diff --git a/README.md b/README.md index 9f1202b..bdbb89a 100644 --- a/README.md +++ b/README.md @@ -54,6 +54,30 @@ Examples mongod_replset_name: rs0 +MongoDB 3.X +----------- + +To install modern versions of mongo on Debian based systems, use the following vars: + +```yaml +# see http://docs.mongodb.org/manual/administration/install-on-linux/ for other repositories +mongod_repo_debian: "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" + +mongod_pkgs: + - mongodb-org + - python-selinux + - python-pymongo + +# defaults to mmapv1, so be explicit if you want to use WT +mongod_storage_engine: wiredTiger + +# the localhost exception has changed in 3.x, so either disable the key file or send a PR :) +mongod_use_key: false + +# change this to a sane value +mongod_bind_ip: 0.0.0.0 +``` + Dependencies ------------ diff --git a/defaults/main.yml b/defaults/main.yml index 5c1d53f..6e092c6 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -10,3 +10,10 @@ mongod_replication: false mongod_repl_servers: [] mongod_repl_master: "localhost" mongod_replset_name: rs0 +mongod_repo_debian: "deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen" +mongod_storage_engine: 'mmapv1' +mongod_bind_ip: "127.0.0.1" +mongod_use_key: true +mongod_user: false + +# mongod_auth: false \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index 5e09e0c..01ba16b 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -14,9 +14,9 @@ when: ansible_os_family == "Debian" - name: Install the repository for Ubuntu mongodb - apt_repository: repo="deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen" state=present + apt_repository: repo="{{ mongod_repo_debian }}" state=present when: ansible_os_family == "Debian" - + - name: Install the libselinux module yum: name=libselinux-python state=installed when: ansible_os_family == "RedHat" @@ -38,16 +38,6 @@ - name: Create the data directory for the mongod file: path={{ mongod_datadir_prefix }} owner={{ mongo_user }} group={{ mongo_group }} state=directory -- name: Install the mongodb package - yum: name={{ item }} state=installed - with_items: mongod_pkgs - when: ansible_os_family == "RedHat" - -- name: Install the mongodb package - apt: name={{ item }} state=installed update_cache=yes - with_items: mongod_pkgs - when: ansible_os_family == "Debian" - - name: create data directory for mongodb file: path={{ mongod_datadir_prefix }}/mongo-{{ mongod_port }} state=directory owner={{ mongo_user }} group={{ mongo_group }} @@ -64,9 +54,21 @@ - name: Generate the keyfile for authentication set_fact: mongod_secret_key="{{ lookup('password', 'secret length=256 chars=ascii_letters,digits') }}" + when: mongod_use_key - name: Copy the keyfile for authentication copy: src=secret dest={{ mongod_datadir_prefix }}/secret owner={{ mongo_user }} group={{ mongo_group }} mode=0400 + when: mongod_use_key + +- name: Install the mongodb package + yum: name={{ item }} state=installed + with_items: mongod_pkgs | default(mongod_pkgs_default) + when: ansible_os_family == "RedHat" + +- name: Install the mongodb package + apt: name={{ item }} state=installed update_cache=yes + with_items: mongod_pkgs | default(mongod_pkgs_default) + when: ansible_os_family == "Debian" - name: Start the mongodb service for redhat variants command: creates=/var/lock/subsys/mongod-{{ mongod_port }} /etc/init.d/mongod-{{ mongod_port }} start @@ -85,5 +87,44 @@ when: mongod_replication - name: Initialize the replication set - shell: /usr/bin/mongo --port "{{ mongod_port }}" /tmp/repset_init.js + shell: /usr/bin/mongo --port "{{ mongod_port }}" admin /tmp/repset_init.js + when: mongod_replication and (mongod_repl_master == inventory_hostname or mongod_repl_master == ansible_hostname) + +- name: Generate the password for authentication + set_fact: mongod_password="{{ lookup('password', 'mongod_password length=32 chars=ascii_letters,digits') }}" + when: mongod_user != false + +- name: Construct mongo flags for user login + set_fact: mongod_user_login_flags="--username {{ mongod_user }} --password {{ mongod_password }}" + when: mongod_user != false + +- name: Clear mongo flags for user login + set_fact: mongod_user_login_flags="" + when: mongod_user == false + +- name: Check if mongo user exists + shell: /usr/bin/mongo --port {{ mongod_port }} {{ mongod_user_login_flags }} --eval 'db.serverStatus()' admin + register: mongod_user_check + when: mongod_user != false and ((not mongod_replication) or (mongod_repl_master == inventory_hostname or mongod_repl_master == ansible_hostname)) + ignore_errors: true + changed_when: false + +- name: Create the file to create the initial user + template: src=create_user.j2 dest=/tmp/create_user.js + when: mongod_user != false and (mongod_user_check | failed) and ((not mongod_replication) or (mongod_repl_master == inventory_hostname or mongod_repl_master == ansible_hostname)) + +- name: Create the password file for future reference + shell: echo "{{ mongod_password }}" > /tmp/mongod_password + changed_when: false + +- name: Create the initial user + shell: /usr/bin/mongo --port "{{ mongod_port }}" admin /tmp/create_user.js + when: mongod_user != false and (mongod_user_check | failed) and ((not mongod_replication) or (mongod_repl_master == inventory_hostname or mongod_repl_master == ansible_hostname)) + +- name: Create the file to add additional RS members + template: src=add_members.j2 dest=/tmp/add_members.js + when: mongod_user != false and (mongod_user_check | failed) and ((not mongod_replication) or (mongod_repl_master == inventory_hostname or mongod_repl_master == ansible_hostname)) + +- name: Add members to RS + shell: /usr/bin/mongo --port "{{ mongod_port }}" {{ mongod_user_login_flags }} admin /tmp/add_members.js when: mongod_replication and (mongod_repl_master == inventory_hostname or mongod_repl_master == ansible_hostname) diff --git a/templates/add_members.j2 b/templates/add_members.j2 new file mode 100644 index 0000000..cfe8b7f --- /dev/null +++ b/templates/add_members.j2 @@ -0,0 +1,5 @@ +{% for host in mongod_repl_servers %} +rs.add("{{ host }}:{{ mongod_port }}") +sleep(8000) +{% endfor %} +printjson(rs.status()) diff --git a/templates/create_user.j2 b/templates/create_user.j2 new file mode 100644 index 0000000..45cd4bb --- /dev/null +++ b/templates/create_user.j2 @@ -0,0 +1,6 @@ +db.createUser({ + user: "{{ mongod_user }}", + pwd: "{{ mongod_password }}", + roles: [ 'root' ] +}); +sleep(8000); diff --git a/templates/mongod.conf.j2 b/templates/mongod.conf.j2 index 0947214..03032a1 100644 --- a/templates/mongod.conf.j2 +++ b/templates/mongod.conf.j2 @@ -1,5 +1,6 @@ # mongo.conf smallfiles={{ mongod_smallfiles }} +storageEngine={{ mongod_storage_engine }} #where to log {% if ansible_os_family == "RedHat" %} @@ -19,7 +20,10 @@ logappend=true port = {{ mongod_port }} dbpath={{ mongod_datadir_prefix }}/mongo-{{ mongod_port }} + +{% if mongod_use_key %} keyFile={{ mongod_datadir_prefix }}/secret +{% endif %} # location of pidfile pidfilepath = {{ mongod_datadir_prefix }}/mongod_{{ mongod_port }}.pid @@ -33,3 +37,8 @@ pidfilepath = {{ mongod_datadir_prefix }}/mongod_{{ mongod_port }}.pid replSet={{ mongod_replset_name | default(mongod_port) }} {% endif %} +bind_ip={{ mongod_bind_ip }} + +{% if mongod_auth is defined %} +auth={{ mongod_auth }} +{% endif %} diff --git a/templates/repset_init.j2 b/templates/repset_init.j2 index 0f8f4ce..acb4dd2 100644 --- a/templates/repset_init.j2 +++ b/templates/repset_init.j2 @@ -1,7 +1,3 @@ rs.initiate() sleep(13000) -{% for host in mongod_repl_servers %} -rs.add("{{ host }}:{{ mongod_port }}") -sleep(8000) -{% endfor %} -printjson(rs.status()) + diff --git a/vars/Debian.yml b/vars/Debian.yml index 7796b18..3bb2d9a 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -1,6 +1,6 @@ --- -mongod_pkgs: +mongod_pkgs_default: - python-selinux - mongodb-10gen - python-pymongo diff --git a/vars/RedHat.yml b/vars/RedHat.yml index aa2ae74..f725d78 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,5 +1,5 @@ --- -mongod_pkgs: +mongod_pkgs_default: - mongo-10gen - mongo-10gen-server - bc