From 360ad15636219c3c97badf25527f4f6d9a290558 Mon Sep 17 00:00:00 2001
From: Bart Geesink <bart.geesink@surf.nl>
Date: Thu, 14 Nov 2024 14:38:17 +0100
Subject: [PATCH] Add small Mongo docker role, for running on a single node

---
 provision.yml                                 |  6 ++
 roles/mongodbdocker/defaults/main.yml         |  2 +
 roles/mongodbdocker/tasks/main.yml            | 88 +++++++++++++++++++
 .../templates/backup_mongo.pl.j2              | 37 ++++++++
 4 files changed, 133 insertions(+)
 create mode 100644 roles/mongodbdocker/defaults/main.yml
 create mode 100644 roles/mongodbdocker/tasks/main.yml
 create mode 100644 roles/mongodbdocker/templates/backup_mongo.pl.j2

diff --git a/provision.yml b/provision.yml
index 5a21697c3..4d292a291 100644
--- a/provision.yml
+++ b/provision.yml
@@ -189,5 +189,11 @@
     - { role: lifecycle,      tags: ["lifecycle"] }  
     - { role: stepuptiqr, tags: ['stepuptiqr' , 'stepup'] }
 
+- hosts: docker_mariadb
+  become: true
+  roles:
+    - { role: mariadbdocker, tags: ['mariadbdocker']}
+    - { role: mongodbdocker, tags: ['mongodbdocker']}
+
 - import_playbook: "{{ environment_dir }}/playbook.yml"
 
diff --git a/roles/mongodbdocker/defaults/main.yml b/roles/mongodbdocker/defaults/main.yml
new file mode 100644
index 000000000..c0095f38b
--- /dev/null
+++ b/roles/mongodbdocker/defaults/main.yml
@@ -0,0 +1,2 @@
+replica_set_name: "{{ instance_name }}"
+docker_mongodb_network_range: "172.21.22.0/24"
diff --git a/roles/mongodbdocker/tasks/main.yml b/roles/mongodbdocker/tasks/main.yml
new file mode 100644
index 000000000..5daf1b95d
--- /dev/null
+++ b/roles/mongodbdocker/tasks/main.yml
@@ -0,0 +1,88 @@
+---
+- name: Install required packages
+  ansible.builtin.apt:
+    name: "python3-pymongo"
+    state: present
+
+- name: Create MongoDB volume
+  community.docker.docker_volume:
+    name: openconext_mongodb
+    state: present
+
+- name: Create MongoDB network
+  community.docker.docker_network:
+    name: openconext_mongodb
+    state: present
+    internal: false
+    ipam_config:
+      - subnet: "{{ docker_mongodb_network_range }}"
+
+- name: Create the MongoDB container
+  community.docker.docker_container:
+    name: openconext_mongodb
+    image: bitnami/mongodb:7.0
+    state: started
+    pull: true
+    restart_policy: "always"
+    ports: "127.0.0.1:27017:27017"
+    networks:
+      - name: "openconext_mongodb"
+    mounts:
+      - type: volume
+        source: openconext_mongodb
+        target: /var/lib/mysql
+      - type: bind
+        source: /home/backup/mongo/
+        target: /home/backup
+    env:
+      MONGODB_ROOT_USER: admin
+      MONGODB_ROOT_PASSWORD: "{{ mongo_admin_password }}"
+      MONGODB_REPLICA_SET_NAME: "{{ replica_set_name }}"
+      MONGODB_REPLICA_SET_MODE: primary
+      MONGODB_REPLICA_SET_KEY: secretsecret
+      MONGODB_ADVERTISED_HOSTNAME: openconext_mongodb
+    volumes:
+      - openconext_mongodb:/bitnami/mongodb
+    hostname: openconext_mongodb
+
+- name: Create mongo database users
+  community.mongodb.mongodb_user:
+    login_database: admin
+    database: "{{ item.db_name }}"
+    login_user: admin
+    login_password: "{{ mongo_admin_password }}"
+    login_host: 127.0.0.1
+    name: "{{ item.name }}"
+    password: "{{ item.password }}"
+    roles: readWrite
+    replica_set: "{{ replica_set_name }}"
+    strict_compatibility: false
+  no_log: false
+  run_once: true
+  with_items: "{{ mongo.users }}"
+  changed_when: false
+  tags: mongo_users
+
+- name: Create the backupdir
+  ansible.builtin.file:
+    path: /home/backup/mongo
+    owner: 1001
+    group: 1001
+    mode: "0700"
+
+- name: Install the backup script
+  ansible.builtin.template:
+    src: "backup_mongo.pl.j2"
+    dest: "/usr/local/sbin/backup_mongo.pl"
+    mode: "0700"
+    owner: root
+    group: root
+
+
+- name: Create cron symlink for backup script
+  ansible.builtin.file:
+    src: "/usr/local/sbin/backup_mongo.pl"
+    dest: "/etc/cron.daily/mongodb_backup"
+    state: link
+    mode: "0700"
+    owner: root
diff --git a/roles/mongodbdocker/templates/backup_mongo.pl.j2 b/roles/mongodbdocker/templates/backup_mongo.pl.j2
new file mode 100644
index 000000000..c8e014742
--- /dev/null
+++ b/roles/mongodbdocker/templates/backup_mongo.pl.j2
@@ -0,0 +1,37 @@
+#!/usr/bin/perl
+# Variables
+
+$backupdir = "/home/backup";
+$username = "admin";
+$password = "{{ mongo_admin_password }}";
+
+umask 0077;
+
+# Determine current day
+$day = `/bin/date +'%a'`;
+chomp($day);
+
+# Remove old backups if exists
+if ( -e "$backupdir/mongo-dump-$day/") {
+`rm -rf $backupdir/mongo-dump-$day/`;
+}
+
+# Dump databases
+`docker exec openconext_mongodb mongodump --username $username --password $password --authenticationDatabase admin --out $backupdir/mongo-dump-$day`;
+
+# Gzip dumps
+opendir(BDIR, "$backupdir/mongo-dump-$day/");
+my @files = readdir(BDIR);
+closedir(BDIR);
+chdir("$backupdir/mongo-dump-$day/");
+foreach $dir (@files) {
+if ($dir !~ /^\.+$/) {
+if ($dir !~ /\.\./g) {
+if ( -d "$backupdir/mongo-dump-$day/$dir") {
+`tar -cvzf $backupdir/mongo-dump-$day/$dir.tar.gz $dir/`;
+`rm -rf $backupdir/mongo-dump-$day/$dir/`;
+}
+}
+}
+}
+umask 0022;