ mongodb_directoryperdb }}
|
||||||
|
engine: {{ mongodb_storage_engine }}
|
||||||
|
# mmapv1:
|
||||||
|
# wiredTiger:
|
||||||
|
|
||||||
|
# where to write logging data.
|
||||||
|
systemLog:
|
||||||
|
destination: {{ mongodb_systemlog_destination }}
|
||||||
|
path: {{ mongodb_logpath }}
|
||||||
|
{% if not mongodb_systemlog_external_logrotate %}
|
||||||
|
logRotate: rename
|
||||||
|
logAppend: false
|
||||||
|
{% else %}
|
||||||
|
logRotate: reopen
|
||||||
|
logAppend: true
|
||||||
|
{% endif %}
|
||||||
|
# network interfaces
|
||||||
|
net:
|
||||||
|
port: {{ mongodb_tcp_port }}
|
||||||
|
bindIp: {{ mongo_bind_ip }}
|
||||||
|
http:
|
||||||
|
enabled: {{ mongodb_http_interface }}
|
||||||
|
JSONPEnabled: {{ mongodb_http_interface }}
|
||||||
|
RESTInterfaceEnabled: {{ mongodb_http_interface }}
|
||||||
|
{% if mongodb_ssl_enabled %}
|
||||||
|
ssl:
|
||||||
|
mode: {{ mongodb_ssl_mode }}
|
||||||
|
PEMKeyFile: '{{ mongodb_ssl_certkey_file }}'
|
||||||
|
CAFile: '{{ mongodb_ssl_CA_file }}'
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
#processManagement:
|
||||||
|
|
||||||
|
{%if mongodb_cluster_enabled %}
|
||||||
|
security:
|
||||||
|
keyFile: /data/mongo_home/dev-d4science-keyfile
|
||||||
|
|
||||||
|
replication:
|
||||||
|
oplogSizeMB: 2000
|
||||||
|
replSetName: {{ mongodb_replicaset }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
#sharding:
|
||||||
|
|
|
@ -0,0 +1,54 @@
|
||||||
|
# mongod.conf
|
||||||
|
|
||||||
|
# for documentation of all options, see:
|
||||||
|
# http://docs.mongodb.org/manual/reference/configuration-options/
|
||||||
|
|
||||||
|
# Where and how to store data.
|
||||||
|
storage:
|
||||||
|
dbPath: {{ mongodb_dbpath }}
|
||||||
|
journal:
|
||||||
|
enabled: true
|
||||||
|
directoryPerDB: {{ mongodb_directoryperdb }}
|
||||||
|
engine: {{ mongodb_storage_engine }}
|
||||||
|
# mmapv1:
|
||||||
|
# wiredTiger:
|
||||||
|
|
||||||
|
# where to write logging data.
|
||||||
|
systemLog:
|
||||||
|
destination: {{ mongodb_systemlog_destination }}
|
||||||
|
path: {{ mongodb_logpath }}
|
||||||
|
{% if not mongodb_systemlog_external_logrotate %}
|
||||||
|
logRotate: rename
|
||||||
|
logAppend: false
|
||||||
|
{% else %}
|
||||||
|
logRotate: reopen
|
||||||
|
logAppend: true
|
||||||
|
{% endif %}
|
||||||
|
# network interfaces
|
||||||
|
net:
|
||||||
|
port: {{ mongodb_tcp_port }}
|
||||||
|
bindIp: {{ mongo_bind_ip }}
|
||||||
|
http:
|
||||||
|
enabled: {{ mongodb_http_interface }}
|
||||||
|
JSONPEnabled: {{ mongodb_http_interface }}
|
||||||
|
RESTInterfaceEnabled: {{ mongodb_http_interface }}
|
||||||
|
{% if mongodb_ssl_enabled %}
|
||||||
|
ssl:
|
||||||
|
mode: {{ mongodb_ssl_mode }}
|
||||||
|
PEMKeyFile: '{{ mongodb_ssl_certkey_file }}'
|
||||||
|
CAFile: '{{ mongodb_ssl_CA_file }}'
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
#processManagement:
|
||||||
|
|
||||||
|
{%if mongodb_cluster_enabled %}
|
||||||
|
security:
|
||||||
|
keyFile: /data/mongo_home/dev-d4science-keyfile
|
||||||
|
|
||||||
|
replication:
|
||||||
|
oplogSizeMB: 2000
|
||||||
|
replSetName: {{ mongodb_replicaset }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
#sharding:
|
||||||
|
|
|
@ -0,0 +1,61 @@
|
||||||
|
# mongod.conf
|
||||||
|
|
||||||
|
# for documentation of all options, see:
|
||||||
|
# http://docs.mongodb.org/manual/reference/configuration-options/
|
||||||
|
|
||||||
|
# Where and how to store data.
|
||||||
|
storage:
|
||||||
|
dbPath: {{ mongodb_dbpath }}
|
||||||
|
journal:
|
||||||
|
enabled: true
|
||||||
|
directoryPerDB: {{ mongodb_directoryperdb }}
|
||||||
|
engine: {{ mongodb_storage_engine }}
|
||||||
|
# mmapv1:
|
||||||
|
# wiredTiger:
|
||||||
|
|
||||||
|
# where to write logging data.
|
||||||
|
systemLog:
|
||||||
|
destination: {{ mongodb_systemlog_destination }}
|
||||||
|
{% if mongodb_logrotate_management %}
|
||||||
|
{% if not mongodb_systemlog_external_logrotate %}
|
||||||
|
logRotate: rename
|
||||||
|
logAppend: false
|
||||||
|
{% else %}
|
||||||
|
logRotate: reopen
|
||||||
|
logAppend: true
|
||||||
|
{% endif %}
|
||||||
|
{% else %}
|
||||||
|
logAppend: true
|
||||||
|
{% endif %}
|
||||||
|
path: {{ mongodb_logpath }}
|
||||||
|
# network information
|
||||||
|
net:
|
||||||
|
port: {{ mongodb_tcp_port }}
|
||||||
|
bindIp: {{ mongo_bind_ip }}
|
||||||
|
{% if mongodb_ssl_enabled %}
|
||||||
|
ssl:
|
||||||
|
mode: {{ mongodb_ssl_mode }}
|
||||||
|
PEMKeyFile: '{{ mongodb_ssl_certkey_file }}'
|
||||||
|
CAFile: '{{ mongodb_ssl_CA_file }}'
|
||||||
|
disabledProtocols: {{ mongodb_ssl_disabled_protocols }}
|
||||||
|
allowConnectionsWithoutCertificates: {{ mongodb_ssl_allowConnectionsWithoutCertificates }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
#processManagement:
|
||||||
|
{% if mongodb_authorization_enabled or mongodb_cluster_enabled %}
|
||||||
|
security:
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if mongodb_authorization_enabled %}
|
||||||
|
authorization: enabled
|
||||||
|
{% endif %}
|
||||||
|
{%if mongodb_cluster_enabled %}
|
||||||
|
keyFile: {{ mongodb_replica_keyfile }}
|
||||||
|
|
||||||
|
replication:
|
||||||
|
oplogSizeMB: {{ mongodb_oplog_size }}
|
||||||
|
replSetName: {{ mongodb_replicaset }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
#sharding:
|
||||||
|
|
|
@ -0,0 +1,52 @@
|
||||||
|
# mongod.conf
|
||||||
|
|
||||||
|
# for documentation of all options, see:
|
||||||
|
# http://docs.mongodb.org/manual/reference/configuration-options/
|
||||||
|
|
||||||
|
# Where and how to store data.
|
||||||
|
storage:
|
||||||
|
dbPath: {{ mongodb_dbpath }}
|
||||||
|
journal:
|
||||||
|
enabled: true
|
||||||
|
directoryPerDB: {{ mongodb_directoryperdb }}
|
||||||
|
engine: {{ mongodb_storage_engine }}
|
||||||
|
# mmapv1:
|
||||||
|
# wiredTiger:
|
||||||
|
|
||||||
|
# where to write logging data.
|
||||||
|
systemLog:
|
||||||
|
destination: {{ mongodb_systemlog_destination }}
|
||||||
|
path: {{ mongodb_logpath }}
|
||||||
|
{% if not mongodb_systemlog_external_logrotate %}
|
||||||
|
logRotate: rename
|
||||||
|
logAppend: false
|
||||||
|
{% else %}
|
||||||
|
logRotate: reopen
|
||||||
|
logAppend: true
|
||||||
|
{% endif %}
|
||||||
|
# network interfaces
|
||||||
|
net:
|
||||||
|
port: {{ mongodb_tcp_port }}
|
||||||
|
bindIp: {{ mongo_bind_ip }}
|
||||||
|
{% if mongodb_ssl_enabled %}
|
||||||
|
ssl:
|
||||||
|
mode: {{ mongodb_ssl_mode }}
|
||||||
|
PEMKeyFile: '{{ mongodb_ssl_certkey_file }}'
|
||||||
|
CAFile: '{{ mongodb_ssl_CA_file }}'
|
||||||
|
disabledProtocols: {{ mongodb_ssl_disabled_protocols }}
|
||||||
|
allowConnectionsWithoutCertificates: {{ mongodb_ssl_allowConnectionsWithoutCertificates }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
#processManagement:
|
||||||
|
|
||||||
|
{%if mongodb_cluster_enabled %}
|
||||||
|
security:
|
||||||
|
keyFile: /data/mongo_home/dev-d4science-keyfile
|
||||||
|
|
||||||
|
replication:
|
||||||
|
oplogSizeMB: 2000
|
||||||
|
replSetName: {{ mongodb_replicaset }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
#sharding:
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
ENABLE_MONGOD="{{ mongodb_start_server }}"
|
||||||
|
CONF={{ mongodb_conf_file }}
|
||||||
|
DAEMON={{ mongodb_daemon }}
|
||||||
|
DAEMONUSER={{ mongodb_user }}
|
||||||
|
DAEMON_OPTS="{{ mongod_additional_options }} --config $CONF"
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
H_NAME={{ letsencrypt_acme_sh_certificates_install_dir }}
|
||||||
|
LE_SERVICES_SCRIPT_DIR=/usr/lib/acme/hooks
|
||||||
|
LE_CERTS_DIR=/var/lib/acme/live/$H_NAME
|
||||||
|
LE_LOG_DIR=/var/log/letsencrypt
|
||||||
|
[ ! -d $LE_LOG_DIR ] && mkdir $LE_LOG_DIR
|
||||||
|
MONGODB_CERTDIR=/etc/pki/mongodb
|
||||||
|
MONGODB_CERTFILE=$MONGODB_CERTDIR/mongodb.pem
|
||||||
|
DATE=$( date )
|
||||||
|
echo "$DATE" > $LE_LOG_DIR/mongodb.log
|
||||||
|
|
||||||
|
[ ! -d $MONGODB_CERTDIR ] && mkdir $MONGODB_CERTDIR
|
||||||
|
|
||||||
|
echo "Building the new certificate file" >> $LE_LOG_DIR/mongodb.log
|
||||||
|
cat ${LE_CERTS_DIR}/{cert,privkey} > ${MONGODB_CERTFILE}
|
||||||
|
chmod 440 ${MONGODB_CERTFILE}
|
||||||
|
chgrp mongodb ${MONGODB_CERTFILE}
|
||||||
|
|
||||||
|
{% if mongodb_ssl_enabled %}
|
||||||
|
echo "Reload the mongod service" >> "$LE_LOG_DIR/mongodb.log"
|
||||||
|
{% if mongodb_install_from_external_repo %}
|
||||||
|
service mongod stop >> "$LE_LOG_DIR/mongodb.log" 2>&1
|
||||||
|
sleep 10
|
||||||
|
service mongod start >> "$LE_LOG_DIR/mongodb.log" 2>&1
|
||||||
|
{% else %}
|
||||||
|
systemctl stop mongodb >> "$LE_LOG_DIR/mongodb.log" 2>&1
|
||||||
|
sleep 10
|
||||||
|
systemctl start mongodb >> "$LE_LOG_DIR/mongodb.log" 2>&1
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
echo "Done." >> $LE_LOG_DIR/mongodb.log
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
|
|
@ -1,2 +1,4 @@
|
||||||
---
|
---
|
||||||
# vars file for ansible-role-template
|
# IMPORTANT: mongodb does not support ecdsa keys, but it starts anyway without any error.
|
||||||
|
letsencrypt_acme_sh_use_ecc: False
|
||||||
|
trusted_ca_letsencrypt_install: '{{ mongodb_ssl_letsencrypt_managed }}'
|
||||||
|
|
Loading…
Reference in New Issue