diff --git a/.github/workflows/amazonlinux2.yml b/.github/workflows/amazonlinux2.yml index ded9f530..b79ed266 100644 --- a/.github/workflows/amazonlinux2.yml +++ b/.github/workflows/amazonlinux2.yml @@ -16,6 +16,7 @@ jobs: molecule_distro: - amazonlinux2 mongodb_version: + - '5.0' - '4.4' - '4.2' - '4.0' diff --git a/.github/workflows/centos.yml b/.github/workflows/centos.yml index 90b08b43..812b20b6 100644 --- a/.github/workflows/centos.yml +++ b/.github/workflows/centos.yml @@ -13,10 +13,11 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - molecule_distro: + molecule_distro: - centos7 - centos8 mongodb_version: + - '5.0' - '4.4' - '4.2' - '4.0' diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml index a49d1a56..a755f446 100644 --- a/.github/workflows/debian.yml +++ b/.github/workflows/debian.yml @@ -17,6 +17,7 @@ jobs: - debian9 - debian10 mongodb_version: + - '5.0' - '4.4' - '4.2' - '4.0' diff --git a/.github/workflows/ubuntu.yml b/.github/workflows/ubuntu.yml index eb21daae..ae2f4d38 100644 --- a/.github/workflows/ubuntu.yml +++ b/.github/workflows/ubuntu.yml @@ -23,6 +23,8 @@ jobs: include: - molecule_distro: ubuntu2004 mongodb_version: '4.4' + - molecule_distro: ubuntu2004 + mongodb_version: '5.0' env: MONGODB_VERSION: ${{ matrix.mongodb_version }} MOLECULE_DISTRO: ${{ matrix.molecule_distro }} diff --git a/LICENSE.md b/LICENSE.md deleted file mode 100644 index d7f10513..00000000 --- a/LICENSE.md +++ /dev/null @@ -1,339 +0,0 @@ -GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Lesser General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - {description} - Copyright (C) {year} {fullname} - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -Also add information on how to contact you by electronic and paper mail. - -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: - - Gnomovision version 69, Copyright (C) year name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - {signature of Ty Coon}, 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. diff --git a/README.md b/README.md deleted file mode 100644 index ee0313fe..00000000 --- a/README.md +++ /dev/null @@ -1,240 +0,0 @@ -# Ansible role for MongoDB -![Centos](https://github.com/UnderGreen/ansible-role-mongodb/actions/workflows/centos.yml/badge.svg) ![Debian](https://github.com/UnderGreen/ansible-role-mongodb/actions/workflows/debian.yml/badge.svg) ![Ubuntu](https://github.com/UnderGreen/ansible-role-mongodb/actions/workflows/ubuntu.yml/badge.svg) ![Amazon Linux 2](https://github.com/UnderGreen/ansible-role-mongodb/actions/workflows/amazonlinux2.yml/badge.svg) - -Ansible role to install and manage [MongoDB](http://www.mongodb.org/). - -- Install and configure the MongoDB -- Configure mongodb users -- Configure authentication -- Configure replication -- Setup MMS automation agent; - -MongoDB support matrix: - -| Distribution | < MongoDB 3.4 | MongoDB 3.6 | MongoDB 4.0 | MongoDB 4.2 | MongoDB 4.4 | -| -------------- | :-----------: | :----------------: | :----------------: | :----------------: | :----------------: | -| Ubuntu 16.04 | :no_entry: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | -| Ubuntu 18.04 | :no_entry: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | -| Ubuntu 20.04 | :no_entry: | :x: | :x: | :x: | :white_check_mark: | -| Debian 9.x | :no_entry: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| Debian 10.x | :no_entry: | :x: | :x: | :white_check_mark: | :white_check_mark: | -| RHEL 7.x | :no_entry: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| RHEL 8.x | :no_entry: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| Amazon Linux 2 | :no_entry: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | - -- :white_check_mark: - fully tested -- :x: - don't have official support -- :no_entry: - MongoDB has reached EOL - -#### Variables - -```yaml -# This variable is used to set source of MongoDB installation. -# 'mongodb' - version provided by Debian-based distributions from their official package repositories. -# 'mongodb-org' - version provided by MongoDB package repository. -# 'mongodb' is not included in th role test matrix and working of it is not guarantied. -mongodb_package: mongodb-org - -# `mongodb_version` variable sets version of MongoDB. -# Should be '3.6', '4.0', '4.2' or '4.4'. This role doesn't support MongoDB < 3.6. -# I would recommend you to use the latest version of MongoDB. -mongodb_version: "4.4" - -mongodb_pymongo_from_pip: true # Install latest PyMongo via PIP or package manager -mongodb_pymongo_pip_version: 3.6.1 # Choose PyMong version to install from pip. If not set use latest -mongodb_user_update_password: "on_create" # MongoDB user password update default policy -mongodb_manage_service: true -mongodb_manage_systemd_unit: true - -# Disable transparent hugepages on systemd debian based installations -mongodb_disable_transparent_hugepages: false - -# You can enable or disable NUMA support -mongodb_use_numa: true - -mongodb_user: "{{ 'mongod' if ('RedHat' == ansible_os_family) else 'mongodb' }}" -mongodb_uid: -mongodb_gid: -mongodb_daemon_name: "{{ 'mongod' if ('mongodb-org' in mongodb_package) else 'mongodb' }}" -## net Options -mongodb_net_bindip: 127.0.0.1 # Comma separated list of ip addresses to listen on -mongodb_net_http_enabled: false # Enable http interface -mongodb_net_ipv6: false # Enable IPv6 support (disabled by default) -mongodb_net_maxconns: 65536 # Max number of simultaneous connections -mongodb_net_port: 27017 # Specify port number - -## processManagement Options -mongodb_processmanagement_fork: false # Fork server process - -## security Options -# Disable or enable security. Possible values: 'disabled', 'enabled' -mongodb_security_authorization: "disabled" -mongodb_security_keyfile: /etc/mongodb-keyfile # Specify path to keyfile with password for inter-process authentication - -## storage Options -mongodb_storage_dbpath: /data/db # Directory for datafiles -mongodb_storage_dirperdb: false # Use one directory per DB - -# The storage engine for the mongod database -mongodb_storage_engine: "wiredTiger" -# mmapv1 specific options -mongodb_storage_quota_enforced: false # Limits each database to a certain number of files -mongodb_storage_quota_maxfiles: 8 # Number of quota files per DB -mongodb_storage_smallfiles: false # Very useful for non-data nodes - -mongodb_storage_journal_enabled: true # Enable journaling -mongodb_storage_prealloc: true # Disable data file preallocation - -# WiredTiger Options -mongodb_wiredtiger_cache_size: 1 # Cache size for wiredTiger in GB - -## systemLog Options -## The destination to which MongoDB sends all log output. Specify either 'file' or 'syslog'. -## If you specify 'file', you must also specify mongodb_systemlog_path. -mongodb_systemlog_destination: "file" -mongodb_systemlog_logappend: true # Append to logpath instead of over-writing -mongodb_systemlog_path: /var/log/mongodb/{{ mongodb_daemon_name }}.log # Log file to send write to instead of stdout - -## replication Options -mongodb_replication_replset: # Enable replication [/] -mongodb_replication_replindexprefetch: "all" # specify index prefetching behavior (if secondary) [none|_id_only|all] -mongodb_replication_oplogsize: 1024 # specifies a maximum size in megabytes for the replication operation log - -## setParameter options -# Configure setParameter option. -# Example : -mongodb_set_parameters: - { - "enableLocalhostAuthBypass": "true", - "authenticationMechanisms": "SCRAM-SHA-1,MONGODB-CR", - } - -## Extend config with arbitrary values -# Example : -mongodb_config: - replication: - - "enableMajorityReadConcern: false" - -# MMS Agent -mongodb_mms_agent_pkg: https://cloud.mongodb.com/download/agent/monitoring/mongodb-mms-monitoring-agent_7.2.0.488-1_amd64.ubuntu1604.deb -mongodb_mms_group_id: "" -mongodb_mms_api_key: "" -mongodb_mms_base_url: https://mms.mongodb.com - -# Log rotation -mongodb_logrotate: true # Rotate mongodb logs. -mongodb_logrotate_options: - - compress - - copytruncate - - daily - - dateext - - rotate 7 - - size 10M - -# password for inter-process authentication -# please regenerate this file on production environment with command 'openssl rand -base64 741' -mongodb_keyfile_content: | - 8pYcxvCqoe89kcp33KuTtKVf5MoHGEFjTnudrq5BosvWRoIxLowmdjrmUpVfAivh - CHjqM6w0zVBytAxH1lW+7teMYe6eDn2S/O/1YlRRiW57bWU3zjliW3VdguJar5i9 - Z+1a8lI+0S9pWynbv9+Ao0aXFjSJYVxAm/w7DJbVRGcPhsPmExiSBDw8szfQ8PAU - 2hwRl7nqPZZMMR+uQThg/zV9rOzHJmkqZtsO4UJSilG9euLCYrzW2hdoPuCrEDhu - Vsi5+nwAgYR9dP2oWkmGN1dwRe0ixSIM2UzFgpaXZaMOG6VztmFrlVXh8oFDRGM0 - cGrFHcnGF7oUGfWnI2Cekngk64dHA2qD7WxXPbQ/svn9EfTY5aPw5lXzKA87Ds8p - KHVFUYvmA6wVsxb/riGLwc+XZlb6M9gqHn1XSpsnYRjF6UzfRcRR2WyCxLZELaqu - iKxLKB5FYqMBH7Sqg3qBCtE53vZ7T1nefq5RFzmykviYP63Uhu/A2EQatrMnaFPl - TTG5CaPjob45CBSyMrheYRWKqxdWN93BTgiTW7p0U6RB0/OCUbsVX6IG3I9N8Uqt - l8Kc+7aOmtUqFkwo8w30prIOjStMrokxNsuK9KTUiPu2cj7gwYQ574vV3hQvQPAr - hhb9ohKr0zoPQt31iTj0FDkJzPepeuzqeq8F51HB56RZKpXdRTfY8G6OaOT68cV5 - vP1O6T/okFKrl41FQ3CyYN5eRHyRTK99zTytrjoP2EbtIZ18z+bg/angRHYNzbgk - lc3jpiGzs1ZWHD0nxOmHCMhU4usEcFbV6FlOxzlwrsEhHkeiununlCsNHatiDgzp - ZWLnP/mXKV992/Jhu0Z577DHlh+3JIYx0PceB9yzACJ8MNARHF7QpBkhtuGMGZpF - T+c73exupZFxItXs1Bnhe3djgE3MKKyYvxNUIbcTJoe7nhVMrwO/7lBSpVLvC4p3 - wR700U0LDaGGQpslGtiE56SemgoP - -# names and passwords for administrative users -mongodb_user_admin_name: siteUserAdmin -mongodb_user_admin_password: passw0rd - -mongodb_root_admin_name: siteRootAdmin -mongodb_root_admin_password: passw0rd - -mongodb_root_backup_name: backupuser -mongodb_root_backup_password: passw0rd -``` - -#### Usage - -Add `undergreen.mongodb` to your roles and set vars in your playbook file. - -Example vars for authorization: - -```yaml -mongodb_security_authorization: "enabled" -mongodb_users: - - { - name: testUser, - password: passw0rd, - roles: readWrite, - database: app_development -} -``` - -Example vars for oplog user: - -```yaml -mongodb_oplog_users: - - { - user: oplog, - password: passw0rd -} -``` - -Required vars to change on production: - -```yaml -mongodb_user_admin_password -mongodb_root_admin_password -mongodb_root_backup_password - -# if you use replication and authorization -mongodb_security_keyfile -``` - -Example vars for replication: - -```yaml -# It's a 'master' node -mongodb_login_host: 192.168.56.2 - -# mongodb_replication_params should be configured on each replica set node -mongodb_replication_params: - - { - host_name: 192.168.56.2, - host_port: "{{ mongodb_net_port }}", - host_type: replica, - } - # host_type can be replica(default) and arbiter -``` - -And inventory file for replica set: - -```ini -[mongo_master] -192.158.56.2 mongodb_master=True # it is't a really master of MongoDB replica set, - # use this variable for replica set init only - # or when master is moved from initial master node - -[mongo_replicas] -192.168.56.3 -192.168.56.4 - -[mongo:children] -mongo_master -mongo_replicas -``` - -Licensed under the GPLv2 License. See the [LICENSE.md](LICENSE.md) file for details. - -#### Feedback, bug-reports, requests, ... - -Are [welcome](https://github.com/UnderGreen/ansible-role-mongodb/issues)! diff --git a/defaults/main.yml b/defaults/main.yml index d73a8ade..f735d043 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,23 +1,21 @@ --- +# defaults file for percona + +# APT cleanups +apt_repository_cleanup: + - "deb http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/3.6 multiverse" + - "deb https://repo.percona.com/percona/apt {{ ansible_distribution_release }} main" + +# Package cleanups +mongodb_package_cleanup: [mongodb, mongodb-clients, mongodb-server, mongodb-server-core, mongo-tools] + +mongodb_backup_path: "/data/db/backups/" +mongodb_backup_db: graylog -mongodb_package: mongodb-org -mongodb_package_state: present mongodb_version: "4.4" -mongodb_apt_key_from_url: false -mongodb_apt_keyserver: 'hkp://keyserver.ubuntu.com:80' -mongodb_apt_key_id: - "3.6": "2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5" - "4.0": "9DA31620334BD75D9DCB49F368818C72E52529D4" - "4.2": "E162F504A20CDF15827F718D4B7C549A058F8B6B" - "4.4": "20691eec35216c63caf66ce1656408e390cfb1f5" -mongodb_apt_key_url: - "3.6": "https://www.mongodb.org/static/pgp/server-3.6.asc" - "4.0": "https://www.mongodb.org/static/pgp/server-4.0.asc" - "4.2": "https://www.mongodb.org/static/pgp/server-4.2.asc" - "4.4": "https://www.mongodb.org/static/pgp/server-4.4.asc" mongodb_pymongo_from_pip: true # Install latest PyMongo via PIP or package manager -mongodb_pymongo_pip_version: 3.11.3 +mongodb_pymongo_pip_version: 3.12.3 mongodb_user_update_password: "on_create" # MongoDB user password update default policy mongodb_manage_service: true @@ -25,15 +23,8 @@ mongodb_manage_systemd_unit: true mongodb_systemd_unit_limit_nofile: 64000 mongodb_systemd_unit_limit_nproc: 64000 -mongodb_disable_transparent_hugepages: false - mongodb_use_numa: true -mongodb_user: "{{ 'mongod' if ('RedHat' == ansible_os_family) else 'mongodb' }}" -mongodb_uid: -mongodb_gid: -mongodb_daemon_name: "{{ 'mongod' if ('mongodb-org' in mongodb_package) else 'mongodb' }}" - ## net Options mongodb_net_bindip: 127.0.0.1 # Comma separated list of ip addresses to listen on mongodb_net_http_enabled: false # Enable http interface @@ -47,31 +38,19 @@ mongodb_net_ssl_host: "" # Valid ssl hostname ## processManagement Options # Fork server process -# Enabled by default for RedHat as the init scripts assume forking is enabled. -mongodb_processmanagement_fork: "{{ 'RedHat' == ansible_os_family }}" +# Enabled by default +mongodb_processmanagement_fork: true ## security Options # Disable or enable security. Possible values: 'disabled', 'enabled' mongodb_security_authorization: "disabled" mongodb_security_keyfile: /etc/mongodb-keyfile # Specify path to keyfile with password for inter-process authentication -mongodb_security_javascript_enabled: true # Enables or disables server-side JavaScript execution +mongodb_security_javascript_enabled: false # Enables or disables server-side JavaScript execution ## storage Options mongodb_storage_dbpath: /data/db # Directory for datafiles mongodb_storage_dirperdb: false # Use one directory per DB -# The storage engine for the mongod database -mongodb_storage_engine: "wiredTiger" -# mmapv1 specific options -mongodb_storage_quota_enforced: false # Limits each database to a certain number of files -mongodb_storage_quota_maxfiles: 8 # Number of quota files per DB -mongodb_storage_smallfiles: false # Very useful for non-data nodes - -mongodb_storage_journal_enabled: true # Enable journaling -mongodb_storage_prealloc: true # Enable data file preallocation - -mongodb_wiredtiger_directory_for_indexes: false - ## systemLog Options ## The destination to which MongoDB sends all log output. Specify either 'file' or 'syslog'. ## If you specify 'file', you must also specify mongodb_systemlog_path. @@ -88,15 +67,10 @@ mongodb_operation_profiling_mode: "off" mongodb_cloud_monitoring_free_state: "runtime" ## replication Options -mongodb_replication_replset: "" # Enable replication -mongodb_replication_replindexprefetch: "all" # specify index prefetching behavior (if secondary) [none|_id_only|all] -mongodb_replication_oplogsize: 1024 # specifies a maximum size in megabytes for the replication operation log +mongodb_replication_replset: "" # Enable replication +mongodb_replication_replindexprefetch: "all" # specify index prefetching behavior (if secondary) [none|_id_only|all] +mongodb_replication_oplogsize: 1024 # specifies a maximum size in megabytes for the replication operation log -# MMS Agent -mongodb_mms_agent_pkg: https://cloud.mongodb.com/download/agent/monitoring/mongodb-mms-monitoring-agent_7.2.0.488-1_amd64.ubuntu1604.deb -mongodb_mms_group_id: "" -mongodb_mms_api_key: "" -mongodb_mms_base_url: https://mms.mongodb.com # password for inter-process authentication # please regenerate this file on production environment with command 'openssl rand -base64 741' @@ -118,18 +92,73 @@ mongodb_keyfile_content: | T+c73exupZFxItXs1Bnhe3djgE3MKKyYvxNUIbcTJoe7nhVMrwO/7lBSpVLvC4p3 wR700U0LDaGGQpslGtiE56SemgoP -# names and passwords for administrative users -mongodb_user_admin_name: siteUserAdmin -mongodb_user_admin_password: passw0rd +# name and password for administrative user +mongodb_root_admin_name: root +mongodb_root_admin_password: -mongodb_root_admin_name: siteRootAdmin -mongodb_root_admin_password: passw0rd +# backup config +mongodb_backup_region: "us-east-1" +mongodb_backup_bucket: "glc-mongodb-backup" -mongodb_root_backup_name: backupuser -mongodb_root_backup_password: passw0rd +# collection cap size for system_messages +mongodb_system_messages_cap: "50 MB" # setParameter config mongodb_set_parameters: # custom config options mongodb_config: + +# --- Defaults for mongod.conf +mongo_net: + port: "{{ mongodb_net_port }}" + bindIp: "{{ mongodb_net_bindip }}" + ipv6: "{{ mongodb_net_ipv6 }}" + maxIncomingConnections: "{{ mongodb_net_maxconns }}" + +mongo_processmanagement: + fork: "{{ mongodb_processmanagement_fork }}" + pidFilePath: "{{ mongodb_pidfile_path }}" + +mongo_replication: + replSetName: "{{ mongodb_replication_replset }}" + oplogSizeMB: "{{ mongodb_replication_oplogsize }}" + +mongo_security: + authorization: "{{ mongodb_security_authorization }}" + keyFile: /etc/mongodb-keyfile # Specify path to keyfile with password for inter-process authentication + javascriptEnabled: false + +mongo_storage: + dbPath: "{{ mongodb_storage_dbpath }}" + directoryPerDB: "{{ mongodb_storage_dirperdb | to_nice_json }}" + journal: + enabled: true + engine: wiredTiger + wiredTiger: + engineConfig: + cacheSizeGB: 1 + checkpointSizeMB: 1000 + statisticsLogDelaySecs: 0 + journalCompressor: snappy + directoryForIndexes: false + collectionConfig: + blockCompressor: snappy + indexConfig: + prefixCompression: true + +mongo_systemlog: + destination: "{{ mongodb_systemlog_destination }}" + logAppend: "{{ mongodb_systemlog_logappend }}" + logRotate: "{{ mongodb_systemlog_logrotate }}" + path: "{{ mongodb_systemlog_path }}" + +mongo_operationprofiling: + slowOpThresholdMs: "{{ mongodb_operation_profiling_slow_op_threshold_ms }}" + mode: "{{ mongodb_operation_profiling_mode }}" + +mongo_auditlog: + destination: "{{ mongodb_auditlog_destination }}" + format: "{{ mongodb_auditlog_format }}" + path: "{{ mongodb_auditlog_path }}" + filter: "{{ mongodb_auditlog_filter }}" diff --git a/files/Gemfile b/files/Gemfile new file mode 100644 index 00000000..8e3541cb --- /dev/null +++ b/files/Gemfile @@ -0,0 +1,4 @@ +source "https://rubygems.org" + +gem 'dry-inflector', '~> 0.2.0' +gem 'backup', '~> 5.0.0.beta.2' diff --git a/handlers/main.yml b/handlers/main.yml index 04ae13c3..8d0ff40b 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,42 +1,25 @@ --- +# handlers file for percona - name: reload systemd - systemd: - daemon_reload: yes - -- name: run disable-transparent-hugepages - systemd: - name: disable-transparent-hugepages - enabled: true - state: started - daemon_reload: yes + ansible.builtin.systemd: + daemon_reload: true - name: mongodb restart - service: + ansible.builtin.service: name: "{{ mongodb_daemon_name }}" state: restarted when: mongodb_manage_service | bool -- name: mongodb-mms-monitoring-agent restart - service: - name: mongodb-mms-monitoring-agent - state: restarted - when: mongodb_manage_service | bool - -- name: restart sysfsutils - service: - name: sysfsutils - state: restarted - -- name: wait when mongodb is started - wait_for: +- name: wait for mongodb to be started + ansible.builtin.wait_for: host: "{{ item }}" port: "{{ mongodb_net_port }}" timeout: 120 with_items: "{{ mongodb_net_bindip.split(',') | map('replace', '0.0.0.0', '127.0.0.1') | list }}" -- name: wait when mongodb is started on localhost - wait_for: +- name: wait for mongodb to be reachable on localhost + ansible.builtin.wait_for: host: "127.0.0.1" port: "{{ mongodb_net_port }}" delay: 5 diff --git a/molecule/cluster/molecule.yml b/molecule/cluster/molecule.yml deleted file mode 100644 index e8f41b3b..00000000 --- a/molecule/cluster/molecule.yml +++ /dev/null @@ -1,75 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: | - set -e - yamllint . - ansible-lint . - flake8 library --ignore=E501,E402 -platforms: - - name: mongo1 - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true - groups: - - mongo_master - - name: mongo2 - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true - groups: - - mongo_replicas - - name: mongo3 - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true - groups: - - mongo_replicas -provisioner: - name: ansible - config_options: - defaults: - pipelining: true - log: true - playbooks: - converge: ${MOLECULE_PLAYBOOK:-../default/converge.yml} - prepare: ${MOLECULE_PLAYBOOK:-../default/prepare.yml} - env: - MONGODB_VERSION: ${MONGODB_VERSION:-4.4} - MONGODB_PACKAGE: ${MONGODB_PACKAGE:-mongodb-org} - AUTH_STATE: ${AUTH_STATE:-disabled} - REPLICASET: ${REPLICASET:-testrs} - inventory: - host_vars: - mongo1: - ansible_python_interpreter: auto_silent - mongodb_master: true - mongodb_replication_params: - - host_name: "{{ hostvars[inventory_hostname].ansible_default_ipv4.address }}" - mongo2: - ansible_python_interpreter: auto_silent - mongodb_replication_params: - - host_name: "{{ hostvars[inventory_hostname].ansible_default_ipv4.address }}" - mongo3: - ansible_python_interpreter: auto_silent - mongodb_net_port: 30000 - mongodb_storage_journal_enabled: "{{ mongodb_major_version is version('4.0', '>=') }}" - mongodb_storage_smallfiles: true - mongodb_storage_prealloc: false - mongodb_replication_params: - - host_name: "{{ hostvars[inventory_hostname].ansible_default_ipv4.address }}" - host_port: "{{ mongodb_net_port }}" - host_type: arbiter -verifier: - name: ansible diff --git a/molecule/cluster/verify.yml b/molecule/cluster/verify.yml deleted file mode 100644 index 79044cd0..00000000 --- a/molecule/cluster/verify.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Verify - hosts: all - gather_facts: false - tasks: - - name: Example assertion - assert: - that: true diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml deleted file mode 100644 index 8427bc74..00000000 --- a/molecule/default/converge.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Converge - hosts: all - tasks: - - name: "Include ansible-role-mongodb" - include_role: - name: "ansible-role-mongodb" - vars: - mongodb_package: "{{ lookup('env','MONGODB_PACKAGE') }}" - mongodb_version: "{{ lookup('env','MONGODB_VERSION') }}" - mongodb_security_authorization: "{{ lookup('env', 'AUTH_STATE') }}" - mongodb_replication_replset: "{{ lookup('env', 'REPLICASET') }}" - mongodb_storage_dbpath: /var/lib/mongodb - mongodb_net_bindip: 0.0.0.0 - mongodb_login_host: "{{ hostvars[groups['mongo_master'][0]].ansible_default_ipv4.address }}" - - mongodb_users: - - { - name: testUser, - password: passw0rd, - roles: readWrite, - database: admin - } diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml deleted file mode 100644 index 6365d0f2..00000000 --- a/molecule/default/molecule.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: | - set -e - yamllint . - ansible-lint . - flake8 library --ignore=E501,E402 -platforms: - - name: mongo1 - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true - groups: - - mongo_master -provisioner: - name: ansible - config_options: - defaults: - pipelining: true - log: true - playbooks: - converge: ${MOLECULE_PLAYBOOK:-converge.yml} - prepare: ${MOLECULE_PLAYBOOK:-prepare.yml} - env: - MONGODB_VERSION: ${MONGODB_VERSION:-4.4} - MONGODB_PACKAGE: ${MONGODB_PACKAGE:-mongodb-org} - AUTH_STATE: ${AUTH_STATE:-disabled} - inventory: - host_vars: - mongo1: - ansible_python_interpreter: auto_silent - mongodb_net_bindip: "{{ hostvars[inventory_hostname].ansible_default_ipv4.address }},127.0.0.1" - mongodb_master: true - mongodb_replication_params: - - host_name: "{{ hostvars[inventory_hostname].ansible_default_ipv4.address }}" -verifier: - name: ansible diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml deleted file mode 100644 index cb516596..00000000 --- a/molecule/default/prepare.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- hosts: all - remote_user: root - become: yes - tasks: - - name: Install prerequisite packages for molecule testing on Debian or Ubuntu >= 18 - apt: - update_cache: true - name: - - gpg - - dirmngr - when: (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | int >= 18) or ansible_distribution == 'Debian' diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml deleted file mode 100644 index 79044cd0..00000000 --- a/molecule/default/verify.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Verify - hosts: all - gather_facts: false - tasks: - - name: Example assertion - assert: - that: true diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index e523b868..00000000 --- a/requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -ansible >= 2.9, < 2.10 -molecule >= 3.2, < 3.3 -molecule-docker >= 0.2, < 0.3 -ansible-lint >=5.0, < 5.1 -yamllint >= 1.26, < 1.27 -flake8 >= 3.9, < 3.10 diff --git a/tasks/assert.yml b/tasks/assert.yml new file mode 100644 index 00000000..1316c246 --- /dev/null +++ b/tasks/assert.yml @@ -0,0 +1,44 @@ +--- +# tasks file for assertions + +- name: Cluster | Assertions and Facts + block: + - name: Assert | Set fact for amount of hosts + ansible.builtin.set_fact: + host_count: "{{ ansible_play_hosts | length }}" + + - name: Assert | That uneven amount of hosts are set + ansible.builtin.assert: + that: "{{ host_count | int % 2 != 0 }}" + msg: "Uneven amount of hosts must be set" + + # verify cluster health, if ok, continue + - name: Cluster | Check if hosts are in clustered state + ansible.builtin.shell: >- + mongo --port {{ mongo_net.port }} --quiet --eval 'db.isMaster().hosts' + register: check_cluster + changed_when: false + + - name: Cluster | Set fact + ansible.builtin.set_fact: + check_cluster: "{{ check_cluster.stdout }}" + + - name: Cluster | Create dict of cluster check + ansible.builtin.set_fact: + all_cluster_check: "{{ dict(keys|zip(values)) }}" + vars: + keys: "{{ ansible_play_hosts }}" + values: "{{ ansible_play_hosts | + map('extract', hostvars, ['check_cluster']) + | list }}" + + - name: Cluster | Set number of hosts in cluster + ansible.builtin.set_fact: + hosts_in_cluster: "{{ all_cluster_check.values() | list | length }}" + + - name: Assert | That amount of hosts matches the amount of hosts are in clustered state + ansible.builtin.assert: + that: host_count == hosts_in_cluster + msg: "Amount of hosts don't match the amount of hosts in clustered state" + + run_once: true diff --git a/tasks/auth_initialization.yml b/tasks/auth_initialization.yml index d5a4dbda..c3d5c4a5 100644 --- a/tasks/auth_initialization.yml +++ b/tasks/auth_initialization.yml @@ -1,6 +1,8 @@ --- +# tasks file for replica auth initialization + - name: Use different mongod.conf for auth initialization - template: + ansible.builtin.template: src: mongod_init.conf.j2 dest: /etc/mongod.conf owner: root @@ -8,47 +10,13 @@ mode: 0644 notify: - mongodb restart - - wait when mongodb is started on localhost + - wait for mongodb to be started - name: Flush all handlers at this point - meta: flush_handlers - -- name: create administrative user "{{ mongodb_user_admin_name }}" - mongodb_user: - database: admin - name: "{{ item.name }}" - password: "{{ item.password }}" - update_password: "{{ mongodb_user_update_password }}" - roles: "{{ item.roles }}" - login_host: "{{ mongodb_net_bindip.split(',') | map('replace', '0.0.0.0', '127.0.0.1') | list | first }}" - login_port: "{{ mongodb_net_port | int }}" - with_items: - - { - name: "{{ mongodb_user_admin_name }}", - password: "{{ mongodb_user_admin_password }}", - roles: "userAdminAnyDatabase" - } - no_log: true - -- name: create administrative user "{{ mongodb_root_admin_name }}" - mongodb_user: - database: admin - name: "{{ item.name }}" - password: "{{ item.password }}" - update_password: "{{ mongodb_user_update_password }}" - roles: "{{ item.roles }}" - login_host: "{{ mongodb_net_bindip.split(',') | map('replace', '0.0.0.0', '127.0.0.1') | list | first }}" - login_port: "{{ mongodb_net_port | int }}" - with_items: - - { - name: "{{ mongodb_root_admin_name }}", - password: "{{ mongodb_root_admin_password }}", - roles: "root" - } - no_log: true + ansible.builtin.meta: flush_handlers -- name: create backup user "{{ mongodb_root_backup_name }}" - mongodb_user: +- name: create administrative user {{ mongodb_root_admin_name }} + community.mongodb.mongodb_user: database: admin name: "{{ item.name }}" password: "{{ item.password }}" @@ -57,15 +25,11 @@ login_host: "{{ mongodb_net_bindip.split(',') | map('replace', '0.0.0.0', '127.0.0.1') | list | first }}" login_port: "{{ mongodb_net_port | int }}" with_items: - - { - name: "{{ mongodb_root_backup_name }}", - password: "{{ mongodb_root_backup_password }}", - roles: "backup,clusterMonitor" - } + - {name: "{{ mongodb_root_admin_name }}", password: "{{ mongodb_root_admin_password }}", roles: "root"} no_log: true - name: Move back mongod.conf - template: + ansible.builtin.template: src: mongod.conf.j2 dest: /etc/mongod.conf owner: root @@ -73,7 +37,7 @@ mode: 0644 notify: - mongodb restart - - wait when mongodb is started + - wait for mongodb to be started - name: Flush all handlers at this point - meta: flush_handlers + ansible.builtin.meta: flush_handlers diff --git a/tasks/cap_system_messages_collection.yml b/tasks/cap_system_messages_collection.yml new file mode 100644 index 00000000..4fe2171c --- /dev/null +++ b/tasks/cap_system_messages_collection.yml @@ -0,0 +1,12 @@ +--- +# This is a workaroung until a permanent fix is implemented into graylog-cloud. +# see https://github.com/Graylog2/graylog-cloud/issues/2341 for more details. + +- name: cap system_messages collection to {{ mongodb_system_messages_cap }} + community.mongodb.mongodb_shell: + login_host: "{{ mongodb_login_host|default('localhost') }}" + login_port: "{{ mongodb_net_port|default(27017) }}" + login_user: "{{ mongodb_root_admin_name }}" + login_password: "{{ mongodb_root_admin_password }}" + eval: "db.runCommand({'convertToCapped': 'system_messages', size: {{ mongodb_system_messages_cap | human_to_bytes }} })" + db: graylog diff --git a/tasks/check_cluster_health.yml b/tasks/check_cluster_health.yml new file mode 100644 index 00000000..b57f47d7 --- /dev/null +++ b/tasks/check_cluster_health.yml @@ -0,0 +1,16 @@ +--- +# wait until cluster health is ok + +- name: Replica | Wait until cluster health is ok + community.mongodb.mongodb_status: + login_host: localhost + login_port: "{{ mongo_net.port }}" + login_user: "{{ mongodb_root_admin_name }}" + login_password: "{{ mongodb_root_admin_password }}" + validate: default + poll: 5 + interval: 12 + replica_set: "{{ mongo_replication.replSetName }}" + run_once: true + register: replica_status + ignore_errors: true # This will fail in mongo version 3.6 as the Ansible modules are not supported diff --git a/tasks/cleanup-apt-packages.yml b/tasks/cleanup-apt-packages.yml new file mode 100644 index 00000000..22dda2df --- /dev/null +++ b/tasks/cleanup-apt-packages.yml @@ -0,0 +1,18 @@ +--- +# tasks file for cleanup + +- name: Remove old APT repository + ansible.builtin.apt_repository: + repo: "{{ item }}" + state: absent + loop: "{{ apt_repository_cleanup|flatten(levels=1) }}" + when: apt_repository_cleanup | length > 0 + tags: ['packages'] + +- name: Remove unused packages + ansible.builtin.apt: + name: "{{ mongodb_package_cleanup }}" + state: absent + purge: true + when: mongodb_package_cleanup is defined + tags: ['packages'] diff --git a/tasks/configure.yml b/tasks/configure.yml index ce06b8d2..99ce96b6 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -1,11 +1,13 @@ --- +# tasks file for config + - name: create mongodb group - group: + ansible.builtin.group: name: "{{ mongodb_user }}" state: present - name: create mongodb user - user: + ansible.builtin.user: name: "{{ mongodb_user }}" group: "{{ mongodb_user }}" state: present @@ -13,14 +15,14 @@ # Workaround because default(omit) is not working. At least in Ansible 2.8. - name: set mongodb gid - group: + ansible.builtin.group: name: "{{ mongodb_user }}" gid: "{{ mongodb_gid }}" state: present when: mongodb_gid is defined - name: set mongodb uid - user: + ansible.builtin.user: name: "{{ mongodb_user }}" uid: "{{ mongodb_uid }}" group: "{{ mongodb_user }}" @@ -28,16 +30,16 @@ when: mongodb_uid is defined - name: Create keyFile - copy: + ansible.builtin.copy: dest: "{{ mongodb_security_keyfile }}" - content: "{{ mongodb_keyfile_content }}" + content: "{{ mongodb_keyfile_content | join('\n') }}" owner: "{{ mongodb_user }}" - group: "root" + group: root mode: 0600 when: mongodb_replication_replset | length > 0 - name: Create log dir if missing - file: + ansible.builtin.file: state: directory dest: "{{ mongodb_systemlog_path|dirname }}" owner: "{{ mongodb_user }}" @@ -46,12 +48,12 @@ when: mongodb_systemlog_destination == "file" - name: Check than logfile exists - stat: path={{ mongodb_systemlog_path }} + ansible.builtin.stat: path={{ mongodb_systemlog_path }} register: logfile_stat when: mongodb_systemlog_destination == "file" - name: Create log if missing - file: + ansible.builtin.file: state: touch dest: "{{ mongodb_systemlog_path }}" owner: "{{ mongodb_user }}" @@ -62,7 +64,7 @@ and not logfile_stat.stat.exists ) - name: Ensure dbpath directory - file: + ansible.builtin.file: path: "{{ mongodb_storage_dbpath }}" state: directory owner: "{{ mongodb_user }}" @@ -71,8 +73,16 @@ recurse: true follow: true +- name: Configure logrotation + ansible.builtin.template: + src: mongod.logrotate.j2 + dest: /etc/logrotate.d/mongod + owner: root + group: root + mode: u=rw,g=r,o=r + - name: Configure mongodb - template: + ansible.builtin.template: src: mongod.conf.j2 dest: /etc/mongod.conf backup: true @@ -81,7 +91,7 @@ mode: 0644 notify: - mongodb restart - - wait when mongodb is started + - wait for mongodb to be started - name: Flush all handlers at this point - meta: flush_handlers + ansible.builtin.meta: flush_handlers diff --git a/tasks/disable_transparent_hugepages.yml b/tasks/disable_transparent_hugepages.yml deleted file mode 100644 index df3ce2a0..00000000 --- a/tasks/disable_transparent_hugepages.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Create disable transparent hugepages systemd service file - template: - src: "{{ item }}" - dest: /etc/systemd/system/disable-transparent-hugepages.service - owner: root - group: root - mode: 0644 - with_first_found: - - "disable-transparent-hugepages.{{ ansible_distribution | lower }}.service.j2" - - "disable-transparent-hugepages.{{ ansible_os_family | lower }}.service.j2" - notify: "run disable-transparent-hugepages" - when: - - ansible_service_mgr == "systemd" - - mongodb_disable_transparent_hugepages | bool diff --git a/tasks/facts.yml b/tasks/facts.yml new file mode 100644 index 00000000..d06904b2 --- /dev/null +++ b/tasks/facts.yml @@ -0,0 +1,41 @@ +--- +# facts file for percona + +- ansible.builtin.set_fact: + mongodb_keyfile_content: "{{ customer.mongodb_keyfile_content | join('\n') }}" + when: customer.mongodb_keyfile_content is defined + no_log: true + +- ansible.builtin.set_fact: + mongodb_root_admin_name: "{{ customer.mongodb_root_admin_name }}" + when: customer.mongodb_root_admin_name is defined + +- ansible.builtin.set_fact: + mongodb_root_admin_password: "{{ customer.mongodb_root_admin_password }}" + when: customer.mongodb_root_admin_password is defined + no_log: true + +- ansible.builtin.set_fact: + mongodb_backup_encryption_password: "{{ customer.mongodb_backup_encryption_password }}" + when: customer.mongodb_backup_encryption_password is defined + no_log: true + +- ansible.builtin.set_fact: + mongodb_users: + - {name: "{{ customer.mongodb_graylog_user }}", password: "{{ customer.mongodb_graylog_password }}", roles: readWrite, database: graylog} + - name: "{{ customer.mongodb_prometheus_exporter_user }}" + password: "{{ customer.mongodb_prometheus_exporter_password }}" + roles: [clusterMonitor, {db: graylog, role: read}] + database: admin + when: customer.mongodb_graylog_user is defined and customer.mongodb_graylog_password is defined + and customer.mongodb_prometheus_exporter_user is defined and customer.mongodb_prometheus_exporter_password is defined + no_log: true + +- name: Establish some role-related facts + ansible.builtin.set_fact: + mongodb_major_version: "{{ mongodb_version[0:3] | string }}" + +- name: Fail when used wrong mongodb_version variable + ansible.builtin.fail: + msg: "mongodb_version variable should be '4.0', '4.2', '4.4' or '5.0'" + when: (mongodb_version is not defined or mongodb_repository[mongodb_major_version] is not defined) diff --git a/tasks/failsafe.yml b/tasks/failsafe.yml new file mode 100644 index 00000000..f894b509 --- /dev/null +++ b/tasks/failsafe.yml @@ -0,0 +1,30 @@ +--- +# failsafe file for percona + +# playbook `percona-install.yml` should run only +# * If MongoDB is NOT installed on server -> mongo_check.rc == 1 +# * If MongoDB is installed on server. The installed major version must be the same as configured. +# We don't allow upgrades with this playbook -> mongo_check.rc == 0 and additional checks + +- name: Check if mongo client is already installed + ansible.builtin.command: /usr/bin/mongo --version + register: mongo_check + failed_when: false + changed_when: false + +- name: MongoDB is already installed + block: + - name: Register MongoDB version from the client + ansible.builtin.command: /usr/bin/mongo --quiet --eval 'db.version()' + register: mongo_version_check + + - name: Establish MongoDB version from the client + ansible.builtin.set_fact: + mongodb_version_from_check: "{{ mongo_version_check.stdout[0:3] | string }}" + + - name: Fail when installed major version is different from the one passed to the playbook + ansible.builtin.fail: + msg: "variable `mongodb_version` '{{ mongodb_version }}' differs from the version installed on server '{{ mongodb_version_from_check }}'" + when: (mongodb_version is not defined or mongodb_version != mongodb_version_from_check) + + when: mongo_check.rc == 0 diff --git a/tasks/install-numa.yml b/tasks/install-numa.yml new file mode 100644 index 00000000..af18add6 --- /dev/null +++ b/tasks/install-numa.yml @@ -0,0 +1,21 @@ +--- +# tasks file for installing numa + +- name: Check if NUMA is available on host + ansible.builtin.command: "ls -1 /proc/1/numa_maps" + register: numa_available + ignore_errors: true + changed_when: false + check_mode: false + when: mongodb_use_numa | bool + +- name: Don't use NUMA if it is unavailable on host + ansible.builtin.set_fact: + mongodb_use_numa: false + when: (mongodb_use_numa | bool and numa_available.rc != 0) + +- name: Install numactl package + ansible.builtin.apt: + name: numactl + state: present + when: mongodb_use_numa | bool diff --git a/tasks/install-pymongo.yml b/tasks/install-pymongo.yml new file mode 100644 index 00000000..fc94452e --- /dev/null +++ b/tasks/install-pymongo.yml @@ -0,0 +1,26 @@ +--- +# tasks file for installing pymongo + +- name: Install PyMongo package + ansible.builtin.apt: + name: "{{ mongodb_pymongo_package }}" + when: not mongodb_pymongo_from_pip + +- name: Install PIP + ansible.builtin.apt: + pkg: "{{ mongodb_pymongo_deps }}" + when: mongodb_pymongo_from_pip | bool + + # TODO: check if it is still needed for Debian/Ubuntu +- name: Install setuptools (required for ansible 2.7+) + ansible.builtin.apt: + pkg: "{{ mongodb_python_setuptools }}" + when: mongodb_pymongo_from_pip | bool + +- name: Install PyMongo from PIP + ansible.builtin.pip: + name: pymongo + state: "{{ mongodb_pymongo_pip_version is defined | ternary('present', 'latest') }}" + version: "{{ mongodb_pymongo_pip_version | default(omit) }}" + executable: "{{ mongodb_pip_executable }}" + when: mongodb_pymongo_from_pip | bool diff --git a/tasks/install.amazon.yml b/tasks/install.amazon.yml deleted file mode 100644 index b3ef84d2..00000000 --- a/tasks/install.amazon.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -- name: Establish some role-related facts - set_fact: - mongodb_major_version: "{{ mongodb_version[0:3] | string }}" - -- name: Add YUM repository - template: - src: mongodb.repo.j2 - dest: /etc/yum.repos.d/mongodb.repo - mode: 0644 - with_items: "{{ mongodb_major_version }}" - loop_control: - loop_var: version_item - when: mongodb_package == 'mongodb-org' - -- name: Install MongoDB package - yum: - name: "{{ mongodb_package }}{% if (mongodb_version | length > 3) %}-{{ mongodb_version }}{% endif %}" - state: "{{ mongodb_package_state }}" - lock_timeout: "{{ yum_lock_timeout }}" - -- name: Install numactl package - yum: - name: numactl - state: present - lock_timeout: "{{ yum_lock_timeout }}" - when: mongodb_use_numa | bool - -- name: Install PyMongo package - yum: - name: "{{ mongodb_pymongo_package }}" - state: present - lock_timeout: "{{ yum_lock_timeout }}" - when: not mongodb_pymongo_from_pip - -- name: Install PIP - yum: - name: "{{ mongodb_pymongo_deps }}" - lock_timeout: "{{ yum_lock_timeout }}" - when: mongodb_pymongo_from_pip - -- name: Install PyMongo from PIP - pip: - name: pymongo - state: "{{ mongodb_pymongo_pip_version is defined | ternary('present', 'latest') }}" - version: "{{ mongodb_pymongo_pip_version | default(omit) }}" - executable: "{{ mongodb_pip_executable }}" - when: mongodb_pymongo_from_pip diff --git a/tasks/install.debian.yml b/tasks/install.debian.yml deleted file mode 100644 index 6f578774..00000000 --- a/tasks/install.debian.yml +++ /dev/null @@ -1,115 +0,0 @@ ---- -- name: Establish some role-related facts - set_fact: - mongodb_major_version: "{{ mongodb_version[0:3] | string }}" - -- name: Disable transparent huge pages on systemd systems - include_tasks: disable_transparent_hugepages.yml - when: - - mongodb_disable_transparent_hugepages | bool - - ansible_service_mgr == "systemd" - -- name: Add APT key - apt_key: - keyserver: "{{ mongodb_apt_keyserver if not mongodb_apt_key_from_url|bool else omit }}" - url: "{{ mongodb_apt_key_url[mongodb_major_version] if mongodb_apt_key_from_url|bool else omit }}" - id: "{{ mongodb_apt_key_id[mongodb_major_version] }}" - when: mongodb_package == 'mongodb-org' - -- name: Fail when used wrong mongodb_version variable - fail: - msg: "mongodb_version variable should be '3.6' or '4.0', '4.2' or '4.4'" - when: (mongodb_package == 'mongodb-org' and - (mongodb_version is not defined - or mongodb_repository[mongodb_major_version] is not defined)) - -- name: Add APT repository - apt_repository: - repo: "{{ mongodb_repository[version_item] }}" - update_cache: true - with_items: "{{ mongodb_major_version }}" - loop_control: - loop_var: version_item - when: mongodb_package == 'mongodb-org' - -- name: Install MongoDB package - apt: - name: "{{ mongodb_package }}{% if (mongodb_version | length > 3) %}={{ mongodb_version }}{% endif %}" - state: "{{ mongodb_package_state }}" - update_cache: true - -- name: Check if NUMA is available on host - command: "ls -1 /proc/1/numa_maps" - register: numa_available - ignore_errors: true - changed_when: false - check_mode: no - when: mongodb_use_numa | bool - -- name: Don't use NUMA if it is unavailable on host - set_fact: - mongodb_use_numa: false - when: (mongodb_use_numa | bool and numa_available.rc != 0) - -- name: Install numactl package - apt: - name: numactl - state: present - when: mongodb_use_numa | bool - -- name: Add systemd configuration if present - template: - src: mongodb.service.j2 - dest: "/lib/systemd/system/{{ mongodb_daemon_name }}.service" - owner: root - group: root - mode: '0644' - when: - - ansible_service_mgr == "systemd" - - mongodb_manage_systemd_unit | bool - notify: - - reload systemd - -- name: Add symlink for systemd - file: - src: "/lib/systemd/system/{{ mongodb_daemon_name }}.service" - dest: "/etc/systemd/system/multi-user.target.wants/{{ mongodb_daemon_name }}.service" - state: link - when: - - ansible_service_mgr == "systemd" - - mongodb_manage_systemd_unit | bool - notify: - - reload systemd - - # Workaround for the idempotence issue on Debian 10 with pip module -- name: Forcefully set mongodb_pymongo_from_pip to false on Debian 10 - set_fact: - mongodb_pymongo_from_pip: false - when: - - ansible_distribution == 'Debian' - - ansible_distribution_release == 'buster' - -- name: Install PyMongo package - apt: - name: "{{ mongodb_pymongo_package }}" - when: not mongodb_pymongo_from_pip - -- name: Install PIP - apt: - pkg: "{{ mongodb_pymongo_deps }}" - when: mongodb_pymongo_from_pip | bool - - # TODO: check if it is still needed for Debian/Ubuntu -- name: Install setuptools (required for ansible 2.7+) - apt: - pkg: "{{ mongodb_python_setuptools }}" - when: mongodb_pymongo_from_pip | bool - -- name: Install PyMongo from PIP - pip: - name: - - pymongo - state: "{{ mongodb_pymongo_pip_version is defined | ternary('present', 'latest') }}" - version: "{{ mongodb_pymongo_pip_version | default(omit) }}" - executable: "{{ mongodb_pip_executable }}" - when: mongodb_pymongo_from_pip | bool diff --git a/tasks/install.redhat.yml b/tasks/install.redhat.yml deleted file mode 100644 index 99fa4b3b..00000000 --- a/tasks/install.redhat.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- - -- name: Establish some role-related facts - set_fact: - mongodb_major_version: "{{ mongodb_version[0:3] | string }}" - -- name: Install EPEL release repository - package: - name: epel-release - state: present - -- name: Add YUM repository - template: - src: mongodb.repo.j2 - dest: /etc/yum.repos.d/mongodb.repo - mode: 0644 - with_items: "{{ mongodb_major_version }}" - loop_control: - loop_var: version_item - when: mongodb_package == 'mongodb-org' - -- name: Install MongoDB package - yum: - name: "{{ mongodb_package }}{% if (mongodb_version | length > 3) %}-{{ mongodb_version }}{% endif %}" - state: "{{ mongodb_package_state }}" - lock_timeout: "{{ yum_lock_timeout }}" - -- name: Install numactl package - yum: - name: numactl - state: present - lock_timeout: "{{ yum_lock_timeout }}" - when: mongodb_use_numa | bool - -- name: Install PyMongo package - yum: - name: "{{ mongodb_pymongo_package }}" - state: present - lock_timeout: "{{ yum_lock_timeout }}" - when: not mongodb_pymongo_from_pip - -- name: Install PIP - yum: - name: "{{ mongodb_pymongo_deps }}" - lock_timeout: "{{ yum_lock_timeout }}" - when: mongodb_pymongo_from_pip | bool - -- name: Install PyMongo from PIP - pip: - name: pymongo - state: "{{ mongodb_pymongo_pip_version is defined | ternary('present', 'latest') }}" - version: "{{ mongodb_pymongo_pip_version | default(omit) }}" - executable: "{{ mongodb_pip_executable }}" - when: mongodb_pymongo_from_pip | bool diff --git a/tasks/install.yml b/tasks/install.yml new file mode 100644 index 00000000..87939842 --- /dev/null +++ b/tasks/install.yml @@ -0,0 +1,62 @@ +--- +# tasks file for install + +- import_tasks: cleanup-apt-packages.yml + tags: [always] + +- import_tasks: percona-release-package.yml + tags: [always] + +- import_tasks: install-pymongo.yml + tags: [always] + +- import_tasks: install-numa.yml + tags: [always] + +- name: Set Percona version via percona-release command + ansible.builtin.command: "percona-release enable {{ mongodb_repository[mongodb_major_version] }}" + +- name: Install Percona (MongoDB fork) package + ansible.builtin.apt: + name: percona-server-mongodb + state: latest + update_cache: true + ignore_errors: true # This will fail first time as the apt installs default config and try to start the service + +- name: Add systemd configuration if present + ansible.builtin.template: + src: mongodb.service.j2 + dest: "/lib/systemd/system/{{ mongodb_daemon_name }}.service" + owner: root + group: root + mode: "0644" + when: + - ansible_service_mgr == "systemd" + - mongodb_manage_systemd_unit | bool + notify: + - reload systemd + +- name: Add symlink for systemd + ansible.builtin.file: + src: "/lib/systemd/system/{{ mongodb_daemon_name }}.service" + dest: "/etc/systemd/system/multi-user.target.wants/{{ mongodb_daemon_name }}.service" + state: link + when: + - ansible_service_mgr == "systemd" + - mongodb_manage_systemd_unit | bool + notify: + - reload systemd + +# percona-server-mongodb-helper.sh +- name: Place percona-server-helper shell script + ansible.builtin.template: + src: percona-server-mongodb-helper.sh.j2 + dest: /usr/bin/percona-server-mongodb-helper.sh + owner: root + group: root + mode: "0751" + when: + - ansible_service_mgr == "systemd" + - mongodb_manage_systemd_unit | bool + notify: + - reload systemd diff --git a/tasks/main.yml b/tasks/main.yml index 9659be9d..42993108 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,55 +1,61 @@ --- +# tasks file for main + +- import_tasks: facts.yml + tags: [always] - name: Check value of variable mongodb_net_ssl_host - fail: + ansible.builtin.fail: msg: 'Set mongodb_net_ssl_mode is preferSSL or set valid hostname for mongodb_net_ssl_host!' when: ( mongodb_net_ssl_mode == 'requireSSL' and mongodb_net_ssl_host|length == 0 ) - name: Check value of variable mongodb_login_host - fail: + ansible.builtin.fail: msg: 'Set mongodb_login_host equal mongodb_net_ssl_host!' when: ( mongodb_net_ssl_mode == 'requireSSL' and mongodb_net_ssl_host != mongodb_login_host and not mongodb_replication_replset ) -- name: Include OS-specific variables - include_vars: "{{ item }}" - with_first_found: - - "{{ ansible_distribution_release }}.yml" - - "{{ ansible_distribution }}.yml" - - "{{ ansible_os_family }}.yml" +- name: Include failsafe.yml + import_tasks: failsafe.yml + tags: [mongodb] -- name: Include installation tasks - include: "{{ item }}" - with_first_found: - - "install.{{ ansible_distribution | lower }}.yml" - - "install.{{ ansible_os_family | lower }}.yml" +- name: Include installation.yml + import_tasks: install.yml tags: [mongodb] - name: Include configuration.yml - include: configure.yml + import_tasks: configure.yml tags: [mongodb] - name: Include replication and auth configuration - include: replication_init_auth.yml + include_tasks: + file: replication_init_auth.yml + apply: + tags: + - mongodb when: ( mongodb_replication_replset | length > 0 and mongodb_security_authorization == 'enabled' and mongodb_master is defined and mongodb_master ) tags: [mongodb] - name: Include replication configuration - include: replication.yml + include_tasks: + file: replication.yml + apply: + tags: + - mongodb when: mongodb_replication_replset | length > 0 tags: [mongodb] -- name: Check whether admin user is already exist - command: > - mongo --quiet {{ '--ssl --host ' + mongodb_net_ssl_host if mongodb_net_ssl_mode == 'requireSSL' else '' }} -u {{ mongodb_user_admin_name }} \ - -p {{ mongodb_user_admin_password }} --port {{ mongodb_net_port }} --eval 'db.version()' admin +- name: Check whether admin user already exist + ansible.builtin.command: > + mongo --quiet {{ '--ssl --host ' + mongodb_net_ssl_host if mongodb_net_ssl_mode == 'requireSSL' else '' }} -u {{ mongodb_root_admin_name }} \ + -p {{ mongodb_root_admin_password }} --port {{ mongodb_net_port }} --eval 'db.version()' admin register: mongodb_user_admin_check changed_when: false - check_mode: no + check_mode: false ignore_errors: true when: ( mongodb_security_authorization == 'enabled' and not mongodb_replication_replset ) @@ -57,7 +63,11 @@ tags: [mongodb] - name: Include authorization configuration - include: auth_initialization.yml + include_tasks: + file: auth_initialization.yml + apply: + tags: + - mongodb when: ( mongodb_security_authorization == 'enabled' and not mongodb_replication_replset and mongodb_user_admin_check.rc != 0 ) @@ -70,8 +80,8 @@ password: "{{ item.password }}" update_password: "{{ mongodb_user_update_password }}" roles: "{{ item.roles }}" - login_user: "{{ mongodb_user_admin_name }}" - login_password: "{{ mongodb_user_admin_password }}" + login_user: "{{ mongodb_root_admin_name }}" + login_password: "{{ mongodb_root_admin_password }}" login_port: "{{ mongodb_login_port|default(27017) }}" login_host: "{{ mongodb_login_host|default('localhost') }}" ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}" @@ -90,8 +100,8 @@ password: "{{ item.password }}" update_password: "{{ mongodb_user_update_password }}" roles: "{{ item.roles }}" - login_user: "{{ mongodb_user_admin_name }}" - login_password: "{{ mongodb_user_admin_password }}" + login_user: "{{ mongodb_root_admin_name }}" + login_password: "{{ mongodb_root_admin_password }}" login_port: "{{ mongodb_net_port | int }}" login_host: "{{ mongodb_login_host|default('localhost') }}" ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}" @@ -111,8 +121,8 @@ roles: - db: local role: read - login_user: "{{ mongodb_user_admin_name }}" - login_password: "{{ mongodb_user_admin_password }}" + login_user: "{{ mongodb_root_admin_name }}" + login_password: "{{ mongodb_root_admin_password }}" login_port: "{{ mongodb_login_port|default(27017) }}" login_host: "{{ mongodb_login_host|default('localhost') }}" ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}" @@ -125,12 +135,16 @@ tags: [mongodb] - name: service started - service: + ansible.builtin.service: name: "{{ mongodb_daemon_name }}" state: started - enabled: yes + enabled: true -- name: Include MMS Agent configuration - include: mms-agent.yml - when: mongodb_mms_api_key | length > 0 +- name: Include task to cap system_messages collection + include_tasks: + file: cap_system_messages_collection.yml + apply: + tags: + - mongodb + when: mongodb_master is defined and mongodb_master tags: [mongodb] diff --git a/tasks/mms-agent.yml b/tasks/mms-agent.yml deleted file mode 100644 index de9d7f89..00000000 --- a/tasks/mms-agent.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- name: Install MMS agent (Debian) - apt: - deb: "{{ mongodb_mms_agent_pkg }}" - when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - -- name: Install MMS agent (RHEL) - yum: - name: "{{ mongodb_mms_agent_pkg }}" - state: present - when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - -- name: Configure the MMS agent pt. 1 - file: - state: directory - path: /etc/mongodb-mms - owner: "{{ mongodb_user }}" - group: "{{ mongodb_user }}" - mode: 0755 - -- name: Configure the MMS agent pt. 2 - template: - src: monitoring-agent.config.j2 - dest: /etc/mongodb-mms/monitoring-agent.config - owner: "{{ mongodb_user }}" - group: "{{ mongodb_user }}" - mode: 0644 - notify: mongodb-mms-monitoring-agent restart - -- name: Ensure that the MMS agent is started - service: - name: mongodb-mms-monitoring-agent - state: started - enabled: yes diff --git a/tasks/percona-release-package.yml b/tasks/percona-release-package.yml new file mode 100644 index 00000000..b83ed8d7 --- /dev/null +++ b/tasks/percona-release-package.yml @@ -0,0 +1,39 @@ +--- +# tasks file for percona release packages + +- name: Install dependencies + ansible.builtin.apt: + name: "{{ item }}" + state: present + with_items: + - gnupg2 + - wget + tags: ['packages'] + +- name: Check if percona-release is already installed + ansible.builtin.command: dpkg-query -W percona-release + failed_when: false + changed_when: false + register: percona_release_deb + +- name: Download and install percona-release package + block: + - name: Download percona-release package + ansible.builtin.get_url: + url: "https://repo.percona.com/apt/percona-release_latest.{{ ansible_distribution_release }}_all.deb" + dest: /tmp/percona-release-latest.deb + + - name: Install percona-release + ansible.builtin.apt: + deb: /tmp/percona-release-latest.deb + + - name: Clean percona-release deb file + ansible.builtin.file: + path: /tmp/percona-release-latest.deb + state: absent + + - name: Run the equivalent of "apt-get update" as a separate step + ansible.builtin.apt: + update_cache: true + + when: percona_release_deb.rc != 0 or percona_release_deb.failed | default(false) diff --git a/tasks/prepare_update.yml b/tasks/prepare_update.yml new file mode 100644 index 00000000..b7822bd8 --- /dev/null +++ b/tasks/prepare_update.yml @@ -0,0 +1,104 @@ +--- +# tasks file for prepare_update + +# Always ensure that mongo service is running before the upgrade +- name: Cluster | Ensure mongo is running + ansible.builtin.systemd: + name: mongod + state: started + +- import_tasks: facts.yml + tags: [always] + +# Do not skip, it is required +- include_tasks: assert.yml + tags: [always] + +# Perform a full backup of your data and configuration files before upgrading. +# Right now it is rudimentary +- name: Backup | Perform a full backup of data and configuration files before upgrading + block: + - name: Backup | Copy mongobackup script + ansible.builtin.template: + src: mongobackup.sh.j2 + dest: /usr/local/bin/mongobackup.sh + mode: 0755 + + - name: Backup | Run backup of data + ansible.builtin.shell: "/usr/local/bin/mongobackup.sh {{ mongodb_backup_db }} > /dev/null 2>&1" + ignore_errors: true + + - name: Backup | Create Directories for Config backups + ansible.builtin.file: + path: /tmp/config_backup/ + state: directory + mode: '0700' + - name: Backup | Percona config files + ansible.builtin.archive: + path: + - /etc/mongod.conf + - "/lib/systemd/system/{{ mongodb_daemon_name }}.service" + - /usr/bin/percona-server-mongodb-helper.sh + dest: /tmp/config_backup/{{ ansible_hostname }}-percona-cfg.tgz + + - name: Backup | Create TAR Directory + ansible.builtin.archive: + path: /tmp/config_backup + dest: /tmp/{{ ansible_hostname }}_config_backup.tgz + + - name: Backup | Copy Configs to Centralized Location + ansible.builtin.fetch: + src: /tmp/{{ ansible_hostname }}_config_backup.tgz + dest: /tmp/{{ ansible_hostname }}/ + flat: true + +- import_tasks: cleanup-apt-packages.yml + tags: [always] + +- import_tasks: percona-release-package.yml + tags: [always] + +- import_tasks: install-pymongo.yml + tags: [always] + +- name: Replica | Get replica set information ismaster + ansible.builtin.shell: "mongo --port {{ mongo_net.port }} --quiet --eval 'rs.isMaster().ismaster'" + register: mongo_primary + +- name: Replica | Set fact + ansible.builtin.set_fact: + mongo_primary: "{{ mongo_primary.stdout }}" + +- name: Cluster | Set fact about mongo primary + ansible.builtin.set_fact: + replica_member: primary + when: mongo_primary + +- name: Cluster | Set fact about mongo secondary + ansible.builtin.set_fact: + replica_member: secondary + when: not mongo_primary + +- name: Cluster | Create groups based on the replica_member + ansible.builtin.group_by: + key: mongo_{{ replica_member }} + register: replica_members + +- name: Cluster | Fail if we don't have a mongo_primary + ansible.builtin.fail: + msg: There must be exactly one Mongo primary + when: + - groups['mongo_primary'] is defined + - groups['mongo_primary'] | length | int != 1 + run_once: true + +- name: Cluster | Fail if we have odd number of secondaries + ansible.builtin.fail: + msg: Uneven amount of secondary hosts are detected + when: + - groups['mongo_secondary'] is defined + - groups['mongo_secondary'] | length | int % 2 != 0 + run_once: true + +- import_tasks: check_cluster_health.yml + tags: [always] diff --git a/tasks/replication.yml b/tasks/replication.yml index 63e0e2a0..130458c4 100644 --- a/tasks/replication.yml +++ b/tasks/replication.yml @@ -1,4 +1,5 @@ --- +# tasks file for replication - name: Replication configuration mongodb_replication: diff --git a/tasks/replication_init_auth.yml b/tasks/replication_init_auth.yml index 1532d4b8..2d1cb3cd 100644 --- a/tasks/replication_init_auth.yml +++ b/tasks/replication_init_auth.yml @@ -1,5 +1,7 @@ --- -- name: Replication configuration | 1st Pt. +# tasks file for replica configuration + +- name: Replication init mongodb_replication: build_indexes: "{{ item.build_indexes|default(omit) }}" login_host: "{{ mongodb_login_host|default('localhost') }}" @@ -19,10 +21,10 @@ register: mongodb_replica_init ignore_errors: true -- include: auth_initialization.yml +- include_tasks: auth_initialization.yml when: mongodb_replica_init is failed -- name: Replication configuration | 2nd Pt +- name: Replication configuration | 1st Pt. mongodb_replication: build_indexes: "{{ item.build_indexes|default(omit) }}" login_host: "{{ mongodb_login_host|default('localhost') }}" @@ -40,3 +42,24 @@ when: mongodb_replica_init is failed with_items: - "{{ mongodb_replication_params|default([]) }}" + ignore_errors: true + register: mongodb_replica_configuration + +- name: Replication configuration | 2st Pt. + mongodb_replication: + build_indexes: "{{ item.build_indexes|default(omit) }}" + login_host: "{{ mongodb_login_host|default('localhost') }}" + login_port: "{{ mongodb_net_port|default(27017) }}" + login_user: "{{ mongodb_root_admin_name }}" + login_password: "{{ mongodb_root_admin_password }}" + replica_set: "{{ mongodb_replication_replset }}" + host_name: "{{ item.host_name }}" + host_port: "{{ item.host_port|default(27017) }}" + host_type: "{{ item.host_type|default('replica') }}" + hidden: "{{ item.hidden|default(false) }}" + priority: "{{ item.priority|default(1.0) }}" + votes: "{{ item.votes|default(omit) }}" + ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}" + when: mongodb_replica_configuration is failed + with_items: + - "{{ mongodb_replication_params|default([]) }}" diff --git a/tasks/upgrade_primary.yml b/tasks/upgrade_primary.yml new file mode 100644 index 00000000..090473b3 --- /dev/null +++ b/tasks/upgrade_primary.yml @@ -0,0 +1,57 @@ +--- +# tasks file for percona upgrading primary + +- import_tasks: facts.yml + tags: [always] + +- name: Replica| Instructs the primary of the replica set to become a secondary + community.mongodb.mongodb_shell: + login_host: localhost + login_port: "{{ mongo_net.port }}" + login_user: "{{ mongodb_root_admin_name }}" + login_password: "{{ mongodb_root_admin_password }}" + eval: "db.adminCommand( { replSetStepDown: 300, secondaryCatchUpPeriodSecs: 30 } )" + ignore_errors: true + # This will fail when version is lover than 4.2! + # Upon successful stepdown, rs.stepDown() forces all clients currently connected to the database to disconnect. + +- name: Replica | Pause for 1 minutes + ansible.builtin.pause: + minutes: 1 + +- import_tasks: check_cluster_health.yml + tags: [always] + +- import_tasks: upgrade_tasks.yml + tags: [always] + +- import_tasks: check_cluster_health.yml + tags: [always] + +- name: Replica | Lookup PRIMARY replicaset member + ansible.builtin.set_fact: + replica_primary: "{{ item.key.split(':')[0] }}" + loop: "{{ lookup('dict', replica_status.replicaset) }}" + when: + - "'PRIMARY' in item.value" + - replica_status is defined + +- name: Replica | Set ip address for current host + ansible.builtin.set_fact: + host_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4'].address }}" + when: "'ansible_default_ipv4' in hostvars[inventory_hostname]" + +- name: Assert | That new primary is not the one the play is running + ansible.builtin.assert: + that: "{{ replica_primary != host_ip }}" + msg: "PRIMARY was not elected successfully" + when: replica_primary is defined + +- name: Replica| Enable backwards-incompatible {{ mongodb_version }} features + community.mongodb.mongodb_shell: + login_host: "{{ replica_primary }}" + login_port: "{{ mongo_net.port }}" + login_user: "{{ mongodb_root_admin_name }}" + login_password: "{{ mongodb_root_admin_password }}" + eval: "db.adminCommand( { setFeatureCompatibilityVersion: '{{ mongodb_version }}' } )" + when: replica_primary is defined diff --git a/tasks/upgrade_secondary.yml b/tasks/upgrade_secondary.yml new file mode 100644 index 00000000..237a5d94 --- /dev/null +++ b/tasks/upgrade_secondary.yml @@ -0,0 +1,14 @@ +--- +# tasks file for percona upgrading secondaries + +- import_tasks: facts.yml + tags: [always] + +- import_tasks: check_cluster_health.yml + tags: [always] + +- import_tasks: upgrade_tasks.yml + tags: [always] + +- import_tasks: check_cluster_health.yml + tags: [always] diff --git a/tasks/upgrade_tasks.yml b/tasks/upgrade_tasks.yml new file mode 100644 index 00000000..8727b3fc --- /dev/null +++ b/tasks/upgrade_tasks.yml @@ -0,0 +1,78 @@ +--- +# upgrade tasks file for percona + +# shutdown mongo application +- name: Replica | Shutdown Mongo DB service + ansible.builtin.systemd: + name: mongod + state: stopped + +# Set Percona version via percona-release command +- name: Replica | Set Percona version via percona-release command + ansible.builtin.command: "percona-release enable {{ mongodb_repository[mongodb_major_version] }}" + +# update mongo +- name: Replica | Update mongo + ansible.builtin.apt: + name: percona-server-mongodb + state: latest + update_cache: true + autoremove: true + dpkg_options: "force-confold" + ignore_errors: true # This could fail first time as the apt installs default config although force-confold is set + tags: ['packages'] + +# mongod config +- name: Replica | Place mongod configs + ansible.builtin.template: + src: mongod.conf.j2 + dest: /etc/mongod.conf + owner: root + group: root + mode: "0644" + +# systemd configuration +- name: Replica | Place systemd configuration + ansible.builtin.template: + src: mongodb.service.j2 + dest: "/lib/systemd/system/{{ mongodb_daemon_name }}.service" + owner: root + group: root + mode: "0644" + when: + - ansible_service_mgr == "systemd" + - mongodb_manage_systemd_unit | bool + +- name: Replica | Add symlink for systemd + ansible.builtin.file: + src: "/lib/systemd/system/{{ mongodb_daemon_name }}.service" + dest: "/etc/systemd/system/multi-user.target.wants/{{ mongodb_daemon_name }}.service" + state: link + when: + - ansible_service_mgr == "systemd" + - mongodb_manage_systemd_unit | bool + +# percona-server-mongodb-helper.sh +- name: Replica | Place percona-server-helper shell script + ansible.builtin.template: + src: percona-server-mongodb-helper.sh.j2 + dest: /usr/bin/percona-server-mongodb-helper.sh + owner: root + group: root + mode: "0751" + when: + - ansible_service_mgr == "systemd" + - mongodb_manage_systemd_unit | bool + +- name: Cluster | Just force systemd to re-execute itself + ansible.builtin.systemd: + daemon_reexec: true + +# Restart mongo on all instances +- name: Cluster | Restart mongod service one by one + ansible.builtin.shell: systemctl restart mongod && sleep 30 + delegate_to: "{{ item }}" + loop: "{{ ansible_play_hosts }}" + args: + warn: false + run_once: true diff --git a/templates/aws_config.j2 b/templates/aws_config.j2 new file mode 100644 index 00000000..7317b7c6 --- /dev/null +++ b/templates/aws_config.j2 @@ -0,0 +1,9 @@ +[default] +region={{ mongodb_backup_region }} + +{% if customer.mongodb_backup_iam_role_arn is defined -%} +[profile mongodb_backup] +role_arn = {{ customer.mongodb_backup_iam_role_arn }} +credential_source = Ec2InstanceMetadata +source_profile = default +{% endif %} diff --git a/templates/backup_config.rb.j2 b/templates/backup_config.rb.j2 new file mode 100644 index 00000000..b6147945 --- /dev/null +++ b/templates/backup_config.rb.j2 @@ -0,0 +1,125 @@ +# encoding: utf-8 + +## +# Backup v5.x Configuration +# +# Documentation: http://backup.github.io/backup +# Issue Tracker: https://github.com/backup/backup/issues + +## +# Config Options +# +# The options here may be overridden on the command line, but the result +# will depend on the use of --root-path on the command line. +# +# If --root-path is used on the command line, then all paths set here +# will be overridden. If a path (like --tmp-path) is not given along with +# --root-path, that path will use it's default location _relative to --root-path_. +# +# If --root-path is not used on the command line, a path option (like --tmp-path) +# given on the command line will override the tmp_path set here, but all other +# paths set here will be used. +# +# Note that relative paths given on the command line without --root-path +# are relative to the current directory. The root_path set here only applies +# to relative paths set here. +# +# --- +# +# Sets the root path for all relative paths, including default paths. +# May be an absolute path, or relative to the current working directory. +# +root_path '/var/backups' +# +# Sets the path where backups are processed until they're stored. +# This must have enough free space to hold apx. 2 backups. +# May be an absolute path, or relative to the current directory or +root_path+. +# +tmp_path 'tmp' +# +# Sets the path where backup stores persistent information. +# When Backup's Cycler is used, small YAML files are stored here. +# May be an absolute path, or relative to the current directory or +root_path+. +# +data_path 'data' + +## +# Utilities +# +# If you need to use a utility other than the one Backup detects, +# or a utility can not be found in your $PATH. +# +# Utilities.configure do +# tar '/usr/bin/gnutar' +# redis_cli '/opt/redis/redis-cli' +# end + +## +# Logging +# +# Logging options may be set on the command line, but certain settings +# may only be configured here. +# +# Logger.configure do +# console.quiet = true # Same as command line: --quiet +# logfile.max_bytes = 2_000_000 # Default: 500_000 +# syslog.enabled = true # Same as command line: --syslog +# syslog.ident = 'my_app_backup' # Default: 'backup' +# end +# +# Command line options will override those set here. +# For example, the following would override the example settings above +# to disable syslog and enable console output. +# backup perform --trigger my_backup --no-syslog --no-quiet + +## +# Component Defaults +# +# Set default options to be applied to components in all models. +# Options set within a model will override those set here. +# +# Storage::S3.defaults do |s3| +# s3.access_key_id = "my_access_key_id" +# s3.secret_access_key = "my_secret_access_key" +# end +# +{% if customer.graylog_transport_email_auth_username is defined and customer.graylog_transport_email_auth_password is defined -%} +Notifier::Mail.defaults do |mail| + mail.from = 'cloud-ops+{{ setup_name }}@graylog.com' + mail.to = 'cloud-ops@graylog.com' + mail.address = 'email-smtp.us-east-1.amazonaws.com' + mail.port = 587 + mail.domain = 'graylog.cloud' + mail.user_name = '{{ customer.graylog_transport_email_auth_username }}' + mail.password = '{{ customer.graylog_transport_email_auth_password }}' + mail.authentication = 'plain' + mail.encryption = :starttls +end +{% endif -%} + +## +# Preconfigured Models +# +# Create custom models with preconfigured components. +# Components added within the model definition will +# +add to+ the preconfigured components. +# +# preconfigure 'MyModel' do +# archive :user_pictures do |archive| +# archive.add '~/pictures' +# end +# +# notify_by Mail do |mail| +# mail.to = 'admin@email.com' +# end +# end +# +# MyModel.new(:john_smith, 'John Smith Backup') do +# archive :user_music do |archive| +# archive.add '~/music' +# end +# +# notify_by Mail do |mail| +# mail.to = 'john.smith@email.com' +# end +# end diff --git a/templates/disable-transparent-hugepages.amazon.service.j2 b/templates/disable-transparent-hugepages.amazon.service.j2 deleted file mode 100644 index d728e156..00000000 --- a/templates/disable-transparent-hugepages.amazon.service.j2 +++ /dev/null @@ -1,17 +0,0 @@ -# {{ ansible_managed }} -[Unit] -Description="Disable Transparent Hugepage before MongoDB boots" -#WARN: check service name on your system -# If you are using MongoDB Cloud, service name is "mongodb-mms-automation-agent.service" -Before={{ mongodb_daemon_name }}.service - -[Service] -Type=oneshot -ExecStart=-/bin/bash -c 'echo never > /sys/kernel/mm/redhat_transparent_hugepage/enabled' -ExecStart=-/bin/bash -c 'echo never > /sys/kernel/mm/redhat_transparent_hugepage/defrag' -ExecStart=-/bin/bash -c 'echo 0 > /sys/kernel/mm/redhat_transparent_hugepage/khugepaged/defrag' - -[Install] -#WARN: check service name on your system -# If you are using MongoDB Cloud, service name is "mongodb-mms-automation-agent.service" -RequiredBy={{ mongodb_daemon_name }}.service diff --git a/templates/disable-transparent-hugepages.debian.service.j2 b/templates/disable-transparent-hugepages.debian.service.j2 deleted file mode 100644 index b940261d..00000000 --- a/templates/disable-transparent-hugepages.debian.service.j2 +++ /dev/null @@ -1,17 +0,0 @@ -# {{ ansible_managed }} -[Unit] -Description="Disable Transparent Hugepage before MongoDB boots" -#WARN: check service name on your system -# If you are using MongoDB Cloud, service name is "mongodb-mms-automation-agent.service" -Before={{ mongodb_daemon_name }}.service - -[Service] -Type=oneshot -ExecStart=-/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' -ExecStart=-/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/defrag' -ExecStart=-/bin/bash -c 'echo 0 > /sys/kernel/mm/transparent_hugepage/khugepaged/defrag' - -[Install] -#WARN: check service name on your system -# If you are using MongoDB Cloud, service name is "mongodb-mms-automation-agent.service" -RequiredBy={{ mongodb_daemon_name }}.service diff --git a/templates/disable-transparent-hugepages.redhat.service.j2 b/templates/disable-transparent-hugepages.redhat.service.j2 deleted file mode 100644 index d728e156..00000000 --- a/templates/disable-transparent-hugepages.redhat.service.j2 +++ /dev/null @@ -1,17 +0,0 @@ -# {{ ansible_managed }} -[Unit] -Description="Disable Transparent Hugepage before MongoDB boots" -#WARN: check service name on your system -# If you are using MongoDB Cloud, service name is "mongodb-mms-automation-agent.service" -Before={{ mongodb_daemon_name }}.service - -[Service] -Type=oneshot -ExecStart=-/bin/bash -c 'echo never > /sys/kernel/mm/redhat_transparent_hugepage/enabled' -ExecStart=-/bin/bash -c 'echo never > /sys/kernel/mm/redhat_transparent_hugepage/defrag' -ExecStart=-/bin/bash -c 'echo 0 > /sys/kernel/mm/redhat_transparent_hugepage/khugepaged/defrag' - -[Install] -#WARN: check service name on your system -# If you are using MongoDB Cloud, service name is "mongodb-mms-automation-agent.service" -RequiredBy={{ mongodb_daemon_name }}.service diff --git a/templates/graylog_backup.rb.j2 b/templates/graylog_backup.rb.j2 new file mode 100644 index 00000000..b75f4561 --- /dev/null +++ b/templates/graylog_backup.rb.j2 @@ -0,0 +1,82 @@ +# encoding: utf-8 + +## +# Backup Generated: graylog_backup +# Once configured, you can run the backup with the following command: +# +# $ backup perform -t graylog_backup [-c ] +# +# For more information about Backup's components, see the documentation at: +# http://backup.github.io/backup +# + +require 'aws-sdk' + +Model.new(:graylog_backup, 'Graylog configuration backup') do + + ## + # MongoDB [Database] + # + database MongoDB do |db| + db.name = "graylog" + {% if mongodb_root_admin_name is defined and mongodb_root_admin_password is defined -%} + db.username = "{{ mongodb_root_admin_name }}" + db.password = "{{ mongodb_root_admin_password }}" + db.additional_options = ["--authenticationDatabase=admin"] + {% endif -%} + db.host = "localhost" + db.port = 27017 + db.ipv6 = false + {% if mongodb_backup_collections is defined -%} + db.only_collections = [{{ mongodb_backup_collections }}] + {% endif -%} + db.lock = false + db.oplog = false + end + + {% if customer.mongodb_backup_encryption_password is defined -%} + ## + # Encrypt backup with OpenSSL + # To decrypt your backup, use the following command: + # openssl aes-256-cbc -d -base64 -in my_backup.tar.enc -out my_backup.tar + encrypt_with OpenSSL do |encryption| + encryption.password = "{{ mongodb_backup_encryption_password }}" + encryption.base64 = true + encryption.salt = true + end + {% endif %} + + {% if customer.mongodb_backup_iam_role_arn is defined -%} + ## + # S3 storage + # + sts = Aws::STS::Client.new + session = sts.assume_role(role_arn: '{{ customer.mongodb_backup_iam_role_arn }}', + role_session_name: 'mongodb_backup') + + store_with S3 do |s3| + # AWS Credentials + s3.access_key_id = session.credentials.access_key_id + s3.secret_access_key = session.credentials.secret_access_key + + s3.encryption = :aes256 + + s3.region = '{{ mongodb_backup_region }}' + s3.bucket = '{{ mongodb_backup_bucket }}' + s3.path = 'mongodb/customers/{{ setup_name }}' + s3.fog_options = { + aws_session_token: session.credentials.session_token, + aws_credentials_expire_at: session.credentials.expiration + } + end + {% endif %} + +{% if customer.graylog_transport_email_auth_username is defined and customer.graylog_transport_email_auth_password is defined -%} + ## + # Notifications + # + notify_by Mail do |mail| + mail.to = 'cloud-ops@graylog.com' + end +{% endif -%} +end diff --git a/templates/mongobackup.sh.j2 b/templates/mongobackup.sh.j2 new file mode 100644 index 00000000..1939348c --- /dev/null +++ b/templates/mongobackup.sh.j2 @@ -0,0 +1,12 @@ +#!/bin/bash + +date=$(date +%F) +backupDir="{{ mongodb_backup_path }}${date}/" +[ -z "$1" ] && echo "Missing param" && exit 1 +database=$1 + +mkdir -p "${backupDir}" +# Dump all +mongodump --username={{ mongodb_root_admin_name }} --password={{ mongodb_root_admin_password }} \ + --authenticationDatabase=admin --db "${database}" \ + --out "${backupDir}" diff --git a/templates/mongod.conf.j2 b/templates/mongod.conf.j2 index c896d759..692ccc03 100644 --- a/templates/mongod.conf.j2 +++ b/templates/mongod.conf.j2 @@ -1,112 +1,38 @@ # {{ ansible_managed }} net: - bindIp: {{ mongodb_net_bindip }} - {% if mongodb_major_version is version("3.6", "<") -%} - http: - enabled: {{ mongodb_net_http_enabled | to_nice_json }} - {% endif -%} - ipv6: {{ mongodb_net_ipv6 | to_nice_json }} - maxIncomingConnections: {{ mongodb_net_maxconns }} - port: {{ mongodb_net_port }} - {% if mongodb_net_ssl_pemfile is defined and mongodb_net_ssl_mode is defined and mongodb_net_ssl == 'enabled' -%} - ssl: - mode: {{ mongodb_net_ssl_mode }} - PEMKeyFile: {{ mongodb_net_ssl_pemfile }} - {%- endif %} - {%- if mongodb_config['net'] is defined and mongodb_config['net'] is iterable %} - {%- for item in mongodb_config['net'] -%} - {{ item }} - {% endfor %} - {% endif %} +{{ mongo_net | to_nice_yaml(indent=2) | indent(width=2, first=True) }} processManagement: - fork: {{ mongodb_processmanagement_fork | to_nice_json}} - {% if mongodb_pidfile_path is defined and mongodb_pidfile_path != '' -%} - pidFilePath: {{ mongodb_pidfile_path }} - {%- endif %} - {%- if mongodb_config['processManagement'] is defined and mongodb_config['processManagement'] is iterable %} - {%- for item in mongodb_config['processManagement'] -%} - {{ item }} - {% endfor %} - {% endif %} +{{ mongo_processmanagement | to_nice_yaml(indent=2) | indent(width=2, first=True) }} -{% if mongodb_replication_replset -%} +{% if mongo_replication != '' %} replication: - oplogSizeMB: {{ mongodb_replication_oplogsize | int }} - replSetName: {{ mongodb_replication_replset }} - {% if mongodb_storage_engine == 'mmapv1' -%} - secondaryIndexPrefetch: {{ mongodb_replication_replindexprefetch }} - {%- endif %} - {%- if mongodb_config['replication'] is defined and mongodb_config['replication'] is iterable %} - {%- for item in mongodb_config['replication'] -%} - {{ item }} - {% endfor %} - {% endif %} +{{ mongo_replication | to_nice_yaml(indent=2) | indent(width=2, first=True) }} +{% else %} +#replication: {% endif %} +{% if mongo_security != '' %} security: - authorization: {{ mongodb_security_authorization }} - {% if mongodb_replication_replset and mongodb_security_authorization == 'enabled' -%} - keyFile: {{ mongodb_security_keyfile }} - {% endif -%} - javascriptEnabled: {{ mongodb_security_javascript_enabled | to_nice_json }} - {%- if mongodb_config['security'] is defined and mongodb_config['security'] is iterable %} - {%- for item in mongodb_config['security'] -%} - {{ item }} - {% endfor %} - {% endif %} +{{ mongo_security | to_nice_yaml(indent=2) | indent(width=2, first=True) }} +{% else %} +#security: +{% endif %} storage: - dbPath: {{ mongodb_storage_dbpath }} - directoryPerDB: {{ mongodb_storage_dirperdb | to_nice_json }} - engine: {{ mongodb_storage_engine }} - journal: - enabled: {{ mongodb_storage_journal_enabled | to_nice_json }} - {% if mongodb_storage_engine == 'mmapv1' -%} - mmapv1: - quota: - enforced: {{ mongodb_storage_quota_enforced | to_nice_json }} - maxFilesPerDB: {{ mongodb_storage_quota_maxfiles }} - smallFiles: {{ mongodb_storage_smallfiles | to_nice_json }} - {% endif -%} - {% if mongodb_storage_engine == 'wiredTiger' -%} - wiredTiger: - engineConfig: - {% if mongodb_wiredtiger_cache_size is defined -%} - cacheSizeGB: {{ mongodb_wiredtiger_cache_size }} - {% endif -%} - directoryForIndexes: {{ mongodb_wiredtiger_directory_for_indexes | to_nice_json }} - {%- endif %} - {%- if mongodb_config['storage'] is defined and mongodb_config['storage'] is iterable %} - {%- for item in mongodb_config['storage'] -%} - {{ item }} - {% endfor %} - {% endif %} +{{ mongo_storage | to_nice_yaml(indent=2) | indent(width=2, first=True) }} systemLog: - destination: {{ mongodb_systemlog_destination }} - {% if mongodb_systemlog_destination == 'file' -%} - logAppend: {{ mongodb_systemlog_logappend | to_nice_json }} - logRotate: {{ mongodb_systemlog_logrotate }} - path: {{ mongodb_systemlog_path }} - {%- endif %} - {%- if mongodb_config['systemLog'] is defined and mongodb_config['systemLog'] is iterable %} - {%- for item in mongodb_config['systemLog'] -%} - {{ item }} - {% endfor %} - {% endif %} +{{ mongo_systemlog | to_nice_yaml(indent=2) | indent(width=2, first=True) }} +{% if mongo_operationprofiling != '' %} operationProfiling: - slowOpThresholdMs: {{ mongodb_operation_profiling_slow_op_threshold_ms }} - mode: {{ mongodb_operation_profiling_mode }} - {%- if mongodb_config['operationProfiling'] is defined and mongodb_config['operationProfiling'] is iterable %} - {%- for item in mongodb_config['operationProfiling'] -%} - {{ item }} - {% endfor %} - {% endif %} +{{ mongo_operationprofiling | to_nice_yaml(indent=2) | indent(width=2, first=True) }} +{% else %} +#operationProfiling: +{% endif %} -{% if mongodb_major_version is version("4.0", ">=") -%} cloud: monitoring: free: @@ -116,7 +42,6 @@ cloud: {{ item }} {% endfor %} {% endif %} -{% endif %} {% if mongodb_set_parameters -%} setParameter: @@ -124,3 +49,10 @@ setParameter: {{ key }}: {{ value }} {% endfor %} {% endif %} + +{% if mongodb_auditlog %} +auditLog: +{{ mongo_auditlog | to_nice_yaml(indent=2) | indent(width=2, first=True) }} +{% else %} +#auditLog: +{% endif %} diff --git a/templates/mongod.logrotate.j2 b/templates/mongod.logrotate.j2 new file mode 100644 index 00000000..253d9465 --- /dev/null +++ b/templates/mongod.logrotate.j2 @@ -0,0 +1,14 @@ +/var/log/mongodb/*.log +/var/log/mongodb/audit.json { + daily + rotate 5 + size 50M + compress + dateext + missingok + notifempty + sharedscripts + postrotate + /bin/kill -SIGUSR1 `cat {{ mongodb_pidfile_path }} 2> /dev/null` 2> /dev/null || true + endscript +} diff --git a/templates/mongod_init.conf.j2 b/templates/mongod_init.conf.j2 index eaf17796..b52c28e9 100644 --- a/templates/mongod_init.conf.j2 +++ b/templates/mongod_init.conf.j2 @@ -2,10 +2,6 @@ net: bindIp: '127.0.0.1' - {% if mongodb_major_version is version("3.6", "<") -%} - http: - enabled: {{ mongodb_net_http_enabled | to_nice_json }} - {% endif -%} ipv6: {{ mongodb_net_ipv6 | to_nice_json }} maxIncomingConnections: {{ mongodb_net_maxconns }} port: {{ mongodb_net_port }} @@ -20,31 +16,7 @@ security: authorization: 'disabled' storage: - dbPath: {{ mongodb_storage_dbpath }} - directoryPerDB: {{ mongodb_storage_dirperdb | to_nice_json }} - engine: {{ mongodb_storage_engine }} - journal: - enabled: {{ mongodb_storage_journal_enabled | to_nice_json }} - {% if mongodb_storage_engine == 'mmapv1' -%} - mmapv1: - quota: - enforced: {{ mongodb_storage_quota_enforced | to_nice_json }} - maxFilesPerDB: {{ mongodb_storage_quota_maxfiles }} - smallFiles: {{ mongodb_storage_smallfiles | to_nice_json }} - {% endif -%} - {% if mongodb_storage_engine == 'wiredTiger' -%} - wiredTiger: - engineConfig: - {% if mongodb_wiredtiger_cache_size is defined -%} - cacheSizeGB: {{ mongodb_wiredtiger_cache_size }} - {% endif -%} - directoryForIndexes: {{ mongodb_wiredtiger_directory_for_indexes | to_nice_json }} - {% endif %} +{{ mongo_storage | to_nice_yaml(indent=2) | indent(width=2, first=True) }} systemLog: - destination: {{ mongodb_systemlog_destination }} - {% if mongodb_systemlog_destination == 'file' -%} - logAppend: {{ mongodb_systemlog_logappend | to_nice_json }} - logRotate: {{ mongodb_systemlog_logrotate }} - path: {{ mongodb_systemlog_path }} - {% endif -%} +{{ mongo_systemlog | to_nice_yaml(indent=2) | indent(width=2, first=True) }} diff --git a/templates/mongodb.repo.j2 b/templates/mongodb.repo.j2 deleted file mode 100644 index 727f2cb1..00000000 --- a/templates/mongodb.repo.j2 +++ /dev/null @@ -1,10 +0,0 @@ -[mongodb-org-{{ mongodb_major_version }}] -name=MongoDB {{ mongodb_major_version }} Repository -baseurl={{ mongodb_repository[version_item] }} -{% if mongodb_repository_gpgkey[version_item] is defined and mongodb_repository_gpgkey[version_item] != '' %} -gpgcheck=1 -gpgkey={{ mongodb_repository_gpgkey[version_item] }} -{% else %} -gpgcheck=0 -{% endif %} -enabled=1 diff --git a/templates/mongodb.service.j2 b/templates/mongodb.service.j2 index 61eb82c4..304142a0 100644 --- a/templates/mongodb.service.j2 +++ b/templates/mongodb.service.j2 @@ -1,16 +1,17 @@ # {{ ansible_managed }} + [Unit] -Description=An object/document-oriented database +Description=High-performance, schema-free document-oriented database Documentation=man:mongod(1) -After=network-online.target +After=time-sync.target network.target [Service] -User={{ mongodb_user }} -{% if mongodb_use_numa | bool %} -ExecStart=/usr/bin/numactl --interleave=all /usr/bin/mongod --config /etc/mongod.conf -{% else %} -ExecStart=/usr/bin/mongod --config /etc/mongod.conf +{% if mongodb_processmanagement_fork | bool %} +Type=forking {% endif %} +User={{ mongodb_user }} +Group={{ mongodb_user }} +PermissionsStartOnly=true # file size LimitFSIZE=infinity # cpu time @@ -26,6 +27,14 @@ LimitMEMLOCK=infinity # total threads (user+kernel) TasksMax=infinity TasksAccounting=false +EnvironmentFile=-/etc/default/mongod +ExecStartPre=/usr/bin/percona-server-mongodb-helper.sh +{% if mongodb_use_numa | bool %} +ExecStart=/usr/bin/env bash -c "${NUMACTL} /usr/bin/mongod ${OPTIONS} > ${STDOUT} 2> ${STDERR}" +{% else %} +ExecStart=/usr/bin/mongod --config /etc/mongod.conf +{% endif %} +PIDFile={{ mongodb_pidfile_path }} # Recommended limits for for mongod as specified in # http://docs.mongodb.org/manual/reference/ulimit/#recommended-settings diff --git a/templates/monitoring-agent.config.j2 b/templates/monitoring-agent.config.j2 deleted file mode 100644 index 2a50d10f..00000000 --- a/templates/monitoring-agent.config.j2 +++ /dev/null @@ -1,3 +0,0 @@ -mmsApiKey={{ mongodb_mms_api_key }} -mmsBaseUrl={{ mongodb_mms_base_url }} -mmsGroupId={{ mongodb_mms_group_id }} diff --git a/templates/percona-server-mongodb-helper.sh.j2 b/templates/percona-server-mongodb-helper.sh.j2 new file mode 100644 index 00000000..d8838d7b --- /dev/null +++ b/templates/percona-server-mongodb-helper.sh.j2 @@ -0,0 +1,56 @@ +#!/bin/bash +# +# {{ ansible_managed }} +# +PATH="${PATH}:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin" +# +dirname {{ mongodb_pidfile_path }} | xargs mkdir -p +touch {{ mongodb_pidfile_path }} +touch /var/log/mongodb/mongod.{stdout,stderr} +chown mongod:mongod {{ mongodb_pidfile_path }} +chown -R mongod:mongod /var/log/mongodb +# +KTHP=/sys/kernel/mm/transparent_hugepage +# +[ -z "${CONF}" ] && CONF=/etc/mongod.conf +# +print_error(){ + echo " * Error disabling Transparent Huge pages, exiting" + exit 1 +} +# +. /etc/default/mongod +DAEMON_OPTS="${OPTIONS}" +# +# Handle NUMA access to CPUs (SERVER-3574) +# This verifies the existence of numactl as well as testing that the command works +NUMACTL_ARGS="--interleave=all" +if which numactl >/dev/null 2>/dev/null && numactl $NUMACTL_ARGS ls / >/dev/null 2>/dev/null +then + NUMACTL="numactl $NUMACTL_ARGS" + DAEMON_OPTS=${DAEMON_OPTS:-"--config $CONF"} + NUMA_CONF=$(grep -c 'NUMACTL="numactl --interleave=all"' /etc/default/mongod) + if [ $NUMA_CONF = 0 ] + then + echo 'NUMACTL="numactl --interleave=all"' >> /etc/default/mongod + fi +else + NUMACTL="" + DAEMON_OPTS=${DAEMON_OPTS:-"--config $CONF"} +fi +# +# checking if storageEngine is defined twice (in default and config file) +defaults=$(echo "${OPTIONS}" | egrep -o 'storageEngine.*' | tr -d '[[:blank:]]' | awk -F'=' '{print $NF}' 2>/dev/null) +config=$(egrep -o '^[[:blank:]]+engine.*' ${CONF} | tr -d '[[:blank:]]' | awk -F':' '{print $NF}' 2>/dev/null) +# +if [ -n "${defaults}" ] && [ -n "${config}" ]; then # engine is set in 2 places + if [ "${defaults}" == "${config}" ]; then # it's OK + echo " * Warning, engine is set both in defaults file and mongod.conf!" + else + echo " * Error, different engines are set in the same time!" + exit 1 + fi +fi +# disable THP +fgrep '[always]' ${KTHP}/enabled > /dev/null 2>&1 && (echo never > ${KTHP}/enabled 2> /dev/null || print_error) || true +fgrep '[always]' ${KTHP}/defrag > /dev/null 2>&1 && (echo never > ${KTHP}/defrag 2> /dev/null || print_error) || true diff --git a/tests/Dockerfile.amazonlinux_2-builded b/tests/Dockerfile.amazonlinux_2-builded deleted file mode 100644 index 8c25c8e0..00000000 --- a/tests/Dockerfile.amazonlinux_2-builded +++ /dev/null @@ -1,12 +0,0 @@ -FROM amazonlinux:2 - -# This is needed so that ansible managed to read "ansible_default_ipv4" -# This step is needed since standard CentOS docker image does not come with i -# This package seems to be required for Mongo 3.2 and downwards -RUN yum install iproute initscripts python-pip python-devel -y - -# we can has SSH -EXPOSE 22 - -# pepare for takeoff -CMD ["/usr/sbin/init"] diff --git a/tests/Dockerfile.centos_6-builded b/tests/Dockerfile.centos_6-builded deleted file mode 100644 index 2a65657e..00000000 --- a/tests/Dockerfile.centos_6-builded +++ /dev/null @@ -1,11 +0,0 @@ -FROM centos:6 - -# This is needed so that ansible managed to read "ansible_default_ipv4" -# This step is needed since standard CentOS docker image does not come with EPEL installed by default -RUN yum install iproute epel-release python-pip python-devel -y - -# we can has SSH -EXPOSE 22 - -# pepare for takeoff -CMD ["/usr/sbin/init"] diff --git a/tests/Dockerfile.centos_7-builded b/tests/Dockerfile.centos_7-builded deleted file mode 100644 index 8ab589a7..00000000 --- a/tests/Dockerfile.centos_7-builded +++ /dev/null @@ -1,11 +0,0 @@ -FROM centos:7 - -# This is needed so that ansible managed to read "ansible_default_ipv4" -# This step is needed since standard CentOS docker image does not come with EPEL installed by default -RUN yum install iproute epel-release python-pip python-devel -y - -# we can has SSH -EXPOSE 22 - -# pepare for takeoff -CMD ["/usr/sbin/init"] diff --git a/tests/Dockerfile.debian_8-builded b/tests/Dockerfile.debian_8-builded deleted file mode 100644 index 144b1f1f..00000000 --- a/tests/Dockerfile.debian_8-builded +++ /dev/null @@ -1,7 +0,0 @@ -FROM debian:8 - -ARG DEBIAN_FRONTEND=noninteractive - -RUN apt update && \ - apt install --yes python-minimal python-pip && \ - rm /lib/systemd/system/getty@.service diff --git a/tests/Dockerfile.debian_9-builded b/tests/Dockerfile.debian_9-builded deleted file mode 100644 index fb75ce1d..00000000 --- a/tests/Dockerfile.debian_9-builded +++ /dev/null @@ -1,31 +0,0 @@ -FROM debian:9 - -ARG DEBIAN_FRONTEND=noninteractive - -RUN apt update && \ - apt install --yes python-minimal systemd gnupg python-pip - -RUN cd /lib/systemd/system/sysinit.target.wants/ && \ - ls | grep -v systemd-tmpfiles-setup.service | xargs rm -f && \ - rm -f /lib/systemd/system/sockets.target.wants/*udev* && \ - systemctl mask -- \ - tmp.mount \ - etc-hostname.mount \ - etc-hosts.mount \ - etc-resolv.conf.mount \ - -.mount \ - swap.target \ - getty.target \ - getty-static.service \ - dev-mqueue.mount \ - cgproxy.service \ - systemd-tmpfiles-setup-dev.service \ - systemd-remount-fs.service \ - systemd-ask-password-wall.path \ - systemd-logind.service && \ - systemctl set-default multi-user.target || true - -RUN sed -ri /etc/systemd/journald.conf \ - -e 's!^#?Storage=.*!Storage=volatile!' - -RUN ln -s /lib/systemd/systemd /sbin/init diff --git a/tests/Dockerfile.ubuntu-upstart_14_04-builded b/tests/Dockerfile.ubuntu-upstart_14_04-builded deleted file mode 100644 index 7f3f135d..00000000 --- a/tests/Dockerfile.ubuntu-upstart_14_04-builded +++ /dev/null @@ -1,7 +0,0 @@ -FROM ubuntu-upstart - -ARG DEBIAN_FRONTEND=noninteractive - -RUN apt-get update && \ - apt-get install --yes python-minimal python-pip python-dev iproute2 - diff --git a/tests/Dockerfile.ubuntu_16_04-builded b/tests/Dockerfile.ubuntu_16_04-builded deleted file mode 100644 index ea9038ce..00000000 --- a/tests/Dockerfile.ubuntu_16_04-builded +++ /dev/null @@ -1,8 +0,0 @@ -FROM ubuntu:16.04 - -ARG DEBIAN_FRONTEND=noninteractive - -RUN apt update && \ - apt install --yes python-minimal python-pip python-dev iproute2 && \ - rm /lib/systemd/system/getty@.service - diff --git a/tests/Dockerfile.ubuntu_18_04-builded b/tests/Dockerfile.ubuntu_18_04-builded deleted file mode 100644 index 0c4a18de..00000000 --- a/tests/Dockerfile.ubuntu_18_04-builded +++ /dev/null @@ -1,29 +0,0 @@ -FROM ubuntu:18.04 - -ARG DEBIAN_FRONTEND=noninteractive - -RUN apt update && \ - apt install --yes python-minimal python-pip python-dev systemd gnupg iproute2 - -RUN cd /lib/systemd/system/sysinit.target.wants/ && \ - ls | grep -v systemd-tmpfiles-setup.service | xargs rm -f && \ - rm -f /lib/systemd/system/sockets.target.wants/*udev* && \ - systemctl mask -- \ - tmp.mount \ - etc-hostname.mount \ - etc-hosts.mount \ - etc-resolv.conf.mount \ - -.mount \ - swap.target \ - getty.target \ - getty-static.service \ - dev-mqueue.mount \ - cgproxy.service \ - systemd-tmpfiles-setup-dev.service \ - systemd-remount-fs.service \ - systemd-ask-password-wall.path \ - systemd-logind.service && \ - systemctl set-default multi-user.target || true - -RUN sed -ri /etc/systemd/journald.conf \ - -e 's!^#?Storage=.*!Storage=volatile!' diff --git a/tests/callback_plugins/profile_tasks.py b/tests/callback_plugins/profile_tasks.py deleted file mode 100644 index e8afd89c..00000000 --- a/tests/callback_plugins/profile_tasks.py +++ /dev/null @@ -1,74 +0,0 @@ -# profile_tasks.py: an Ansible plugin for timing tasks - -# Copyright (C) 2014 Jharrod LaFon -# https://github.com/jlafon/ansible-profile/ -# Included with permission - - -# The MIT License (MIT) -# -# Copyright (c) 2014 Jharrod LaFon -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. - - -from ansible.plugins.callback import CallbackBase -import time - - -class CallbackModule(CallbackBase): - """ - A plugin for timing tasks - """ - def __init__(self): - self.stats = {} - self.current = None - - def playbook_on_task_start(self, name, is_conditional): - """ - Logs the start of each task - """ - if self.current is not None: - # Record the running time of the last executed task - self.stats[self.current] = time.time() - self.stats[self.current] - - # Record the start time of the current task - self.current = name - self.stats[self.current] = time.time() - - def playbook_on_stats(self, stats): - """ - Prints the timings - """ - # Record the timing of the very last task - if self.current is not None: - self.stats[self.current] = time.time() - self.stats[self.current] - - # Sort the tasks by their running time - results = sorted(self.stats.items(), - key=lambda value: value[1], reverse=True) - - # Just keep the top 25 - results = results[:25] - - # Print the timings - for name, elapsed in results: - print("{0:-<70}{1:->9}".format( - '{0} '.format(name), - ' {0:.02f}s'.format(elapsed))) diff --git a/tests/files/etc/apt/apt.conf.d/proxy.conf b/tests/files/etc/apt/apt.conf.d/proxy.conf deleted file mode 100644 index 1a3273bb..00000000 --- a/tests/files/etc/apt/apt.conf.d/proxy.conf +++ /dev/null @@ -1,3 +0,0 @@ -Acquire::http::Proxy "http://proxy:3128/"; -Acquire::https::Proxy "http://proxy:3128/"; - diff --git a/tests/files/etc/environment b/tests/files/etc/environment deleted file mode 100644 index d8ef85f0..00000000 --- a/tests/files/etc/environment +++ /dev/null @@ -1,2 +0,0 @@ -PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games" -HTTP_PROXY="http://proxy:3128" diff --git a/tests/files/etc/squid/squid.conf b/tests/files/etc/squid/squid.conf deleted file mode 100644 index 66e1616a..00000000 --- a/tests/files/etc/squid/squid.conf +++ /dev/null @@ -1,34 +0,0 @@ -acl localhost src 127.0.0.1/32 ::1 -acl localnet src 10.0.0.0/8 # RFC1918 possible internal network -acl localnet src 172.16.0.0/12 # RFC1918 possible internal network -acl localnet src 192.168.0.0/16 # RFC1918 possible internal network -acl SSL_ports port 443 -acl Safe_ports port 80 # http -acl Safe_ports port 21 # ftp -acl Safe_ports port 443 # https -acl Safe_ports port 70 # gopher -acl Safe_ports port 210 # wais -acl Safe_ports port 1025-65535 # unregistered ports -acl Safe_ports port 280 # http-mgmt -acl Safe_ports port 488 # gss-http -acl Safe_ports port 591 # filemaker -acl Safe_ports port 777 # multiling http -acl CONNECT method CONNECT -http_access allow manager localhost -http_access deny manager -http_access deny !Safe_ports -http_access deny CONNECT !SSL_ports -http_access allow localnet -http_access allow localhost -http_access deny all -http_port 3128 -maximum_object_size 2048 MB -cache_dir aufs /var/spool/squid 5000 24 256 -coredump_dir /var/spool/squid -refresh_pattern ^ftp: 1440 20% 10080 -refresh_pattern ^gopher: 1440 0% 1440 -refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 -refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 -refresh_pattern . 0 20% 4320 -refresh_all_ims on - diff --git a/tests/group_vars/all.yml b/tests/group_vars/all.yml deleted file mode 100644 index e77379b2..00000000 --- a/tests/group_vars/all.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- - -image_name: "ubuntu:18.04" -mongodb_package: mongodb-org -mongodb_version: "4.0" -mongodb_storage_dbpath: /var/lib/mongodb -mongodb_net_bindip: 0.0.0.0 -mongodb_login_host: "{{ hostvars[groups['mongo_master'][0]].ansible_default_ipv4.address }}" - -mongodb_users: - - { - name: testUser, - password: passw0rd, - roles: readWrite, - database: admin - } diff --git a/tests/host_vars/mongo1.yml b/tests/host_vars/mongo1.yml deleted file mode 100644 index d9940090..00000000 --- a/tests/host_vars/mongo1.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -mongodb_master: true -mongodb_replication_params: - - host_name: "{{ hostvars[inventory_hostname].ansible_default_ipv4.address }}" diff --git a/tests/host_vars/mongo2.yml b/tests/host_vars/mongo2.yml deleted file mode 100644 index ed46ae01..00000000 --- a/tests/host_vars/mongo2.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- - -mongodb_replication_params: - - host_name: "{{ hostvars[inventory_hostname].ansible_default_ipv4.address }}" diff --git a/tests/host_vars/mongo3.yml b/tests/host_vars/mongo3.yml deleted file mode 100644 index a63fa4c3..00000000 --- a/tests/host_vars/mongo3.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -mongodb_net_port: 30000 -mongodb_storage_journal_enabled: "{{ mongodb_major_version is version('4.0', '>=') }}" -mongodb_storage_smallfiles: true -mongodb_storage_prealloc: false -mongodb_replication_params: - - host_name: "{{ hostvars[inventory_hostname].ansible_default_ipv4.address }}" - host_port: "{{ mongodb_net_port }}" - host_type: arbiter diff --git a/tests/hosts b/tests/hosts deleted file mode 100644 index e44f801e..00000000 --- a/tests/hosts +++ /dev/null @@ -1,13 +0,0 @@ -[local] -localhost ansible_connection=local ansible_python_interpreter=python - -[mongo_master] -mongo1 ansible_connection=docker ansible_user=root ansible_python_interpreter=python - -[mongo_replicas] -mongo2 ansible_connection=docker ansible_user=root ansible_python_interpreter=python -mongo3 ansible_connection=docker ansible_user=root ansible_python_interpreter=python - -[mongo:children] -mongo_master -mongo_replicas diff --git a/tests/scripts/before_install.sh b/tests/scripts/before_install.sh deleted file mode 100644 index 48fc3c95..00000000 --- a/tests/scripts/before_install.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/usr/bin/env bash -# -*- mode: sh; -*- - -# File: before_install.sh -# Time-stamp: <2018-07-12 18:05:37> -# Copyright (C) 2018 Sergei Antipov -# Description: - -# set -o xtrace -set -o nounset -set -o errexit -set -o pipefail - -# Latest Ansible install -pip install docker ansible mitogen - -cat << EOF > ansible.cfg -[defaults] -pipelining = True -strategy = mitogen_linear -strategy_plugins = /home/travis/virtualenv/python2.7.15/lib/python2.7/site-packages/ansible_mitogen/plugins/strategy -EOF - -# Pull docker image or build it -if [ -f tests/Dockerfile.${DISTRIBUTION}_${DIST_VERSION} ] -then - docker build --rm=true --file=tests/Dockerfile.${DISTRIBUTION}_${DIST_VERSION} --tag ${DISTRIBUTION}:${DIST_VERSION} tests -else - docker pull ${DISTRIBUTION}:${DIST_VERSION} -fi - -ln -s ${PWD} tests/greendayonfire.mongodb diff --git a/tests/scripts/test.sh b/tests/scripts/test.sh deleted file mode 100644 index cb82f380..00000000 --- a/tests/scripts/test.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/env bash -# -*- mode: sh; -*- - -# File: test.sh -# Time-stamp: <2018-07-13 11:05:31> -# Copyright (C) 2018 Sergei Antipov -# Description: - -# set -o xtrace -set -o nounset -set -o errexit - -package=${MONGODB_PACKAGE:-mongodb-org} -# Test 1 -echo "ansible-playbook -i tests/hosts tests/site.yml -e target=mongo1 -e mongodb_package=${package} -e mongodb_version=${MONGODB_VERSION} -e docker_privileged=${DOCKER_PRIVILEGED} -e image_name=${DISTRIBUTION}:${DIST_VERSION}" -ansible-playbook -i tests/hosts tests/site.yml -e target=mongo1 -e mongodb_package=${package} -e mongodb_version=${MONGODB_VERSION} -e docker_privileged=${DOCKER_PRIVILEGED} -e image_name=${DISTRIBUTION}:${DIST_VERSION} -# Idempotence test -ansible-playbook -i tests/hosts tests/site.yml -e target=mongo1 -e mongodb_package=${package} -e mongodb_version=${MONGODB_VERSION} -e docker_privileged=${DOCKER_PRIVILEGED} -e image_name=${DISTRIBUTION}:${DIST_VERSION} | \ - grep -q 'changed=0.*failed=0' && \ - (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && exit 1) -# Delete all containers -docker kill mongo{1,2,3} && docker rm mongo{1,2,3} - -# Test 2 -echo "ansible-playbook -i tests/hosts tests/site.yml -e target=mongo1 -e docker_privileged=${DOCKER_PRIVILEGED} -e image_name=${DISTRIBUTION}:${DIST_VERSION} -e mongodb_package=${package} -e mongodb_version=${MONGODB_VERSION} -e mongodb_security_authorization='enabled'" -ansible-playbook -i tests/hosts tests/site.yml -e target=mongo1 -e docker_privileged=${DOCKER_PRIVILEGED} -e image_name=${DISTRIBUTION}:${DIST_VERSION} -e mongodb_package=${package} -e mongodb_version=${MONGODB_VERSION} -e mongodb_security_authorization='enabled' -# Idempotence test -ansible-playbook -i tests/hosts tests/site.yml -e target=mongo1 -e docker_privileged=${DOCKER_PRIVILEGED} -e image_name=${DISTRIBUTION}:${DIST_VERSION} -e mongodb_package=${package} -e mongodb_version=${MONGODB_VERSION} -e mongodb_security_authorization='enabled' \ - | grep -q 'changed=0.*failed=0' \ - && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && exit 1) -# Delete all containers -docker kill mongo{1,2,3} && docker rm mongo{1,2,3} - -# Test 3 -echo "ansible-playbook -i tests/hosts tests/site.yml -e target=mongo -e docker_privileged=${DOCKER_PRIVILEGED} -e image_name=${DISTRIBUTION}:${DIST_VERSION} -e mongodb_package=${package} -e mongodb_version=${MONGODB_VERSION} -e mongodb_replication_replset='testrs'" -ansible-playbook -i tests/hosts tests/site.yml -e target=mongo -e docker_privileged=${DOCKER_PRIVILEGED} -e image_name=${DISTRIBUTION}:${DIST_VERSION} -e mongodb_package=${package} -e mongodb_version=${MONGODB_VERSION} -e mongodb_replication_replset='testrs' -# Idempotence test -ansible-playbook -i tests/hosts tests/site.yml -e target=mongo -e docker_privileged=${DOCKER_PRIVILEGED} -e image_name=${DISTRIBUTION}:${DIST_VERSION} -e mongodb_package=${package} -e mongodb_version=${MONGODB_VERSION} -e mongodb_replication_replset='testrs' \ - | grep -q 'changed=0.*failed=0' \ - && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && exit 1) -# Delete all containers -docker kill mongo{1,2,3} && docker rm mongo{1,2,3} - -# Test 4 -echo "ansible-playbook -i tests/hosts tests/site.yml -e target=mongo -e docker_privileged=${DOCKER_PRIVILEGED} -e image_name=${DISTRIBUTION}:${DIST_VERSION} -e mongodb_package=${package} -e mongodb_version=${MONGODB_VERSION} -e mongodb_replication_replset='testrs' -e mongodb_security_authorization='enabled'" -ansible-playbook -i tests/hosts tests/site.yml -e target=mongo -e docker_privileged=${DOCKER_PRIVILEGED} -e image_name=${DISTRIBUTION}:${DIST_VERSION} -e mongodb_package=${package} -e mongodb_version=${MONGODB_VERSION} -e mongodb_replication_replset='testrs' -e mongodb_security_authorization='enabled' -# Idempotence test -ansible-playbook -i tests/hosts tests/site.yml -e target=mongo -e docker_privileged=${DOCKER_PRIVILEGED} -e image_name=${DISTRIBUTION}:${DIST_VERSION} -e mongodb_package=${package} -e mongodb_version=${MONGODB_VERSION} -e mongodb_replication_replset='testrs' -e mongodb_security_authorization='enabled' \ - | grep -q 'changed=0.*failed=0' \ - && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && exit 1) diff --git a/tests/site.yml b/tests/site.yml deleted file mode 100644 index abd13ab0..00000000 --- a/tests/site.yml +++ /dev/null @@ -1,89 +0,0 @@ -# test.yml ---- - -- hosts: localhost - become: no - gather_facts: no - tasks: - - name: Copy environmnet file - copy: - src: etc/environment - dest: /tmp/environment - - name: Copy Squid config - copy: - src: etc/squid/squid.conf - dest: /tmp/squid.conf - - name: Create a network - docker_network: - name: MongoDBTestingNet - - name: Run Proxy in Docker - docker_container: - name: proxy - image: sameersbn/squid - state: started - volumes: - - /tmp/squid.conf:/etc/squid/squid.conf:ro - networks: - - name: MongoDBTestingNet - aliases: - - proxy - networks_cli_compatible: yes - - name: Run MongoDB cluster in Docker - docker_container: - name: "{{ item }}" - image: "{{ image_name }}" - command: "/sbin/init" - state: started - privileged: "{{ docker_privileged }}" - mounts: - - type: bind - source: /sys/fs/cgroup - target: /sys/fs/cgroup - - type: bind - source: /sys/fs/fuse - target: /sys/fs/fuse - - type: tmpfs - target: /run - - type: tmpfs - target: /run/lock - volumes: - - /tmp/environment:/etc/environment:ro - networks: - - name: MongoDBTestingNet - aliases: - - "{{ item }}" - networks_cli_compatible: yes - with_items: - - mongo1 - - mongo2 - - mongo3 - -- hosts: mongo - become: no - gather_facts: yes - tasks: - - name: Set proxy for apt - copy: - src: etc/apt/apt.conf.d/proxy.conf - dest: /etc/apt/apt.conf.d/proxy.conf - when: ansible_os_family == "Debian" - - name: Set proxy for yum - ini_file: - path: /etc/yum.conf - section: main - option: proxy - value: http://proxy:3128 - when: ansible_os_family == "RedHat" - -- hosts: mongo - become: no - gather_facts: no - tasks: - - name: gather tasks from all hosts - setup: - -- hosts: "{{ target | default('mongo') }}" - become: no - gather_facts: yes - roles: - - role: greendayonfire.mongodb diff --git a/vars/Amazon.yml b/vars/Amazon.yml deleted file mode 100644 index 9bb80478..00000000 --- a/vars/Amazon.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -mongodb_repository: - "4.4": "https://repo.mongodb.org/yum/amazon/2/mongodb-org/4.4/x86_64/" - "4.2": "https://repo.mongodb.org/yum/amazon/2/mongodb-org/4.2/x86_64/" - "4.0": "https://repo.mongodb.org/yum/amazon/2/mongodb-org/4.0/x86_64/" - "3.6": "https://repo.mongodb.org/yum/amazon/2013.03/mongodb-org/3.6/x86_64/" - -mongodb_repository_gpgkey: - "4.4": "https://www.mongodb.org/static/pgp/server-4.4.asc" - "4.2": "https://www.mongodb.org/static/pgp/server-4.2.asc" - "4.0": "https://www.mongodb.org/static/pgp/server-4.0.asc" - "3.6": "https://www.mongodb.org/static/pgp/server-3.6.asc" - -mongodb_pidfile_path: "{{ '/var/run/mongodb/mongod.pid' if ('mongodb-org' in mongodb_package) else '' }}" - -yum_lock_timeout: 180 - -mongodb_pymongo_package: "{{ 'python3-pymongo' if ansible_facts['python'].version.major == 3 else 'python-pymongo' }}" -mongodb_pymongo_deps: - - "{{ 'python3-devel' if ansible_facts['python'].version.major == 3 else 'python-devel' }}" - - "{{ 'python3-pip' if ansible_facts['python'].version.major == 3 else 'python-pip' }}" -mongodb_pip_executable: "{{ 'pip3' if ansible_facts['python'].version.major == 3 else 'pip' }}" diff --git a/vars/RedHat.yml b/vars/RedHat.yml deleted file mode 100644 index 34792f99..00000000 --- a/vars/RedHat.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -mongodb_repository: - "3.6": "https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.6/$basearch/" - "4.0": "https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/$basearch/" - "4.2": "https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.2/$basearch/" - "4.4": "https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.4/$basearch/" - -mongodb_repository_gpgkey: - "3.6": "https://www.mongodb.org/static/pgp/server-3.6.asc" - "4.0": "https://www.mongodb.org/static/pgp/server-4.0.asc" - "4.2": "https://www.mongodb.org/static/pgp/server-4.2.asc" - "4.4": "https://www.mongodb.org/static/pgp/server-4.4.asc" - -mongodb_pidfile_path: "{{ '/var/run/mongodb/mongod.pid' if ('mongodb-org' in mongodb_package) else '' }}" - -yum_lock_timeout: 180 - -mongodb_pymongo_package: "{{ 'python3-pymongo' if ansible_facts['python'].version.major == 3 else 'python-pymongo' }}" -mongodb_pymongo_deps: - - "{{ 'python3-devel' if ansible_facts['python'].version.major == 3 else 'python-devel' }}" - - "{{ 'python3-pip' if ansible_facts['python'].version.major == 3 else 'python-pip' }}" -mongodb_pip_executable: "{{ 'pip3' if ansible_facts['python'].version.major == 3 else 'pip' }}" diff --git a/vars/Ubuntu.yml b/vars/Ubuntu.yml deleted file mode 100644 index 5fd8dd19..00000000 --- a/vars/Ubuntu.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -mongodb_repository: - "3.6": "deb http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/3.6 multiverse" - "4.0": "deb http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.0 multiverse" - "4.2": "deb http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.2 multiverse" - "4.4": "deb http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.4 multiverse" - -mongodb_pymongo_package: "{{ 'python3-pymongo' if ansible_facts['python'].version.major == 3 else 'python-pymongo' }}" -mongodb_pymongo_deps: - - "{{ 'python3-dev' if ansible_facts['python'].version.major == 3 else 'python-dev' }}" - - "{{ 'python3-pip' if ansible_facts['python'].version.major == 3 else 'python-pip' }}" -mongodb_python_setuptools: "{{ 'python3-setuptools' if ansible_facts['python'].version.major == 3 else 'python-setuptools' }}" -mongodb_pip_executable: "{{ 'pip3' if ansible_facts['python'].version.major == 3 else 'pip' }}" diff --git a/vars/Debian.yml b/vars/main.yml similarity index 57% rename from vars/Debian.yml rename to vars/main.yml index 8871afc8..2c8a65b6 100644 --- a/vars/Debian.yml +++ b/vars/main.yml @@ -1,9 +1,10 @@ --- +# vars file for percona mongodb_repository: - "3.6": "deb http://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/3.6 main" - "4.0": "deb http://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.0 main" - "4.2": "deb http://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.2 main" - "4.4": "deb http://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main" + "4.0": "psmdb-40" + "4.2": "psmdb-42" + "4.4": "psmdb-44" + "5.0": "psmdb-50" mongodb_pymongo_package: "{{ 'python3-pymongo' if ansible_facts['python'].version.major == 3 else 'python-pymongo' }}" mongodb_pymongo_deps: