Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

94 lines
2.3 KiB

---
- include_vars: "{{ item }}"
with_first_found:
- vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
- vars/{{ ansible_distribution }}.yml
- vars/{{ ansible_os_family }}.yml
tags: mongo
- name: Remove versions from the base repo
yum:
name:
- mongodb
- mongodb-server
state: absent
tags: mongo
- name: Install MongoDB server and tools
yum: name={{ mongo_packages }}
tags: mongo
- name: Create data dir
file: path={{ mongo_db_path }} state=directory
tags: mongo
# Do it in two times so parent dir don't have restrictive permissions
- name: Set permissions on data dir
file: path={{ mongo_db_path }} state=directory owner=mongod group=mongod mode=700
tags: mongo
- name: Set correct SELinux label
sefcontext:
target: "{{ mongo_db_path }}"
setype: mongod_var_lib_t
state: present
when: ansible_selinux.status == 'enabled'
tags: mongo
- name: Restore SELinux contexts
command: restorecon -R {{ mongo_db_path }}
when: ansible_selinux.status == 'enabled'
changed_when: False
tags: mongo
- name: Deploy pre/post backup scripts
template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/mongo mode=750
loop:
- pre
- post
tags: mongo
- name: Deploy configuration
template: src=mongod.conf.j2 dest=/etc/mongod.conf
notify: restart mongod
tags: mongo
- name: Create systemd unit snippet dir
file: path=/etc/systemd/system/mongod.service.d state=directory
tags: mongo
- name: Customize systemd unit
copy:
content: |
[Service]
PrivateTmp=yes
ProtectSystem=full
ProtectHome=yes
Restart=on-failure
StartLimitInterval=0
RestartSec=30
dest: /etc/systemd/system/mongod.service.d/ansible.conf
register: mongo_unit
notify: restart mongod
tags: mongo
- name: Reload systemd
systemd: daemon_reload=True
when: mongo_unit.changed
tags: mongo
- name: Handle mongodb port
iptables_raw:
name: mongo_ports
state: "{{ (mongo_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ mongo_port }} -s {{ mongo_src_ip | join(',') }} -j ACCEPT\n"
when: iptables_manage | default(True)
tags: firewall,mongo
- name: Start and enable MongoDB daemon
service: name=mongod state=started enabled=yes
tags: mongo
...