You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
102 lines
2.4 KiB
102 lines
2.4 KiB
5 years ago
|
---
|
||
|
|
|
||
|
|
- name: Remove versions from the base repo
|
||
|
|
yum:
|
||
|
|
name:
|
||
|
|
- mongodb
|
||
|
|
- mongodb-server
|
||
|
|
state: absent
|
||
|
|
tags: mongo
|
||
|
|
|
||
|
|
- name: Install MongoDB server and tools
|
||
|
|
yum:
|
||
|
|
name:
|
||
|
|
- mongodb-org-server
|
||
|
|
- mongodb-org
|
||
|
|
- python-pymongo
|
||
|
|
tags: mongo
|
||
|
|
|
||
|
|
- name: Create data dir
|
||
|
|
file: path={{ mongo_db_path }} state=directory
|
||
|
|
tags: mongo
|
||
|
|
|
||
|
|
# DO it in two times so parent dir don't have restrictive permissions
|
||
|
|
- name: Set permissions on data dir
|
||
|
|
file: path={{ mongo_db_path }} state=directory owner=mongod group=mongod mode=700
|
||
|
|
tags: mongo
|
||
|
|
|
||
|
|
- name: Set correct SELinux label
|
||
|
|
sefcontext:
|
||
|
|
target: "{{ mongo_db_path }}"
|
||
|
|
setype: mongod_var_lib_t
|
||
|
|
state: present
|
||
|
|
when: ansible_selinux.status == 'enabled'
|
||
|
|
tags: mongo
|
||
|
|
|
||
|
|
- name: Restore SELinux contexts
|
||
|
|
command: restorecon -R {{ mongo_db_path }}
|
||
|
|
when: ansible_selinux.status == 'enabled'
|
||
|
|
changed_when: False
|
||
|
|
tags: mongo
|
||
|
|
|
||
|
|
- name: Create pre and post backup hook dir
|
||
|
|
file: path=/etc/backup/{{ item }}.d state=directory
|
||
|
|
loop:
|
||
|
|
- pre
|
||
|
|
- post
|
||
|
|
tags: mongo
|
||
|
|
|
||
|
|
- name: Deploy pre/post backup scripts
|
||
|
|
template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/mongo mode=750
|
||
|
|
loop:
|
||
|
|
- pre
|
||
|
|
- post
|
||
|
|
tags: mongo
|
||
|
|
|
||
|
|
- name: Deploy configuration
|
||
|
|
template: src=mongod.conf.j2 dest=/etc/mongod.conf
|
||
|
|
notify: restart mongod
|
||
|
|
tags: mongo
|
||
|
|
|
||
|
|
- name: Create systemd unit snippet dir
|
||
|
|
file: path=/etc/systemd/system/mongod.service.d state=directory
|
||
|
|
tags: mongo
|
||
|
|
|
||
|
|
- name: Customize systemd unit
|
||
|
|
copy:
|
||
|
|
content: |
|
||
|
|
[Service]
|
||
|
|
Type=simple
|
||
|
|
PrivateTmp=yes
|
||
|
|
PrivateDevices=yes
|
||
|
|
ProtectSystem=full
|
||
|
|
ProtectHome=yes
|
||
|
|
NoNewPrivileges=yes
|
||
|
|
SyslogIdentifier=mongod
|
||
|
|
Restart=on-failure
|
||
|
|
StartLimitInterval=0
|
||
|
|
RestartSec=30
|
||
|
|
dest: /etc/systemd/system/mongod.service.d/ansible.conf
|
||
|
|
register: mongo_unit
|
||
|
|
notify: restart mongod
|
||
|
|
tags: mongo
|
||
|
|
|
||
|
|
- name: Reload systemd
|
||
|
|
systemd: daemon_reload=True
|
||
|
|
when: mongo_unit.changed
|
||
|
|
tags: mongo
|
||
|
|
|
||
|
|
- name: Handle mongodb port
|
||
|
|
iptables_raw:
|
||
|
|
name: mongo_ports
|
||
|
|
state: "{{ (mongo_src_ip | length > 0) | ternary('present','absent') }}"
|
||
|
|
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ mongo_port }} -s {{ mongo_src_ip | join(',') }} -j ACCEPT\n"
|
||
|
|
when: iptables_manage | default(True)
|
||
|
|
tags: firewall,mongo
|
||
|
|
|
||
|
|
- name: Start and enable MongoDB daemon
|
||
|
|
service: name=mongod state=started enabled=yes
|
||
|
|
tags: mongo
|
||
|
|
|
||
|
|
...
|