New default version for the prometheus exporter.

Reviewed-on: #3

defaults/main.yml

@@ -49,9 +49,9 @@ mongodb_directoryperdb: 'false'
 mongodb_conf_file: /etc/mongod.conf
 mongodb_daemon: /usr/bin/mongod
 mongod_additional_options: ""
-mongodb_allowed_hosts:
-  - 127.0.0.1/8
-  - '{{ ansible_default_ipv4.address }}/32'
+# mongodb_allowed_hosts:
+#  - 127.0.0.1/8
+#  - '{{ ansible_default_ipv4.address }}/32'
 
 mongodb_storage_engine: wiredTiger
 
@@ -81,6 +81,28 @@ mongodb_cluster_enabled: False
 mongodb_authorization_enabled: False
 mongodb_replicaset: storagedev
 mongodb_replica_keyfile: '{{ mongodb_dbpath }}/replica_keyfile'
+mongodb_oplog_size: 2000
 
-# User and password are stored in the variables mongo_monitoring_u and mongo_monitoring_pwd
-
+# Prometheus metrics
+mongodb_prometheus_exporter_enabled: false
+mongodb_prometheus_exporter_version: '0.39.0'
+mongodb_prometheus_exporter_dir: 'mongodb_exporter-{{ mongodb_prometheus_exporter_version }}.linux-amd64'
+mongodb_prometheus_exporter_file: '{{ mongodb_prometheus_exporter_dir }}.tar.gz'
+mongodb_prometheus_exporter_download_url: 'https://github.com/percona/mongodb_exporter/releases/download/v{{ mongodb_prometheus_exporter_version }}/{{ mongodb_prometheus_exporter_file }}'
+mongodb_prometheus_exporter_port: 9216
+mongodb_prometheus_exporter_loglevel: error
+mongodb_prometheus_exporter_collstat_limit: '20'
+mongodb_prometheus_exporter_opts: '--web.listen-address=":{{ mongodb_prometheus_exporter_port }}" --log.level={{ mongodb_prometheus_exporter_loglevel }}'
+mongodb_prometheus_exporter_connection_opts: '--mongodb.uri="mongodb://{{ mongodb_prometheus_exporter_connection_user }}:{{ mongodb_prometheus_exporter_connection_password }}@{{ mongodb_prometheus_exporter_connection_host }}/{{ mongodb_prometheus_exporter_connection_params }}"'
+mongodb_prometheus_exporter_collect_opts: '--mongodb.global-conn-pool --mongodb.direct-connect=true --collector.topmetrics --discovering-mode --collector.dbstats --collector.collstats-limit={{ mongodb_prometheus_exporter_collstat_limit }}'
+mongodb_prometheus_exporter_enable_compatible_mode: False
+# List the additional options here
+mongodb_prometheus_exporter_additional_opts: ''
+mongodb_prometheus_exporter_user: prometheus_mongodb
+mongodb_prometheus_exporter_home: '/opt/{{ mongodb_prometheus_exporter_user }}'
+mongodb_prometheus_exporter_dist_dir: '{{ mongodb_prometheus_exporter_home }}/dist'
+mongodb_prometheus_exporter_cmd: '{{ mongodb_prometheus_exporter_dist_dir }}/{{ mongodb_prometheus_exporter_dir }}/mongodb_exporter'
+mongodb_prometheus_exporter_connection_host: 'localhost:27017'
+mongodb_prometheus_exporter_connection_user: monitor
+#mongodb_prometheus_exporter_connection_password: 'use a vault'
+mongodb_prometheus_exporter_connection_params: 'admin?ssl=true'

handlers/main.yml

@@ -7,3 +7,11 @@
   service: name=mongodb state=restarted
   when: "'{{ mongodb_start_server }}' == 'yes'"
 
+- name: Restart mongodb exporter
+  ansible.builtin.service:
+    name: mongodb_exporter
+    state: restarted
+
+- name: Reload the systemd data
+  systemd:
+    daemon_reload: yes

tasks/main.yml

@@ -2,3 +2,4 @@
 - import_tasks: mongodb.yml
 - import_tasks: mongodb-letsencrypt-acmetool.yml
   when: mongodb_ssl_letsencrypt_managed
+- import_tasks: mongodb-prometheus-exporter.yml

tasks/mongodb-prometheus-exporter.yml

@@ -0,0 +1,70 @@
+---
+- name: Mongodb exporter
+  block:
+    - name: Create the user under the mongodb exporter will run
+      ansible.builtin.user:
+        name: '{{ mongodb_prometheus_exporter_user }}'
+        home: '{{ mongodb_prometheus_exporter_home }}'
+        createhome: no
+        shell: /usr/sbin/nologin
+        system: yes
+
+    - name: Create the prometheus mongodb exporter base directory
+      ansible.builtin.file:
+        dest: '{{ item }}'
+        state: directory
+        owner: root
+        group: root
+      loop:
+        - '{{ mongodb_prometheus_exporter_home }}'
+        - '{{ mongodb_prometheus_exporter_dist_dir }}'
+
+    - name: Download the prometheus mongodb exporter
+      ansible.builtin.get_url:
+        url: '{{ mongodb_prometheus_exporter_download_url }}'
+        dest: /srv/
+
+    - name: Unarchive the prometheus distribution
+      ansible.builtin.unarchive:
+        src: '/srv/{{ mongodb_prometheus_exporter_file }}'
+        dest: '{{ mongodb_prometheus_exporter_dist_dir }}'
+        remote_src: yes
+        owner: root
+        group: root
+      args:
+        creates: '{{ mongodb_prometheus_exporter_dist_dir }}/{{ mongodb_prometheus_exporter_dir }}/mongodb_exporter'
+      notify: Restart mongodb exporter
+
+    - name: Install the prometheus node exporter upstart script
+      ansible.builtin.template:
+        src: mongodb_exporter.upstart.j2
+        dest: /etc/init/mongodb_exporter.conf
+        mode: 0644
+        owner: root
+        group: root
+      when: ansible_service_mgr != 'systemd'
+      notify: Restart mongodb exporter
+
+    - name: Install the prometheus mongodb exporter systemd unit
+      ansible.builtin.template:
+        src: mongodb_exporter.service.j2
+        dest: /etc/systemd/system/mongodb_exporter.service
+        mode: 0644
+        owner: root
+        group: root
+      when: ansible_service_mgr == 'systemd'
+      notify:
+        - Reload the systemd data
+        - Restart mongodb exporter
+
+    - ansible.builtin.meta: flush_handlers
+
+    - name: Ensure that prometheus mongodb_exporter is started and enabled
+      ansible.builtin.service:
+        name: mongodb_exporter
+        state: started
+        enabled: yes
+
+  when: mongodb_prometheus_exporter_enabled
+  tags: [ 'mongodb', 'prometheus', 'mongodb_prometheus' ]
+

tasks/mongodb.yml

@@ -36,7 +36,7 @@
     - name: Install/Update the mongodb-org configuration
       template: src=mongod-{{ mongodb_version }}.conf.j2 dest=/etc/mongod.conf owner=root group=root mode=0444 backup=yes
       when: mongodb_install_conf
-      notify: Restart mongodb
+      notify: Restart mongod
       tags: [ 'mongodb', 'mongodb_update_conf', 'mongodb_keyfile' ]
 
   when:
@@ -75,7 +75,7 @@
     - name: Install/Update the mongodb configuration
       template: src=mongod-{{ mongodb_version }}.conf.j2 dest=/etc/mongodb.conf owner=root group=root mode=0444 backup=yes
       when: mongodb_install_conf
-      notify: Restart mongod
+      notify: Restart mongodb
       tags: [ 'mongodb', 'mongodb_update_conf' ]
 
   when:

templates/mongod-3.0.conf.j2

@@ -43,7 +43,7 @@ net:
 
 {%if mongodb_cluster_enabled %}
 security:
-  keyFile: /data/mongo_home/dev-d4science-keyfile
+  keyFile: {{ mongodb_replica_keyfile }}
 
 replication:
   oplogSizeMB: 2000

templates/mongod-3.2.conf.j2

@@ -1,54 +0,0 @@
-# mongod.conf
-
-# for documentation of all options, see:
-#   http://docs.mongodb.org/manual/reference/configuration-options/
-
-# Where and how to store data.
-storage:
-  dbPath: {{ mongodb_dbpath }}
-  journal:
-    enabled: true
-  directoryPerDB: {{ mongodb_directoryperdb }}
-  engine: {{ mongodb_storage_engine }}
-#  mmapv1:
-#  wiredTiger:
-
-# where to write logging data.
-systemLog:
-  destination: {{ mongodb_systemlog_destination }}
-  path: {{ mongodb_logpath }}
-{% if not mongodb_systemlog_external_logrotate %}
-  logRotate: rename
-  logAppend: false
-{% else %}
-  logRotate: reopen
-  logAppend: true
-{% endif %}
-# network interfaces
-net:
-  port: {{ mongodb_tcp_port }}
-  bindIp: {{ mongo_bind_ip }}
-  http:
-    enabled: {{ mongodb_http_interface }}
-    JSONPEnabled: {{ mongodb_http_interface }}
-    RESTInterfaceEnabled: {{ mongodb_http_interface }}
-{% if mongodb_ssl_enabled %}
-  ssl:
-    mode: {{ mongodb_ssl_mode }}
-    PEMKeyFile: '{{ mongodb_ssl_certkey_file }}'
-    CAFile: '{{ mongodb_ssl_CA_file }}'
-{% endif %}
-  
-#processManagement:
-
-{%if mongodb_cluster_enabled %}
-security:
-  keyFile: /data/mongo_home/dev-d4science-keyfile
-
-replication:
-  oplogSizeMB: 2000
-  replSetName: {{ mongodb_replicaset }}
-{% endif %}
-
-#sharding:
-

templates/mongod-3.2.conf.j2

@@ -0,0 +1 @@
+mongod-3.0.conf.j2

templates/mongod-3.6.3.conf.j2

@@ -1,52 +0,0 @@
-# mongod.conf
-
-# for documentation of all options, see:
-#   http://docs.mongodb.org/manual/reference/configuration-options/
-
-# Where and how to store data.
-storage:
-  dbPath: {{ mongodb_dbpath }}
-  journal:
-    enabled: true
-  directoryPerDB: {{ mongodb_directoryperdb }}
-  engine: {{ mongodb_storage_engine }}
-#  mmapv1:
-#  wiredTiger:
-
-# where to write logging data.
-systemLog:
-  destination: {{ mongodb_systemlog_destination }}
-  path: {{ mongodb_logpath }}
-{% if not mongodb_systemlog_external_logrotate %}
-  logRotate: rename
-  logAppend: false
-{% else %}
-  logRotate: reopen
-  logAppend: true
-{% endif %}
-# network interfaces
-net:
-  port: {{ mongodb_tcp_port }}
-  bindIp: {{ mongo_bind_ip }}
-{% if mongodb_ssl_enabled %}
-  ssl:
-    mode: {{ mongodb_ssl_mode }}
-    PEMKeyFile: '{{ mongodb_ssl_certkey_file }}'
-    CAFile: '{{ mongodb_ssl_CA_file }}'
-    disabledProtocols: {{ mongodb_ssl_disabled_protocols }}
-    allowConnectionsWithoutCertificates: {{ mongodb_ssl_allowConnectionsWithoutCertificates }}
-{% endif %}
-  
-#processManagement:
-
-{%if mongodb_cluster_enabled %}
-security:
-  keyFile: /data/mongo_home/dev-d4science-keyfile
-
-replication:
-  oplogSizeMB: 2000
-  replSetName: {{ mongodb_replicaset }}
-{% endif %}
-
-#sharding:
-

templates/mongod-3.6.3.conf.j2

@@ -0,0 +1 @@
+mongod-3.6.conf.j2

templates/mongod-3.6.conf.j2

@@ -41,11 +41,12 @@ net:
 
 {%if mongodb_cluster_enabled %}
 security:
-  keyFile: /data/mongo_home/dev-d4science-keyfile
+  keyFile: {{ mongodb_replica_keyfile }}
 
 replication:
-  oplogSizeMB: 2000
+  oplogSizeMB: {{ mongodb_oplog_size }}
   replSetName: {{ mongodb_replicaset }}
+  enableMajorityReadConcern: false
 {% endif %}
 
 #sharding:

templates/mongodb-letsencrypt-acmetool.sh.j2

@@ -12,17 +12,31 @@ echo "$DATE" > $LE_LOG_DIR/mongodb.log
 
 [ ! -d $MONGODB_CERTDIR ] && mkdir $MONGODB_CERTDIR
 
+cat ${LE_CERTS_DIR}/{cert,privkey} > ${MONGODB_CERTFILE}.new
+cmp ${MONGODB_CERTFILE}.new ${MONGODB_CERTFILE} 2>/dev/null
+if [ $? -eq 0 ] ; then
+   echo "The certificate is up to date" >> $LE_LOG_DIR/mongodb.log
+   rm -f ${MONGODB_CERTFILE}.new
+   exit 0
+fi
+
 echo "Building the new certificate file" >> $LE_LOG_DIR/mongodb.log
-cat ${LE_CERTS_DIR}/{cert,privkey} > ${MONGODB_CERTFILE}
+/bin/mv -f ${MONGODB_CERTFILE}.new ${MONGODB_CERTFILE}
 chmod 440 ${MONGODB_CERTFILE}
 chgrp mongodb ${MONGODB_CERTFILE}
 
 {% if mongodb_ssl_enabled %}
-echo "Reload the mongod service" >> "$LE_LOG_DIR/mongodb.log"
+echo "Restart the mongod service, reload is not supported" >> "$LE_LOG_DIR/mongodb.log"
 {% if mongodb_install_from_external_repo %}
-service mongod stop >> "$LE_LOG_DIR/mongodb.log" 2>&1
-sleep 10
-service mongod start >> "$LE_LOG_DIR/mongodb.log" 2>&1
+if [ -x /sbin/stop ] && [ -f /etc/init/mongod.conf ] ; then
+    /sbin/stop mongod >> "$LE_LOG_DIR/mongodb.log" 2>&1
+    sleep 10
+    /sbin/start mongod >> "$LE_LOG_DIR/mongodb.log" 2>&1
+else
+    service mongod stop >> "$LE_LOG_DIR/mongodb.log" 2>&1
+    sleep 10
+    service mongod start >> "$LE_LOG_DIR/mongodb.log" 2>&1
+fi 
 {% else %}
 systemctl stop mongodb >> "$LE_LOG_DIR/mongodb.log" 2>&1
 sleep 10

templates/mongodb_exporter.service.j2

@@ -0,0 +1,15 @@
+[Unit]
+Description=mongodb_exporter - Prometheus exporter for mongodb.
+After=network.target
+
+[Service]
+Type=simple
+Restart=on-failure
+
+User={{ mongodb_prometheus_exporter_user }}
+Group={{ mongodb_prometheus_exporter_user }}
+
+ExecStart={{ mongodb_prometheus_exporter_cmd }} {{ mongodb_prometheus_exporter_opts }} {{ mongodb_prometheus_exporter_additional_opts }} {{ mongodb_prometheus_exporter_collect_opts }} {{ mongodb_prometheus_exporter_connection_opts }}{% if mongodb_prometheus_exporter_enable_compatible_mode %} --compatible-mode{% endif %}
+
+[Install]
+WantedBy=multi-user.target

templates/mongodb_exporter.upstart.j2

@@ -0,0 +1,13 @@
+description "Prometheus mongodb exporter"
+start on (local-filesystems and net-device-up IFACE!=lo)
+stop on runlevel [016]
+
+respawn
+respawn limit 10 5
+setuid {{ mongodb_prometheus_exporter_user }}
+setgid {{ mongodb_prometheus_exporter_user }}
+
+script
+  exec {{ mongodb_prometheus_exporter_cmd }} {{ mongodb_prometheus_exporter_opts }} {{ mongodb_prometheus_exporter_connection_opts }} {{ mongodb_prometheus_exporter_collect_opts }} {{ mongodb_prometheus_exporter_additional_opts }}{% if mongodb_prometheus_exporter_enable_compatible_mode %} --compatible-mode{% endif %}
+
+end script