Merge pull request #1 from stone-payments/feat/role-updates

Support Centos 8, Debian 10, add percona, backup and improvements

Author: carlos-gonzaga

README.md

@@ -10,17 +10,18 @@ Ansible role which manages [MongoDB](http://www.mongodb.org/).
 
 MongoDB support matrix:
 
-| Distribution   | < MongoDB 3.2 |    MongoDB 3.4     |    MongoDB 3.6     |    MongoDB 4.0     |   MongoDB 4.2      |
-| -------------- | :-----------: | :----------------: | :----------------: | :----------------: | :----------------: |
-| Ubuntu 14.04   |  :no_entry:   | :white_check_mark: | :white_check_mark: | :white_check_mark: |        :x:         |
-| Ubuntu 16.04   |  :no_entry:   | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
-| Ubuntu 18.04   |  :no_entry:   |        :x:         |        :x:         | :white_check_mark: | :white_check_mark: |
-| Debian 8.x     |  :no_entry:   | :white_check_mark: | :white_check_mark: | :white_check_mark: |        :x:         |
-| Debian 9.x     |  :no_entry:   |        :x:         | :white_check_mark: | :white_check_mark: | :white_check_mark: |
-| RHEL 6.x       |  :no_entry:   | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
-| RHEL 7.x       |  :no_entry:   | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
-| Amazon Linux 2 |  :no_entry:   | :white_check_mark: |        :x:         | :white_check_mark: | :white_check_mark: |
-
+| Distribution   | < MongoDB 3.2 |    MongoDB 3.4     |    MongoDB 3.6     |    MongoDB 4.0     |   MongoDB 4.2      |   MongoDB 4.4      |
+| -------------- | :-----------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: |
+| Ubuntu 14.04   |  :no_entry:   | :white_check_mark: | :white_check_mark: | :white_check_mark: |        :x:         | :interrobang:      |
+| Ubuntu 16.04   |  :no_entry:   | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :interrobang:      |
+| Ubuntu 18.04   |  :no_entry:   |        :x:         |        :x:         | :white_check_mark: | :white_check_mark: | :white_check_mark: |
+| Ubuntu 20.04   |  :no_entry:   |        :x:         |        :x:         | :interrobang:      | :interrobang:      | :white_check_mark: |
+| Debian 8.x     |  :no_entry:   | :white_check_mark: | :white_check_mark: | :white_check_mark: |        :x:         | :white_check_mark: |
+| Debian 9.x     |  :no_entry:   |        :x:         | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
+| RHEL 6.x       |  :no_entry:   | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :interrobang:      |
+| RHEL 7.x       |  :no_entry:   | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
+| RHEL 8.x       |  :no_entry:   | :interrobang:      | :interrobang:      | :interrobang:      | :white_check_mark: | :white_check_mark: |
+| Amazon Linux 2 |  :no_entry:   | :white_check_mark: |        :x:         | :white_check_mark: | :white_check_mark: | :white_check_mark: |
 - :white_check_mark: - fully tested, should works fine
 - :interrobang: - maybe works, not tested
 - :x: - don't have official support
@@ -32,22 +33,30 @@ MongoDB support matrix:
 # You can use this variable to control installation source of MongoDB
 # 'mongodb' will be installed from Debian/Ubuntu repos
 # 'mongodb-org' will be installed from MongoDB official repos
-mongodb_package: mongodb-org
+# 'percona-server-mongodb' will be installed Mongodb from percona
+mongodb_package: percona-server-mongodb
 
 # You can control installed version via this param.
-# Should be '3.4', '3.6', '4.0' or '4.2'. This role doesn't support MongoDB < 3.4.
+# Should be '3.4', '3.6', '4.0', '4.2' or '4.4'. This role doesn't support MongoDB < 3.4.
 # I will recommend you to use latest version of MongoDB.
-mongodb_version: "4.2"
+mongodb_version: "4.4"
 
+mongodb_tools: true # Install mtools, and percona-server-mongodb-tools if use Percona package
 mongodb_pymongo_from_pip: true # Install latest PyMongo via PIP or package manager
-mongodb_pymongo_pip_version: 3.6.1 # Choose PyMong version to install from pip. If not set use latest
+mongodb_pymongo_pip_version: 3.10.1 # Choose PyMong version to install from pip. If not set use latest
 mongodb_user_update_password: "on_create" # MongoDB user password update default policy
 mongodb_manage_service: true
 mongodb_manage_systemd_unit: true
 
 # Disable transparent hugepages on systemd debian based installations
+# https://docs.mongodb.com/manual/tutorial/transparent-huge-pages/
 mongodb_disable_transparent_hugepages: false
 
+# OS tuning
+vm_swappiness:
+vm_dirty_ratio:
+vm_dirty_background_ratio:
+
 # You can enable or disable NUMA support
 mongodb_use_numa: true
 
@@ -68,11 +77,12 @@ mongodb_processmanagement_fork: false # Fork server process
 ## security Options
 # Disable or enable security. Possible values: 'disabled', 'enabled'
 mongodb_security_authorization: "disabled"
-mongodb_security_keyfile: /etc/mongodb-keyfile # Specify path to keyfile with password for inter-process authentication
+mongodb_security_keyfile: /etc/mongodb-keyfile  # Specify path to keyfile with password for inter-process authentication
+mongodb_active_directory_role: ""               # Create role root to active directory integration
 
 ## storage Options
-mongodb_storage_dbpath: /data/db # Directory for datafiles
-mongodb_storage_dirperdb: false # Use one directory per DB
+mongodb_storage_dbpath: /data/mongodb # Directory for datafiles
+mongodb_storage_dirperdb: true        # Use one directory per DB
 
 # The storage engine for the mongod database
 mongodb_storage_engine: "wiredTiger"
@@ -84,15 +94,51 @@ mongodb_storage_smallfiles: false # Very useful for non-data nodes
 mongodb_storage_journal_enabled: true # Enable journaling
 mongodb_storage_prealloc: true # Disable data file preallocation
 
+mongodb_wiredtiger_directory_for_indexes: true # Create directory for indexes
+
 # WiredTiger Options
 mongodb_wiredtiger_cache_size: 1 # Cache size for wiredTiger in GB
 
 ## systemLog Options
 ## The destination to which MongoDB sends all log output. Specify either 'file' or 'syslog'.
 ## If you specify 'file', you must also specify mongodb_systemlog_path.
 mongodb_systemlog_destination: "file"
-mongodb_systemlog_logappend: true # Append to logpath instead of over-writing
-mongodb_systemlog_path: /var/log/mongodb/{{ mongodb_daemon_name }}.log # Log file to send write to instead of stdout
+mongodb_systemlog_logappend: true                                       # Append to logpath instead of over-writing
+mongodb_systemlog_logrotate: "reopen"                                   # Logrotation behavior
+mongodb_systemlog_path: /var/log/mongodb/{{ mongodb_daemon_name }}.log  # Log file to send write to instead of stdout
+mongodb_systemlog_verbosity: 0                                           # Default log message verbosity level for components
+
+## Example to set different verbosity for components
+mongodb_systemlog_component:
+  accessControl:
+    verbosity: 5
+  command:
+    verbosity: 5
+  write:
+    verbosity: 5
+
+# Log rotation
+mongodb_logrotate: true # Rotate mongodb logs.
+mongodb_logrotate_options: |
+  {{ mongodb_config['auditLog'].path | default('') }}
+  {{ mongodb_systemlog_path }} {
+    daily
+    rotate 7
+    maxsize 1G
+    missingok
+    compress
+    delaycompress
+    notifempty
+    create 640 {{ mongodb_user }} {{ mongodb_user }}
+    sharedscripts
+    postrotate
+      /bin/kill -SIGUSR1 `cat /run/mongodb/mongod.pid 2>/dev/null` >/dev/null 2>&1
+    endscript
+  }
+
+## operationProfiling Options
+mongodb_operation_profiling_slow_op_threshold_ms: 1000
+mongodb_operation_profiling_mode: "off"
 
 ## replication Options
 mongodb_replication_replset: # Enable replication <setname>[/<optionalseedhostlist>]
@@ -120,45 +166,48 @@ mongodb_mms_group_id: ""
 mongodb_mms_api_key: ""
 mongodb_mms_base_url: https://mms.mongodb.com
 
-# Log rotation
-mongodb_logrotate: true # Rotate mongodb logs.
-mongodb_logrotate_options:
-  - compress
-  - copytruncate
-  - daily
-  - dateext
-  - rotate 7
-  - size 10M
-
-# password for inter-process authentication
-# please regenerate this file on production environment with command 'openssl rand -base64 741'
-mongodb_keyfile_content: |
-  8pYcxvCqoe89kcp33KuTtKVf5MoHGEFjTnudrq5BosvWRoIxLowmdjrmUpVfAivh
-  CHjqM6w0zVBytAxH1lW+7teMYe6eDn2S/O/1YlRRiW57bWU3zjliW3VdguJar5i9
-  Z+1a8lI+0S9pWynbv9+Ao0aXFjSJYVxAm/w7DJbVRGcPhsPmExiSBDw8szfQ8PAU
-  2hwRl7nqPZZMMR+uQThg/zV9rOzHJmkqZtsO4UJSilG9euLCYrzW2hdoPuCrEDhu
-  Vsi5+nwAgYR9dP2oWkmGN1dwRe0ixSIM2UzFgpaXZaMOG6VztmFrlVXh8oFDRGM0
-  cGrFHcnGF7oUGfWnI2Cekngk64dHA2qD7WxXPbQ/svn9EfTY5aPw5lXzKA87Ds8p
-  KHVFUYvmA6wVsxb/riGLwc+XZlb6M9gqHn1XSpsnYRjF6UzfRcRR2WyCxLZELaqu
-  iKxLKB5FYqMBH7Sqg3qBCtE53vZ7T1nefq5RFzmykviYP63Uhu/A2EQatrMnaFPl
-  TTG5CaPjob45CBSyMrheYRWKqxdWN93BTgiTW7p0U6RB0/OCUbsVX6IG3I9N8Uqt
-  l8Kc+7aOmtUqFkwo8w30prIOjStMrokxNsuK9KTUiPu2cj7gwYQ574vV3hQvQPAr
-  hhb9ohKr0zoPQt31iTj0FDkJzPepeuzqeq8F51HB56RZKpXdRTfY8G6OaOT68cV5
-  vP1O6T/okFKrl41FQ3CyYN5eRHyRTK99zTytrjoP2EbtIZ18z+bg/angRHYNzbgk
-  lc3jpiGzs1ZWHD0nxOmHCMhU4usEcFbV6FlOxzlwrsEhHkeiununlCsNHatiDgzp
-  ZWLnP/mXKV992/Jhu0Z577DHlh+3JIYx0PceB9yzACJ8MNARHF7QpBkhtuGMGZpF
-  T+c73exupZFxItXs1Bnhe3djgE3MKKyYvxNUIbcTJoe7nhVMrwO/7lBSpVLvC4p3
-  wR700U0LDaGGQpslGtiE56SemgoP
+# Password for inter-process authentication
+# If not defined, it will be generated at runtime with the command 'openssl rand -base64 756'
+# Be careful if you perform the function to configure different servers in different executions, different keys will be generated 
+# therefore, the service will not be able to authenticate, in which case you need to specify the key to have exactly the same
+# If mongodb_keyfile_force_renew is true and the keyfile alredy exist in the host, the keyfile will be replaced with mongodb_keyfile_content when defined or with a new runtime generate key
+mongodb_keyfile_force_renew: false
+mongodb_keyfile_content: 
 
 # names and passwords for administrative users
-mongodb_user_admin_name: siteUserAdmin
-mongodb_user_admin_password: passw0rd
-
-mongodb_root_admin_name: siteRootAdmin
-mongodb_root_admin_password: passw0rd
+mongodb_root_user_name: admin
+mongodb_root_user_password: passw0rd
+
+mongodb_backup_user_name: ""
+mongodb_backup_user_password: ""
+
+# Additional administrator user, if not setted, will not be created
+mongodb_admin_user_name: 
+mongodb_admin_user_password: 
+
+# MongoDB Backup
+mongodb_backup: false
+mongodb_backup_engine: pbm  # pbm | mongodump
+mongodb_backup_state: present
+mongodb_backup_script_path: "/etc/mongodb-backup.sh"
+mongodb_backup_log_path: "{{ mongodb_systemlog_path|dirname }}/backup_mongod.log"
+mongodb_backup_path: "{{ mongodb_storage_dbpath }}/backup"     # Local path to mongodump, or PBM path to backups  # Do not use "/" in the end of directories
+mongodb_backup_path_hot_storage : "{{ mongodb_backup_path }}/storage" # Path to storage mongodump backup, or path to PBM Hot Backups when use PBM  # Do not use "/" in the end of directories
+mongodb_backup_parameters: "--mongodb-uri \"mongodb://{{ mongodb_backup_user_name }}:{{ mongodb_backup_user_password }}@{{ inventory_hostname }}:{{ mongodb_net_port }}/admin?replicaSet={{ mongodb_replication_replset }}\"" # Mongodump: "--gzip --forceTableScan"
+mongodb_backup_cron_time:
+  hour: 3
+  minute: 0
+mongodb_backup_logrotate: |
+  {{ mongodb_backup_log_path }} {
+    size 100k
+    dateext
+    dateformat -%Y%m%d
+    rotate 7
+    create 644
+  }
 
-mongodb_root_backup_name: backupuser
-mongodb_root_backup_password: passw0rd
+# Enable PBM Point-in-Time Recovery
+mongodb_backup_pbm_pitr_enable: true
 ```
 
 #### Usage
@@ -191,9 +240,8 @@ mongodb_oplog_users:
 Required vars to change on production:
 
 ```yaml
-mongodb_user_admin_password
-mongodb_root_admin_password
-mongodb_root_backup_password
+mongodb_root_user_password
+mongodb_backup_user_password
 
 # if you use replication and authorization
 mongodb_security_keyfile