|
|
|
---
|
|
|
|
|
|
|
|
- include_vars: "{{ item }}"
|
|
|
|
with_first_found:
|
|
|
|
- vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
|
|
|
|
- vars/{{ ansible_distribution }}.yml
|
|
|
|
- vars/{{ ansible_os_family }}.yml
|
|
|
|
tags: mongo
|
|
|
|
|
|
|
|
- name: Remove versions from the base repo
|
|
|
|
yum:
|
|
|
|
name:
|
|
|
|
- mongodb
|
|
|
|
- mongodb-server
|
|
|
|
state: absent
|
|
|
|
tags: mongo
|
|
|
|
|
|
|
|
- name: Install MongoDB server and tools
|
|
|
|
yum: name={{ mongo_packages }}
|
|
|
|
tags: mongo
|
|
|
|
|
|
|
|
- name: Create data dir
|
|
|
|
file: path={{ mongo_db_path }} state=directory
|
|
|
|
tags: mongo
|
|
|
|
|
|
|
|
# Do it in two times so parent dir don't have restrictive permissions
|
|
|
|
- name: Set permissions on data dir
|
|
|
|
file: path={{ mongo_db_path }} state=directory owner=mongod group=mongod mode=700
|
|
|
|
tags: mongo
|
|
|
|
|
|
|
|
- name: Set correct SELinux label
|
|
|
|
sefcontext:
|
|
|
|
target: "{{ mongo_db_path }}"
|
|
|
|
setype: mongod_var_lib_t
|
|
|
|
state: present
|
|
|
|
when: ansible_selinux.status == 'enabled'
|
|
|
|
tags: mongo
|
|
|
|
|
|
|
|
- name: Restore SELinux contexts
|
|
|
|
command: restorecon -R {{ mongo_db_path }}
|
|
|
|
when: ansible_selinux.status == 'enabled'
|
|
|
|
changed_when: False
|
|
|
|
tags: mongo
|
|
|
|
|
|
|
|
- name: Deploy pre/post backup scripts
|
|
|
|
template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/mongo mode=750
|
|
|
|
loop:
|
|
|
|
- pre
|
|
|
|
- post
|
|
|
|
tags: mongo
|
|
|
|
|
|
|
|
- name: Deploy configuration
|
|
|
|
template: src=mongod.conf.j2 dest=/etc/mongod.conf
|
|
|
|
notify: restart mongod
|
|
|
|
tags: mongo
|
|
|
|
|
|
|
|
- name: Create systemd unit snippet dir
|
|
|
|
file: path=/etc/systemd/system/mongod.service.d state=directory
|
|
|
|
tags: mongo
|
|
|
|
|
|
|
|
- name: Customize systemd unit
|
|
|
|
copy:
|
|
|
|
content: |
|
|
|
|
[Service]
|
|
|
|
PrivateTmp=yes
|
|
|
|
ProtectSystem=full
|
|
|
|
ProtectHome=yes
|
|
|
|
Restart=on-failure
|
|
|
|
StartLimitInterval=0
|
|
|
|
RestartSec=30
|
|
|
|
dest: /etc/systemd/system/mongod.service.d/ansible.conf
|
|
|
|
register: mongo_unit
|
|
|
|
notify: restart mongod
|
|
|
|
tags: mongo
|
|
|
|
|
|
|
|
- name: Reload systemd
|
|
|
|
systemd: daemon_reload=True
|
|
|
|
when: mongo_unit.changed
|
|
|
|
tags: mongo
|
|
|
|
|
|
|
|
- name: Handle mongodb port
|
|
|
|
iptables_raw:
|
|
|
|
name: mongo_ports
|
|
|
|
state: "{{ (mongo_src_ip | length > 0) | ternary('present','absent') }}"
|
|
|
|
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ mongo_port }} -s {{ mongo_src_ip | join(',') }} -j ACCEPT\n"
|
|
|
|
when: iptables_manage | default(True)
|
|
|
|
tags: firewall,mongo
|
|
|
|
|
|
|
|
- name: Start and enable MongoDB daemon
|
|
|
|
service: name=mongod state=started enabled=yes
|
|
|
|
tags: mongo
|
|
|
|
|
|
|
|
...
|