diff --git a/library/roles/mongodb-org/defaults/main.yml b/library/roles/mongodb-org/defaults/main.yml deleted file mode 100644 index b9607d5..0000000 --- a/library/roles/mongodb-org/defaults/main.yml +++ /dev/null @@ -1,89 +0,0 @@ ---- -mongodb_install_from_external_repo: True -mongodb_repo_keys: - - 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5 - - EA312927 - - 0C49F3730359A14518585931BC711F9BA15703C6 -mongodb_apt_repository: "deb http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/{{ mongodb_version }} multiverse" - -mongodb_old_repositories: - - "deb http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/3.0 multiverse" - - "deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen" - -mongodb_install_packages: True -mongodb_install_server: True -mongodb_install_conf: True -mongodb_upgrade_from_older_version: False -mongodb_version: 3.6 -# Set to 'latest' if you want to get the latest available package -mongodb_pkg_state: present -mongodb_server_pkgs_external_repo: - - mongodb-org - - mongodb-org-mongos - - mongodb-org-server - - mongodb-org-shell - - mongodb-org-tools - -mongodb_client_pkgs_external_repo: - - mongodb-org-shell - -mongodb_server_pkgs: - - mongodb - - mongodb-server - - mongo-tools - -mongodb_client_pkgs: - - mongodb-clients - -mongodb_start_server: 'yes' -mongodb_tcp_port: 27017 -mongo_bind_ip: 0.0.0.0 -mongodb_http_interface: 'false' -mongodb_user: mongodb -mongodb_group: mongodb -mongodb_logdir: /var/log/mongodb -mongodb_log_file: mongod.log -mongodb_logpath: '{{ mongodb_logdir }}/{{ mongodb_log_file }}' -mongodb_dbpath: /var/lib/mongodb -mongodb_directoryperdb: 'false' -mongodb_conf_file: /etc/mongod.conf -mongodb_daemon: /usr/bin/mongod -mongod_additional_options: "" -mongodb_allowed_hosts: - - 127.0.0.1/8 - - '{{ ansible_default_ipv4.address }}/32' - -mongodb_storage_engine: wiredTiger - -mongodb_ssl_enabled: False -mongodb_ssl_letsencrypt_managed: True -mongodb_ssl_letsencrypt_ca_dir: '{{ mongodb_ssl_cert_dir }}' -# This one contains both lets-encrypt-x3-cross-signed.pem.txt and DST_Root_CA_X3.crt -mongodb_ssl_letsencrypt_ca_filename: lets-encrypt-x3-cross-signed.pem -# Options: disabled, requireSSL, allowSSL, preferSSL -mongodb_ssl_mode: requireSSL -mongodb_ssl_cert_dir: /etc/pki/mongodb -mongodb_ssl_certkey_file: '{{ mongodb_ssl_cert_dir }}/mongodb.pem' -mongodb_ssl_CA_file: '{{ mongodb_ssl_letsencrypt_ca_dir }}/{{ mongodb_ssl_letsencrypt_ca_filename }}' -mongodb_ssl_allowConnectionsWithoutCertificates: 'true' -mongodb_ssl_disabled_protocols: 'TLS1_0,TLS1_1' - -# Do not change the default. We do not manage a logrotate configuration yet -mongodb_logrotate_management: True -mongodb_systemlog_external_logrotate: False -mongodb_systemlog_destination: file -mongodb_log_retain_days: 7 -# Not used anymore inside the template. Now we use different values based on mongodb_systemlog_external_logrotate -mongodb_systemlog_logappend: 'true' -mongodb_systemlog_logrotate: reopen - -mongodb_cluster_enabled: False -mongodb_authorization_enabled: False -mongodb_replicaset: storagedev -mongodb_replica_keyfile: '{{ mongodb_dbpath }}/replica_keyfile' - -mongodb_ganglia_auth_enabled: False -mongodb_ganglia_db: admin -mongodb_ganglia_auth_mechanism: MONGODB-CR -# User and password are stored in the variables mongo_monitoring_u and mongo_monitoring_pwd - diff --git a/library/roles/mongodb-org/files/lets-encrypt-x3-cross-signed.pem b/library/roles/mongodb-org/files/lets-encrypt-x3-cross-signed.pem deleted file mode 100644 index edb4954..0000000 --- a/library/roles/mongodb-org/files/lets-encrypt-x3-cross-signed.pem +++ /dev/null @@ -1,47 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow -SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT -GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF -q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 -SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 -Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA -a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj -/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T -AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG -CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv -bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k -c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw -VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC -ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz -MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu -Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF -AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo -uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ -wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu -X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG -PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 -KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow -PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD -Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O -rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq -OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b -xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw -7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD -aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV -HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG -SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 -ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr -AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz -R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 -JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo -Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ ------END CERTIFICATE----- diff --git a/library/roles/mongodb-org/handlers/main.yml b/library/roles/mongodb-org/handlers/main.yml deleted file mode 100644 index aea1cbc..0000000 --- a/library/roles/mongodb-org/handlers/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Restart mongod - service: name=mongod state=restarted - when: "'{{ mongodb_start_server }}' == 'yes'" - -- name: Restart mongodb - service: name=mongodb state=restarted - ignore_errors: true - when: "'{{ mongodb_start_server }}' == 'yes'" - diff --git a/library/roles/mongodb-org/tasks/main.yml b/library/roles/mongodb-org/tasks/main.yml deleted file mode 100644 index 1d393b0..0000000 --- a/library/roles/mongodb-org/tasks/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- import_tasks: mongodb.yml -- import_tasks: mongodb-letsencrypt-acmetool.yml - when: mongodb_ssl_letsencrypt_managed - - diff --git a/library/roles/mongodb-org/tasks/mongodb-letsencrypt-acmetool.yml b/library/roles/mongodb-org/tasks/mongodb-letsencrypt-acmetool.yml deleted file mode 100644 index 922790c..0000000 --- a/library/roles/mongodb-org/tasks/mongodb-letsencrypt-acmetool.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- block: - - name: Create the acme hooks directory if it does not yet exist - file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root - - - name: Install a script that fix the letsencrypt certificate for mongodb and then reload the service - template: src=mongodb-letsencrypt-acmetool.sh dest={{ letsencrypt_acme_services_scripts_dir }}/mongodb owner=root group=root mode=4555 - - - name: Create the mongodb certificate directory - file: dest={{ mongodb_ssl_cert_dir }} state=directory owner=root group=mongodb mode=0750 - - - name: Install the Letsencrypt CA file with both the root and the trusted CAs - copy: src={{ mongodb_ssl_letsencrypt_ca_filename }} dest={{ mongodb_ssl_cert_dir }}/{{ mongodb_ssl_letsencrypt_ca_filename }} mode=0444 - - - name: Verify if the mongodb pem file exists - stat: path={{ mongodb_ssl_certkey_file }} - register: mongodb_pem - - - name: Copy the certificate and its key where the mongo server expects it - command: "{{ letsencrypt_acme_services_scripts_dir }}/mongodb" - when: not mongodb_pem.stat.exists - - when: - - mongodb_ssl_letsencrypt_managed - - letsencrypt_acme_install - tags: [ 'mongodb', 'letsencrypt', 'mongodb_letsencrypt' ] diff --git a/library/roles/mongodb-org/tasks/mongodb.yml b/library/roles/mongodb-org/tasks/mongodb.yml deleted file mode 100644 index 1df7f19..0000000 --- a/library/roles/mongodb-org/tasks/mongodb.yml +++ /dev/null @@ -1,143 +0,0 @@ ---- -- block: - - name: Check if Service mongod Exists - stat: path=/etc/init/mongod - register: service_mongod_status - tags: mongodb - - - name: Ensure mongod is stopped and disabled - service: name=mongod state=stopped enabled=no - when: - - service_mongod_status.stat.exists - - mongodb_start_server is defined - - mongodb_start_server == 'no' - - mongodb_install_conf - - when: - - mongodb_install_server - - mongodb_install_from_external_repo - tags: mongodb - -- block: - - name: Install the mongodb-org apt keys - apt_key: keyserver='hkp://keyserver.ubuntu.com:80' id={{ item }} state=present - with_items: '{{ mongodb_repo_keys }}' - when: mongodb_install_from_external_repo - register: apt_key_update_cache - - - name: Remove the old mongodb-org apt repositories - apt_repository: repo='{{ item }}' state=absent update_cache=yes - with_items: '{{ mongodb_old_repositories }}' - when: mongodb_upgrade_from_older_version - - - name: Install the mongodb-org repository - apt_repository: repo="{{ mongodb_apt_repository }}" update_cache=yes state=present - - - name: Install/Update the mongodb-org configuration - template: src=mongod-{{ mongodb_version }}.conf.j2 dest=/etc/mongod.conf owner=root group=root mode=0444 backup=yes - when: mongodb_install_conf - notify: Restart mongodb - tags: [ 'mongodb', 'mongodb_update_conf', 'mongodb_keyfile' ] - - when: - - mongodb_install_server - - mongodb_install_from_external_repo - tags: [ 'mongodb' ] - -- block: - - name: We are upgrading, install the latest version of the mongodb-org packages, external repository - apt: pkg={{ mongodb_server_pkgs_external_repo }} state=latest update_cache=yes cache_valid_time=1800 - when: mongodb_upgrade_from_older_version - - - name: Install the mongodb-org packages, external repository - apt: pkg={{ mongodb_server_pkgs_external_repo }} state={{ mongodb_pkg_state }} update_cache=yes cache_valid_time=1800 - - - name: Install the mongodb-org defaults file - template: src=mongod-default.j2 dest=/etc/default/mongod owner=root group=root mode=0444 - when: mongodb_install_conf - notify: Restart mongod - tags: [ 'mongodb', 'mongodb_update_conf' ] - - when: - - mongodb_install_server - - mongodb_install_packages - - mongodb_install_from_external_repo - tags: mongodb - -- block: - - name: We are upgrading, install the latest version of the mongodb packages - apt: pkg={{ mongodb_server_pkgs }} state=latest update_cache=yes cache_valid_time=1800 - when: mongodb_upgrade_from_older_version - - - name: Install the mongodb packages - apt: pkg={{ mongodb_server_pkgs }} state={{ mongodb_pkg_state }} update_cache=yes cache_valid_time=1800 - - - name: Install/Update the mongodb configuration - template: src=mongod-{{ mongodb_version }}.conf.j2 dest=/etc/mongodb.conf owner=root group=root mode=0444 backup=yes - when: mongodb_install_conf - notify: Restart mongod - tags: [ 'mongodb', 'mongodb_update_conf' ] - - when: - - mongodb_install_server - - mongodb_install_packages - - not mongodb_install_from_external_repo - tags: mongodb - -- block: - - name: Create the mongodb log directory - file: dest={{ mongodb_logdir }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755 - when: mongodb_install_conf - - - name: Create the mongodb db directory - file: dest={{ mongodb_dbpath }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755 - when: mongodb_install_conf - - - name: Install the cron job that manages log files rotation - template: src=mongo_log_rotate.sh.j2 dest=/etc/cron.daily/mongo_log_rotate owner=root group=root mode=0555 - when: not mongodb_systemlog_external_logrotate - - when: mongodb_install_server - tags: mongodb - -- block: - - name: Create the mongodb conf directory - file: dest={{ mongodb_conf_path }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755 - - - name: Install the keyfile if it is a replica cluster - copy: src='vault-{{ mongodb_replicaset }}-keyfile' dest={{ mongodb_conf_path }}/{{ mongodb_keyfile_name }} owner=mongodb group=mongodb mode=0400 - notify: Restart mongod - - when: mongodb_cluster_enabled - tags: [ 'mongodb', 'mongodb_keyfile', 'mongodb_update_conf' ] - - -- block: - - name: Ensure mongodb is started and enabled - service: name=mongodb state=started enabled=yes - - when: - - mongodb_install_server - - mongodb_start_server == 'yes' - - not mongodb_install_from_external_repo - tags: mongodb - -- block: - - name: Ensure mongodb-org is started and enabled - service: name=mongod state=started enabled=yes - - when: - - mongodb_install_server - - mongodb_start_server == 'yes' - - mongodb_install_from_external_repo - tags: mongodb - -- block: - - name: Install the mongodb client packages - apt: pkg={{ mongodb_client_pkgs }} state={{ mongodb_pkg_state }} update_cache=yes cache_valid_time=1800 - - - name: Install the mongodb client packages, external repository - apt: pkg={{ mongodb_client_pkgs_external_repo }} state={{ mongodb_pkg_state }} update_cache=yes cache_valid_time=1800 - - when: not mongodb_install_server - tags: [ 'mongodb', 'mongodb_client' ] diff --git a/library/roles/mongodb-org/templates/mongo_log_rotate.sh.j2 b/library/roles/mongodb-org/templates/mongo_log_rotate.sh.j2 deleted file mode 100644 index 7f5e494..0000000 --- a/library/roles/mongodb-org/templates/mongo_log_rotate.sh.j2 +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -MONGO_PID_FILE={{ mongodb_dbpath }}/mongod.lock -LOG_RETAIN_DAYS={{ mongodb_log_retain_days }} -RETVAL= - -MONGO_PID=$( cat $MONGO_PID_FILE ) -# Tell mongo to rotate its log file -kill -SIGUSR1 $MONGO_PID - -RETVAL=$? - -# Remove the old log files -find {{ mongodb_logdir }} -name "{{ mongodb_log_file }}.*" -ctime +$LOG_RETAIN_DAYS -exec rm -f {} \; diff --git a/library/roles/mongodb-org/templates/mongod-3.0.conf.j2 b/library/roles/mongodb-org/templates/mongod-3.0.conf.j2 deleted file mode 100644 index 8b2ac20..0000000 --- a/library/roles/mongodb-org/templates/mongod-3.0.conf.j2 +++ /dev/null @@ -1,54 +0,0 @@ -# mongod.conf - -# for documentation of all options, see: -# http://docs.mongodb.org/manual/reference/configuration-options/ - -# Where and how to store data. -storage: - dbPath: {{ mongodb_dbpath }} - journal: - enabled: true - directoryPerDB: {{ mongodb_directoryperdb }} - engine: {{ mongodb_storage_engine }} -# mmapv1: -# wiredTiger: - -# where to write logging data. -systemLog: - destination: {{ mongodb_systemlog_destination }} - path: {{ mongodb_logpath }} -{% if not mongodb_systemlog_external_logrotate %} - logRotate: rename - logAppend: false -{% else %} - logRotate: reopen - logAppend: true -{% endif %} -# network interfaces -net: - port: {{ mongodb_tcp_port }} - bindIp: {{ mongo_bind_ip }} - http: - enabled: {{ mongodb_http_interface }} - JSONPEnabled: {{ mongodb_http_interface }} - RESTInterfaceEnabled: {{ mongodb_http_interface }} -{% if mongodb_ssl_enabled %} - ssl: - mode: {{ mongodb_ssl_mode }} - PEMKeyFile: '{{ mongodb_ssl_certkey_file }}' - CAFile: '{{ mongodb_ssl_CA_file }}' -{% endif %} - -#processManagement: - -{%if mongodb_cluster_enabled %} -security: - keyFile: /data/mongo_home/dev-d4science-keyfile - -replication: - oplogSizeMB: 2000 - replSetName: {{ mongodb_replicaset }} -{% endif %} - -#sharding: - diff --git a/library/roles/mongodb-org/templates/mongod-3.2.conf.j2 b/library/roles/mongodb-org/templates/mongod-3.2.conf.j2 deleted file mode 100644 index 8b2ac20..0000000 --- a/library/roles/mongodb-org/templates/mongod-3.2.conf.j2 +++ /dev/null @@ -1,54 +0,0 @@ -# mongod.conf - -# for documentation of all options, see: -# http://docs.mongodb.org/manual/reference/configuration-options/ - -# Where and how to store data. -storage: - dbPath: {{ mongodb_dbpath }} - journal: - enabled: true - directoryPerDB: {{ mongodb_directoryperdb }} - engine: {{ mongodb_storage_engine }} -# mmapv1: -# wiredTiger: - -# where to write logging data. -systemLog: - destination: {{ mongodb_systemlog_destination }} - path: {{ mongodb_logpath }} -{% if not mongodb_systemlog_external_logrotate %} - logRotate: rename - logAppend: false -{% else %} - logRotate: reopen - logAppend: true -{% endif %} -# network interfaces -net: - port: {{ mongodb_tcp_port }} - bindIp: {{ mongo_bind_ip }} - http: - enabled: {{ mongodb_http_interface }} - JSONPEnabled: {{ mongodb_http_interface }} - RESTInterfaceEnabled: {{ mongodb_http_interface }} -{% if mongodb_ssl_enabled %} - ssl: - mode: {{ mongodb_ssl_mode }} - PEMKeyFile: '{{ mongodb_ssl_certkey_file }}' - CAFile: '{{ mongodb_ssl_CA_file }}' -{% endif %} - -#processManagement: - -{%if mongodb_cluster_enabled %} -security: - keyFile: /data/mongo_home/dev-d4science-keyfile - -replication: - oplogSizeMB: 2000 - replSetName: {{ mongodb_replicaset }} -{% endif %} - -#sharding: - diff --git a/library/roles/mongodb-org/templates/mongod-3.4.conf.j2 b/library/roles/mongodb-org/templates/mongod-3.4.conf.j2 deleted file mode 100644 index ac37fdc..0000000 --- a/library/roles/mongodb-org/templates/mongod-3.4.conf.j2 +++ /dev/null @@ -1,61 +0,0 @@ -# mongod.conf - -# for documentation of all options, see: -# http://docs.mongodb.org/manual/reference/configuration-options/ - -# Where and how to store data. -storage: - dbPath: {{ mongodb_dbpath }} - journal: - enabled: true - directoryPerDB: {{ mongodb_directoryperdb }} - engine: {{ mongodb_storage_engine }} -# mmapv1: -# wiredTiger: - -# where to write logging data. -systemLog: - destination: {{ mongodb_systemlog_destination }} -{% if mongodb_logrotate_management %} -{% if not mongodb_systemlog_external_logrotate %} - logRotate: rename - logAppend: false -{% else %} - logRotate: reopen - logAppend: true -{% endif %} -{% else %} - logAppend: true -{% endif %} - path: {{ mongodb_logpath }} -# network information -net: - port: {{ mongodb_tcp_port }} - bindIp: {{ mongo_bind_ip }} -{% if mongodb_ssl_enabled %} - ssl: - mode: {{ mongodb_ssl_mode }} - PEMKeyFile: '{{ mongodb_ssl_certkey_file }}' - CAFile: '{{ mongodb_ssl_CA_file }}' - disabledProtocols: {{ mongodb_ssl_disabled_protocols }} - allowConnectionsWithoutCertificates: {{ mongodb_ssl_allowConnectionsWithoutCertificates }} -{% endif %} - -#processManagement: -{% if mongodb_authorization_enabled or mongodb_cluster_enabled %} -security: -{% endif %} - -{% if mongodb_authorization_enabled %} - authorization: enabled -{% endif %} -{%if mongodb_cluster_enabled %} - keyFile: {{ mongodb_replica_keyfile }} - -replication: - oplogSizeMB: {{ mongodb_oplog_size }} - replSetName: {{ mongodb_replicaset }} -{% endif %} - -#sharding: - diff --git a/library/roles/mongodb-org/templates/mongod-3.6.conf.j2 b/library/roles/mongodb-org/templates/mongod-3.6.conf.j2 deleted file mode 100644 index 40dd3fe..0000000 --- a/library/roles/mongodb-org/templates/mongod-3.6.conf.j2 +++ /dev/null @@ -1,52 +0,0 @@ -# mongod.conf - -# for documentation of all options, see: -# http://docs.mongodb.org/manual/reference/configuration-options/ - -# Where and how to store data. -storage: - dbPath: {{ mongodb_dbpath }} - journal: - enabled: true - directoryPerDB: {{ mongodb_directoryperdb }} - engine: {{ mongodb_storage_engine }} -# mmapv1: -# wiredTiger: - -# where to write logging data. -systemLog: - destination: {{ mongodb_systemlog_destination }} - path: {{ mongodb_logpath }} -{% if not mongodb_systemlog_external_logrotate %} - logRotate: rename - logAppend: false -{% else %} - logRotate: reopen - logAppend: true -{% endif %} -# network interfaces -net: - port: {{ mongodb_tcp_port }} - bindIp: {{ mongo_bind_ip }} -{% if mongodb_ssl_enabled %} - ssl: - mode: {{ mongodb_ssl_mode }} - PEMKeyFile: '{{ mongodb_ssl_certkey_file }}' - CAFile: '{{ mongodb_ssl_CA_file }}' - disabledProtocols: {{ mongodb_ssl_disabled_protocols }} - allowConnectionsWithoutCertificates: {{ mongodb_ssl_allowConnectionsWithoutCertificates }} -{% endif %} - -#processManagement: - -{%if mongodb_cluster_enabled %} -security: - keyFile: /data/mongo_home/dev-d4science-keyfile - -replication: - oplogSizeMB: 2000 - replSetName: {{ mongodb_replicaset }} -{% endif %} - -#sharding: - diff --git a/library/roles/mongodb-org/templates/mongod-default.j2 b/library/roles/mongodb-org/templates/mongod-default.j2 deleted file mode 100644 index 6fd002d..0000000 --- a/library/roles/mongodb-org/templates/mongod-default.j2 +++ /dev/null @@ -1,6 +0,0 @@ -ENABLE_MONGOD="{{ mongodb_start_server }}" -CONF={{ mongodb_conf_file }} -DAEMON={{ mongodb_daemon }} -DAEMONUSER={{ mongodb_user }} -DAEMON_OPTS="{{ mongod_additional_options }} --config $CONF" - diff --git a/library/roles/mongodb-org/templates/mongodb-letsencrypt-acmetool.sh b/library/roles/mongodb-org/templates/mongodb-letsencrypt-acmetool.sh deleted file mode 100644 index 152d2db..0000000 --- a/library/roles/mongodb-org/templates/mongodb-letsencrypt-acmetool.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash - -LE_CERTS_DIR=/etc/letsencrypt/live/$HOSTNAME -LE_LOG_DIR=/var/log/acme -MONGODB_CERTDIR=/etc/pki/mongodb -MONGODB_CERTFILE=$MONGODB_CERTDIR/mongodb.pem -DATE=$( date ) -echo "$DATE" >> $LE_LOG_DIR/mongodb.log - -if [ -f /etc/default/letsencrypt ] ; then - . /etc/default/letsencrypt -else - echo "No letsencrypt default file" >> $LE_LOG_DIR/mongodb.log - exit 1 -fi - -[ ! -d $MONGODB_CERTDIR ] && mkdir $MONGODB_CERTDIR - -echo "Building the new certificate file" >> $LE_LOG_DIR/mongodb.log -cat ${LE_CERTS_DIR}/{cert,privkey} > ${MONGODB_CERTFILE} -chmod 440 ${MONGODB_CERTFILE} -chgrp mongodb ${MONGODB_CERTFILE} - -{% if mongodb_ssl_enabled %} -echo "Reload the mongod service" >> "$LE_LOG_DIR/mongodb.log" -service mongod stop >> "$LE_LOG_DIR/mongodb.log" 2>&1 -sleep 10 -service mongod start > "$LE_LOG_DIR/mongodb.log" 2>&1 -{% endif %} -echo "Done." >> $LE_LOG_DIR/mongodb.log - -exit 0 - diff --git a/library/roles/mongodb-org/vars/main.yml b/library/roles/mongodb-org/vars/main.yml deleted file mode 100644 index 4c3d8f8..0000000 --- a/library/roles/mongodb-org/vars/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# IMPORTANT: mongodb does not support ecdsa keys, but it starts anyway without any error. -letsencrypt_acme_key_type: rsa - diff --git a/library/roles/mongodb/defaults/main.yml b/library/roles/mongodb/defaults/main.yml deleted file mode 100644 index 4c98250..0000000 --- a/library/roles/mongodb/defaults/main.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -mongodb_install_from_external_repo: True -mongodb_install_packages: True -mongodb_install_conf: True -mongodb_latest_version: True -mongodb_specific_version: 2.4.3 -#mongodb-org_version: False -mongodb_start_server: 'yes' -mongodb_tcp_port: 27017 -mongodb_http_interface: False -mongodb_http_port: 28017 -mongodb_user: mongodb -mongodb_group: mongodb -mongodb_logdir: /var/log/mongodb -mongodb_log_file: mongodb.log -mongodb_logpath: '{{ mongodb_logdir }}/{{ mongodb_log_file }}' -mongodb_dbpath: /var/lib/mongodb -mongodb_log_retain_days: 7 -mongodb_directoryperdb: False -mongodb_allowed_hosts: - - 127.0.0.1/8 - - '{{ ansible_default_ipv4.address }}/32' - -mongodb_cluster_enabled: False -mongodb_replicaset: storagedev diff --git a/library/roles/mongodb/handlers/main.yml b/library/roles/mongodb/handlers/main.yml deleted file mode 100644 index b90f828..0000000 --- a/library/roles/mongodb/handlers/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Update apt cache - apt: update_cache=yes - ignore_errors: true - -- name: Restart mongodb - service: name=mongodb state=restarted diff --git a/library/roles/mongodb/tasks/main.yml b/library/roles/mongodb/tasks/main.yml deleted file mode 100644 index 1c6df35..0000000 --- a/library/roles/mongodb/tasks/main.yml +++ /dev/null @@ -1,83 +0,0 @@ ---- -- name: Install the mongodb apt key - #apt_key: id=7F0CEB10 state=present - raw: apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10 - when: mongodb_install_from_external_repo - tags: mongodb - -- name: Install the mongodb repository - apt_repository: repo="deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen" update_cache=yes state=present - when: mongodb_install_from_external_repo - register: external_repo - tags: mongodb - -- name: Update the apt cache - apt: update_cache=yes - when: external_repo is changed - ignore_errors: True - tags: mongodb - -- name: Install the latest version of mongodb server - apt: pkg={{ item }} state=latest - with_items: - - mongodb-10gen - when: - - mongodb_install_from_external_repo - - mongodb_install_packages - - mongodb_latest_version - tags: mongodb - -- name: Install the mongodb-10gen server - apt: pkg={{ item }}={{ mongodb_specific_version }} state=present - with_items: - - mongodb-10gen - when: - - mongodb_install_from_external_repo - - mongodb_install_packages - - not mongodb_latest_version - tags: mongodb - -- name: Install the mongodb server - apt: pkg={{ item }} state=present - with_items: - - mongodb-server - when: - - not mongodb_install_from_external_repo - - mongodb_install_packages - tags: mongodb - -- name: Install the mongodb defaults file - copy: content="ENABLE_MONGODB={{ mongodb_start_server }}" dest=/etc/default/mongodb owner=root group=root mode=0444 - when: mongodb_install_conf - tags: mongodb - -- name: Create the mongodb db directory - file: dest={{ mongodb_dbpath }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755 - when: mongodb_install_conf - tags: mongodb - -- name: Create the mongodb log directory - file: dest={{ mongodb_logdir }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755 - when: mongodb_install_conf - tags: mongodb - -- name: Install the mongodb 2.4 configuration - template: src=mongodb-2.4.conf.j2 dest=/etc/mongodb.conf owner=root group=root mode=0444 - when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'yes' ) and ( mongodb_install_conf ) - notify: Restart mongodb - tags: mongodb - -- name: Install the cron job that manages log files rotation - template: src=mongo_log_rotate.sh.j2 dest=/etc/cron.daily/mongo_log_rotate owner=root group=root mode=0555 - tags: mongodb - -- name: Ensure mongodb is started - service: name=mongodb state=started enabled=yes - when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'yes' ) and ( mongodb_install_conf ) - tags: mongodb - -- name: Ensure mongodb is stopped and disabled - service: name=mongodb state=stopped enabled=no - when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'no' ) and ( mongodb_install_conf ) - tags: mongodb - diff --git a/library/roles/mongodb/templates/mongo_log_rotate.sh.j2 b/library/roles/mongodb/templates/mongo_log_rotate.sh.j2 deleted file mode 100644 index 7f5e494..0000000 --- a/library/roles/mongodb/templates/mongo_log_rotate.sh.j2 +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -MONGO_PID_FILE={{ mongodb_dbpath }}/mongod.lock -LOG_RETAIN_DAYS={{ mongodb_log_retain_days }} -RETVAL= - -MONGO_PID=$( cat $MONGO_PID_FILE ) -# Tell mongo to rotate its log file -kill -SIGUSR1 $MONGO_PID - -RETVAL=$? - -# Remove the old log files -find {{ mongodb_logdir }} -name "{{ mongodb_log_file }}.*" -ctime +$LOG_RETAIN_DAYS -exec rm -f {} \; diff --git a/library/roles/mongodb/templates/mongodb-2.4.conf.j2 b/library/roles/mongodb/templates/mongodb-2.4.conf.j2 deleted file mode 100644 index 47ea9f2..0000000 --- a/library/roles/mongodb/templates/mongodb-2.4.conf.j2 +++ /dev/null @@ -1,87 +0,0 @@ -# Note: if you run mongodb as a non-root user (recommended) you may -# need to create and set permissions for this directory manually, -# e.g., if the parent directory isn't mutable by the mongodb user. -dbpath={{ mongodb_dbpath }} -directoryperdb={{ mongodb_directoryperdb }} - -#where to log -logpath={{ mongodb_logpath }} - -logappend=true - -port = {{ mongodb_tcp_port }} - -# Disables write-ahead journaling -# nojournal = true - -# Enables periodic logging of CPU utilization and I/O wait -#cpu = true - -# Turn on/off security. Off is currently the default -#noauth = true -#auth = true - -# Verbose logging output. -#verbose = true - -# Inspect all client data for validity on receipt (useful for -# developing drivers) -#objcheck = true - -# Enable db quota management -#quota = true - -# Set oplogging level where n is -# 0=off (default) -# 1=W -# 2=R -# 3=both -# 7=W+some reads -#diaglog = 0 -# Ignore query hints -#nohints = true - -{% if not mongodb_http_interface %} -# Disable the HTTP interface (Defaults to localhost:28017). -nohttpinterface = true -{% endif %} - -# Turns off server-side scripting. This will result in greatly limited -# functionality -#noscripting = true - -# Turns off table scans. Any query that would do a table scan fails. -#notablescan = true - -# Disable data file preallocation. -#noprealloc = true - -# Specify .ns file size for new databases. -# nssize = - -# Accout token for Mongo monitoring server. -#mms-token = - -# Server name for Mongo monitoring server. -#mms-name = - -# Ping interval for Mongo monitoring server. -#mms-interval = - -# Replication Options - -# in master/slave replicated mongo databases, specify here whether -# this is a slave or master -#slave = true -#source = master.example.com -# Slave only: specify a single database to replicate -#only = master.example.com -# or -#master = true -#source = slave.example.com - -{% if mongodb_cluster_enabled %} -# in replica set configuration, specify the name of the replica set -replSet = {{ mongodb_replicaset }} -{% endif %} -