Merge pull request #168 from sportsru/fix_requireSSL

UnderGreen · web-flow · commit eb1c8e682c98 · 2019-06-06T12:10:54.000-04:00
Add correct support mode requireSSL.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -31,6 +31,7 @@ mongodb_net_port: 27017                          # Specify port number
 mongodb_net_ssl: disabled                        # Enable or disable ssl connections
 mongodb_net_ssl_mode: ""                         # Set the ssl mode (RequireSSL / preferSSL / AllowSSL / disabled)
 mongodb_net_ssl_pemfile: ""                      # Location of the pemfile to use for ssl
+mongodb_net_ssl_host: ""                         # Valid ssl hostname
 
 ## processManagement Options
 # Fork server process
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,5 +1,18 @@
 ---
 
+- name: Check value of variable mongodb_net_ssl_host
+  fail:
+    msg: 'Set mongodb_net_ssl_mode is preferSSL or set valid hostname for mongodb_net_ssl_host!'
+  when: ( mongodb_net_ssl_mode == 'requireSSL'
+          and mongodb_net_ssl_host == '' )
+
+- name: Check value of variable mongodb_login_host
+  fail:
+    msg: 'Set mongodb_login_host equal mongodb_net_ssl_host!'
+  when: ( mongodb_net_ssl_mode == 'requireSSL'
+          and mongodb_net_ssl_host != mongodb_login_host
+          and not mongodb_replication_replset )
+
 - name: Include OS-specific variables
   include_vars: "{{ item }}"
   with_first_found:
@@ -32,7 +45,7 @@
 
 - name: Check where admin user already exists
   command: >
-    mongo --quiet -u {{ mongodb_user_admin_name }} \
+    mongo --quiet {{ '--ssl --host ' + mongodb_net_ssl_host if mongodb_net_ssl_mode == 'requireSSL' else '' }} -u {{ mongodb_user_admin_name }} \
           -p {{ mongodb_user_admin_password }} --port {{ mongodb_net_port }} --eval 'db.version()' admin
   register: mongodb_user_admin_check
   changed_when: false
@@ -61,6 +74,7 @@
     login_password: "{{ mongodb_user_admin_password }}"
     login_port: "{{ mongodb_login_port|default(27017) }}"
     login_host: "{{ mongodb_login_host|default('localhost') }}"
+    ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}"
   with_items:
     - "{{ mongodb_users | default([]) }}"
   when: ( mongodb_replication_replset
@@ -79,6 +93,8 @@
     login_user: "{{ mongodb_user_admin_name }}"
     login_password: "{{ mongodb_user_admin_password }}"
     login_port: "{{ mongodb_net_port }}"
+    login_host: "{{ mongodb_login_host|default('localhost') }}"
+    ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}"
   with_items:
     - "{{ mongodb_users | default([]) }}"
   when: ( mongodb_security_authorization == 'enabled'
@@ -99,6 +115,7 @@
     login_password: "{{ mongodb_user_admin_password }}"
     login_port: "{{ mongodb_login_port|default(27017) }}"
     login_host: "{{ mongodb_login_host|default('localhost') }}"
+    ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}"
   with_items:
     - "{{ mongodb_oplog_users | default([]) }}"
   when: ( mongodb_replication_replset | length > 0
diff --git a/tasks/replication.yml b/tasks/replication.yml
@@ -14,6 +14,7 @@
     hidden: "{{ item.hidden|default(false) }}"
     priority: "{{ item.priority|default(1.0) }}"
     votes: "{{ item.votes|default(omit) }}"
+    ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}"
   when: mongodb_security_authorization == 'enabled'
   with_items:
     - "{{ mongodb_replication_params|default([]) }}"
@@ -30,6 +31,7 @@
     hidden: "{{ item.hidden|default(false) }}"
     priority: "{{ item.priority|default(1.0) }}"
     votes: "{{ item.votes|default(omit) }}"
+    ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}"
   when: mongodb_security_authorization == 'disabled'
   with_items:
     - "{{ mongodb_replication_params|default([]) }}"
diff --git a/tasks/replication_init_auth.yml b/tasks/replication_init_auth.yml
@@ -13,6 +13,7 @@
     hidden: "{{ item.hidden|default(false) }}"
     priority: "{{ item.priority|default(1.0) }}"
     votes: "{{ item.votes|default(omit) }}"
+    ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}"
   with_items:
     - "{{ mongodb_replication_params|default([]) }}"
   register: mongodb_replica_init
@@ -35,6 +36,7 @@
     hidden: "{{ item.hidden|default(false) }}"
     priority: "{{ item.priority|default(1.0) }}"
     votes: "{{ item.votes|default(omit) }}"
+    ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}"
   when: mongodb_replica_init is failed
   with_items:
     - "{{ mongodb_replication_params|default([]) }}"
