parent
2dfdf66d0c
commit
c38264c49d
13 changed files with 179 additions and 97 deletions
@ -0,0 +1,40 @@ |
||||
--- |
||||
|
||||
- name: Deploy mongorc.js for the root user |
||||
template: src=mongorc.js.j2 dest=/root/.mongorc.js mode=600 |
||||
register: mongo_mongorc |
||||
tags: mongo |
||||
|
||||
- when: mongo_mongorc.changed |
||||
block: |
||||
|
||||
- name: Temporarily disable auth |
||||
template: src=mongod.conf.j2 dest=/etc/mongod.conf |
||||
vars: |
||||
- mongo_auth: False |
||||
|
||||
- name: Restart mongo |
||||
service: name=mongod state=restarted |
||||
|
||||
- name: Create the admin user |
||||
mongodb_user: |
||||
database: admin |
||||
name: "{{ mongo_admin_user }}" |
||||
password: "{{ mongo_admin_pass }}" |
||||
login_port: "{{ mongo_port }}" |
||||
roles: |
||||
- readWriteAnyDatabase |
||||
- userAdminAnyDatabase |
||||
- dbAdminAnyDatabase |
||||
tags: mongo |
||||
|
||||
tags: mongo |
||||
|
||||
- name: Deploy configuration |
||||
template: src=mongod.conf.j2 dest=/etc/mongod.conf |
||||
notify: restart mongod |
||||
tags: mongo |
||||
|
||||
- name: Deploy mongorc.js for the root user |
||||
template: src=mongorc.js.j2 dest=/root/.mongorc.js mode=600 |
||||
tags: mongo |
@ -0,0 +1,18 @@ |
||||
--- |
||||
|
||||
- include_vars: "{{ item }}" |
||||
with_first_found: |
||||
- vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml |
||||
- vars/{{ ansible_distribution }}.yml |
||||
- vars/{{ ansible_os_family }}.yml |
||||
tags: mongo |
||||
|
||||
# Create a random encryption password |
||||
- block: |
||||
- import_tasks: ../includes/get_rand_pass.yml |
||||
vars: |
||||
- pass_file: "/root/.mongo.pw" |
||||
- set_fact: mongo_admin_pass={{ rand_pass }} |
||||
when: mongo_admin_pass is not defined |
||||
tags: mongo |
||||
|
@ -0,0 +1,60 @@ |
||||
--- |
||||
|
||||
- name: Remove versions from the base repo |
||||
yum: |
||||
name: |
||||
- mongodb |
||||
- mongodb-server |
||||
state: absent |
||||
tags: mongo |
||||
|
||||
- name: Install MongoDB server and tools |
||||
yum: name={{ mongo_packages }} |
||||
tags: mongo |
||||
|
||||
# We install from pip because pymongo available in repo for both EL7 and EL8 is too old |
||||
# it doesn't support CRAM-SHA-256 for example |
||||
- name: Install pymongo |
||||
pip: name=pymongo state=latest |
||||
tags: mongo |
||||
|
||||
- name: Create data dir |
||||
file: path={{ mongo_db_path }} state=directory |
||||
tags: mongo |
||||
|
||||
# Do it in two times so parent dir don't have restrictive permissions |
||||
- name: Set permissions on data dir |
||||
file: path={{ mongo_db_path }} state=directory owner=mongod group=mongod mode=700 |
||||
tags: mongo |
||||
|
||||
- name: Deploy pre/post backup scripts |
||||
template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/mongo mode=750 |
||||
loop: |
||||
- pre |
||||
- post |
||||
tags: mongo |
||||
|
||||
- name: Create systemd unit snippet dir |
||||
file: path=/etc/systemd/system/mongod.service.d state=directory |
||||
tags: mongo |
||||
|
||||
- name: Customize systemd unit |
||||
copy: |
||||
content: | |
||||
[Service] |
||||
PrivateTmp=yes |
||||
ProtectSystem=full |
||||
ProtectHome=yes |
||||
Restart=on-failure |
||||
StartLimitInterval=0 |
||||
RestartSec=30 |
||||
dest: /etc/systemd/system/mongod.service.d/ansible.conf |
||||
register: mongo_unit |
||||
notify: restart mongod |
||||
tags: mongo |
||||
|
||||
- name: Reload systemd |
||||
systemd: daemon_reload=True |
||||
when: mongo_unit.changed |
||||
tags: mongo |
||||
|
@ -0,0 +1,9 @@ |
||||
--- |
||||
|
||||
- name: Handle mongodb port |
||||
iptables_raw: |
||||
name: mongo_ports |
||||
state: "{{ (mongo_src_ip | length > 0) | ternary('present','absent') }}" |
||||
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ mongo_port }} -s {{ mongo_src_ip | join(',') }} -j ACCEPT\n" |
||||
tags: firewall,mongo |
||||
|
@ -1,93 +1,12 @@ |
||||
--- |
||||
|
||||
- include_vars: "{{ item }}" |
||||
with_first_found: |
||||
- vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml |
||||
- vars/{{ ansible_distribution }}.yml |
||||
- vars/{{ ansible_os_family }}.yml |
||||
tags: mongo |
||||
|
||||
- name: Remove versions from the base repo |
||||
yum: |
||||
name: |
||||
- mongodb |
||||
- mongodb-server |
||||
state: absent |
||||
tags: mongo |
||||
|
||||
- name: Install MongoDB server and tools |
||||
yum: name={{ mongo_packages }} |
||||
tags: mongo |
||||
|
||||
- name: Create data dir |
||||
file: path={{ mongo_db_path }} state=directory |
||||
tags: mongo |
||||
|
||||
# Do it in two times so parent dir don't have restrictive permissions |
||||
- name: Set permissions on data dir |
||||
file: path={{ mongo_db_path }} state=directory owner=mongod group=mongod mode=700 |
||||
tags: mongo |
||||
|
||||
- name: Set correct SELinux label |
||||
sefcontext: |
||||
target: "{{ mongo_db_path }}" |
||||
setype: mongod_var_lib_t |
||||
state: present |
||||
when: ansible_selinux.status == 'enabled' |
||||
tags: mongo |
||||
|
||||
- name: Restore SELinux contexts |
||||
command: restorecon -R {{ mongo_db_path }} |
||||
- include: facts.yml |
||||
- include: install.yml |
||||
- include: selinux.yml |
||||
when: ansible_selinux.status == 'enabled' |
||||
changed_when: False |
||||
tags: mongo |
||||
|
||||
- name: Deploy pre/post backup scripts |
||||
template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/mongo mode=750 |
||||
loop: |
||||
- pre |
||||
- post |
||||
tags: mongo |
||||
|
||||
- name: Deploy configuration |
||||
template: src=mongod.conf.j2 dest=/etc/mongod.conf |
||||
notify: restart mongod |
||||
tags: mongo |
||||
|
||||
- name: Create systemd unit snippet dir |
||||
file: path=/etc/systemd/system/mongod.service.d state=directory |
||||
tags: mongo |
||||
|
||||
- name: Customize systemd unit |
||||
copy: |
||||
content: | |
||||
[Service] |
||||
PrivateTmp=yes |
||||
ProtectSystem=full |
||||
ProtectHome=yes |
||||
Restart=on-failure |
||||
StartLimitInterval=0 |
||||
RestartSec=30 |
||||
dest: /etc/systemd/system/mongod.service.d/ansible.conf |
||||
register: mongo_unit |
||||
notify: restart mongod |
||||
tags: mongo |
||||
|
||||
- name: Reload systemd |
||||
systemd: daemon_reload=True |
||||
when: mongo_unit.changed |
||||
tags: mongo |
||||
|
||||
- name: Handle mongodb port |
||||
iptables_raw: |
||||
name: mongo_ports |
||||
state: "{{ (mongo_src_ip | length > 0) | ternary('present','absent') }}" |
||||
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ mongo_port }} -s {{ mongo_src_ip | join(',') }} -j ACCEPT\n" |
||||
- include: iptables.yml |
||||
when: iptables_manage | default(True) |
||||
tags: firewall,mongo |
||||
|
||||
- name: Start and enable MongoDB daemon |
||||
service: name=mongod state=started enabled=yes |
||||
tags: mongo |
||||
- include: conf.yml |
||||
- include: services.yml |
||||
|
||||
... |
||||
|
@ -0,0 +1,14 @@ |
||||
--- |
||||
|
||||
- name: Set correct SELinux label |
||||
sefcontext: |
||||
target: "{{ mongo_db_path }}" |
||||
setype: mongod_var_lib_t |
||||
state: present |
||||
tags: mongo |
||||
|
||||
- name: Restore SELinux contexts |
||||
command: restorecon -R {{ mongo_db_path }} |
||||
changed_when: False |
||||
tags: mongo |
||||
|
@ -0,0 +1,6 @@ |
||||
--- |
||||
|
||||
- name: Start and enable MongoDB daemon |
||||
service: name=mongod state=started enabled=yes |
||||
tags: mongo |
||||
|
@ -1,7 +1,16 @@ |
||||
bind_ip = 0.0.0.0 |
||||
port = {{ mongo_port }} |
||||
pidfilepath = /var/run/mongodb/mongod.pid |
||||
unixSocketPrefix = /var/run/mongodb |
||||
dbpath = {{ mongo_db_path }} |
||||
syslog = true |
||||
fork = true |
||||
systemLog: |
||||
destination: syslog |
||||
processManagement: |
||||
fork: true |
||||
pidFilePath: /var/run/mongodb/mongod.pid |
||||
net: |
||||
port: {{ mongo_port }} |
||||
bindIp: 0.0.0.0 |
||||
bindIpAll: true |
||||
unixDomainSocket: |
||||
pathPrefix: /var/run/mongodb |
||||
security: |
||||
authorization: {{ mongo_auth | ternary('enabled','disabled') }} |
||||
storage: |
||||
dbPath: {{ mongo_db_path }} |
||||
|
||||
|
@ -0,0 +1,2 @@ |
||||
db = connect('localhost:{{ mongo_port }}/admin'); |
||||
db.auth('{{ mongo_admin_user }}', '{{ mongo_admin_pass }}'); |
@ -1,4 +1,4 @@ |
||||
#!/bin/bash -e |
||||
|
||||
mkdir -p /home/lbkp/mongo |
||||
mongodump --quiet --port {{ mongo_port }} --out /home/lbkp/mongo |
||||
mongodump --username {{ mongo_admin_user }} --password {{ mongo_admin_pass | quote }} --quiet --port {{ mongo_port }} --out /home/lbkp/mongo |
||||
|
Loading…
Reference in new issue