forked from ISTI-ansible-roles/ansible-roles
Remove ghe mongodb roles.
This commit is contained in:
parent
318cfee1c0
commit
213fc52b7e
|
@ -1,89 +0,0 @@
|
||||||
---
|
|
||||||
mongodb_install_from_external_repo: True
|
|
||||||
mongodb_repo_keys:
|
|
||||||
- 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5
|
|
||||||
- EA312927
|
|
||||||
- 0C49F3730359A14518585931BC711F9BA15703C6
|
|
||||||
mongodb_apt_repository: "deb http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/{{ mongodb_version }} multiverse"
|
|
||||||
|
|
||||||
mongodb_old_repositories:
|
|
||||||
- "deb http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/3.0 multiverse"
|
|
||||||
- "deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen"
|
|
||||||
|
|
||||||
mongodb_install_packages: True
|
|
||||||
mongodb_install_server: True
|
|
||||||
mongodb_install_conf: True
|
|
||||||
mongodb_upgrade_from_older_version: False
|
|
||||||
mongodb_version: 3.6
|
|
||||||
# Set to 'latest' if you want to get the latest available package
|
|
||||||
mongodb_pkg_state: present
|
|
||||||
mongodb_server_pkgs_external_repo:
|
|
||||||
- mongodb-org
|
|
||||||
- mongodb-org-mongos
|
|
||||||
- mongodb-org-server
|
|
||||||
- mongodb-org-shell
|
|
||||||
- mongodb-org-tools
|
|
||||||
|
|
||||||
mongodb_client_pkgs_external_repo:
|
|
||||||
- mongodb-org-shell
|
|
||||||
|
|
||||||
mongodb_server_pkgs:
|
|
||||||
- mongodb
|
|
||||||
- mongodb-server
|
|
||||||
- mongo-tools
|
|
||||||
|
|
||||||
mongodb_client_pkgs:
|
|
||||||
- mongodb-clients
|
|
||||||
|
|
||||||
mongodb_start_server: 'yes'
|
|
||||||
mongodb_tcp_port: 27017
|
|
||||||
mongo_bind_ip: 0.0.0.0
|
|
||||||
mongodb_http_interface: 'false'
|
|
||||||
mongodb_user: mongodb
|
|
||||||
mongodb_group: mongodb
|
|
||||||
mongodb_logdir: /var/log/mongodb
|
|
||||||
mongodb_log_file: mongod.log
|
|
||||||
mongodb_logpath: '{{ mongodb_logdir }}/{{ mongodb_log_file }}'
|
|
||||||
mongodb_dbpath: /var/lib/mongodb
|
|
||||||
mongodb_directoryperdb: 'false'
|
|
||||||
mongodb_conf_file: /etc/mongod.conf
|
|
||||||
mongodb_daemon: /usr/bin/mongod
|
|
||||||
mongod_additional_options: ""
|
|
||||||
mongodb_allowed_hosts:
|
|
||||||
- 127.0.0.1/8
|
|
||||||
- '{{ ansible_default_ipv4.address }}/32'
|
|
||||||
|
|
||||||
mongodb_storage_engine: wiredTiger
|
|
||||||
|
|
||||||
mongodb_ssl_enabled: False
|
|
||||||
mongodb_ssl_letsencrypt_managed: True
|
|
||||||
mongodb_ssl_letsencrypt_ca_dir: '{{ mongodb_ssl_cert_dir }}'
|
|
||||||
# This one contains both lets-encrypt-x3-cross-signed.pem.txt and DST_Root_CA_X3.crt
|
|
||||||
mongodb_ssl_letsencrypt_ca_filename: lets-encrypt-x3-cross-signed.pem
|
|
||||||
# Options: disabled, requireSSL, allowSSL, preferSSL
|
|
||||||
mongodb_ssl_mode: requireSSL
|
|
||||||
mongodb_ssl_cert_dir: /etc/pki/mongodb
|
|
||||||
mongodb_ssl_certkey_file: '{{ mongodb_ssl_cert_dir }}/mongodb.pem'
|
|
||||||
mongodb_ssl_CA_file: '{{ mongodb_ssl_letsencrypt_ca_dir }}/{{ mongodb_ssl_letsencrypt_ca_filename }}'
|
|
||||||
mongodb_ssl_allowConnectionsWithoutCertificates: 'true'
|
|
||||||
mongodb_ssl_disabled_protocols: 'TLS1_0,TLS1_1'
|
|
||||||
|
|
||||||
# Do not change the default. We do not manage a logrotate configuration yet
|
|
||||||
mongodb_logrotate_management: True
|
|
||||||
mongodb_systemlog_external_logrotate: False
|
|
||||||
mongodb_systemlog_destination: file
|
|
||||||
mongodb_log_retain_days: 7
|
|
||||||
# Not used anymore inside the template. Now we use different values based on mongodb_systemlog_external_logrotate
|
|
||||||
mongodb_systemlog_logappend: 'true'
|
|
||||||
mongodb_systemlog_logrotate: reopen
|
|
||||||
|
|
||||||
mongodb_cluster_enabled: False
|
|
||||||
mongodb_authorization_enabled: False
|
|
||||||
mongodb_replicaset: storagedev
|
|
||||||
mongodb_replica_keyfile: '{{ mongodb_dbpath }}/replica_keyfile'
|
|
||||||
|
|
||||||
mongodb_ganglia_auth_enabled: False
|
|
||||||
mongodb_ganglia_db: admin
|
|
||||||
mongodb_ganglia_auth_mechanism: MONGODB-CR
|
|
||||||
# User and password are stored in the variables mongo_monitoring_u and mongo_monitoring_pwd
|
|
||||||
|
|
|
@ -1,47 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
|
|
||||||
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
|
|
||||||
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
|
|
||||||
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
|
|
||||||
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
|
||||||
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
|
|
||||||
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
|
|
||||||
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
|
|
||||||
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
|
|
||||||
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
|
|
||||||
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
|
|
||||||
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
|
|
||||||
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
|
|
||||||
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
|
|
||||||
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
|
|
||||||
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
|
|
||||||
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
|
|
||||||
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
|
|
||||||
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
|
|
||||||
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
|
|
||||||
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
|
|
||||||
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
|
|
||||||
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
|
|
||||||
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
|
|
||||||
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
|
|
||||||
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
|
|
||||||
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
|
|
||||||
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
|
|
||||||
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
|
|
||||||
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
|
|
||||||
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
|
|
||||||
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
|
|
||||||
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
|
|
||||||
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
|
|
||||||
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
|
|
||||||
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
|
|
||||||
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
|
|
||||||
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
|
|
||||||
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
|
|
||||||
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
|
|
||||||
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
|
|
||||||
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -1,10 +0,0 @@
|
||||||
---
|
|
||||||
- name: Restart mongod
|
|
||||||
service: name=mongod state=restarted
|
|
||||||
when: "'{{ mongodb_start_server }}' == 'yes'"
|
|
||||||
|
|
||||||
- name: Restart mongodb
|
|
||||||
service: name=mongodb state=restarted
|
|
||||||
ignore_errors: true
|
|
||||||
when: "'{{ mongodb_start_server }}' == 'yes'"
|
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
---
|
|
||||||
- import_tasks: mongodb.yml
|
|
||||||
- import_tasks: mongodb-letsencrypt-acmetool.yml
|
|
||||||
when: mongodb_ssl_letsencrypt_managed
|
|
||||||
|
|
||||||
|
|
|
@ -1,26 +0,0 @@
|
||||||
---
|
|
||||||
- block:
|
|
||||||
- name: Create the acme hooks directory if it does not yet exist
|
|
||||||
file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root
|
|
||||||
|
|
||||||
- name: Install a script that fix the letsencrypt certificate for mongodb and then reload the service
|
|
||||||
template: src=mongodb-letsencrypt-acmetool.sh dest={{ letsencrypt_acme_services_scripts_dir }}/mongodb owner=root group=root mode=4555
|
|
||||||
|
|
||||||
- name: Create the mongodb certificate directory
|
|
||||||
file: dest={{ mongodb_ssl_cert_dir }} state=directory owner=root group=mongodb mode=0750
|
|
||||||
|
|
||||||
- name: Install the Letsencrypt CA file with both the root and the trusted CAs
|
|
||||||
copy: src={{ mongodb_ssl_letsencrypt_ca_filename }} dest={{ mongodb_ssl_cert_dir }}/{{ mongodb_ssl_letsencrypt_ca_filename }} mode=0444
|
|
||||||
|
|
||||||
- name: Verify if the mongodb pem file exists
|
|
||||||
stat: path={{ mongodb_ssl_certkey_file }}
|
|
||||||
register: mongodb_pem
|
|
||||||
|
|
||||||
- name: Copy the certificate and its key where the mongo server expects it
|
|
||||||
command: "{{ letsencrypt_acme_services_scripts_dir }}/mongodb"
|
|
||||||
when: not mongodb_pem.stat.exists
|
|
||||||
|
|
||||||
when:
|
|
||||||
- mongodb_ssl_letsencrypt_managed
|
|
||||||
- letsencrypt_acme_install
|
|
||||||
tags: [ 'mongodb', 'letsencrypt', 'mongodb_letsencrypt' ]
|
|
|
@ -1,143 +0,0 @@
|
||||||
---
|
|
||||||
- block:
|
|
||||||
- name: Check if Service mongod Exists
|
|
||||||
stat: path=/etc/init/mongod
|
|
||||||
register: service_mongod_status
|
|
||||||
tags: mongodb
|
|
||||||
|
|
||||||
- name: Ensure mongod is stopped and disabled
|
|
||||||
service: name=mongod state=stopped enabled=no
|
|
||||||
when:
|
|
||||||
- service_mongod_status.stat.exists
|
|
||||||
- mongodb_start_server is defined
|
|
||||||
- mongodb_start_server == 'no'
|
|
||||||
- mongodb_install_conf
|
|
||||||
|
|
||||||
when:
|
|
||||||
- mongodb_install_server
|
|
||||||
- mongodb_install_from_external_repo
|
|
||||||
tags: mongodb
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: Install the mongodb-org apt keys
|
|
||||||
apt_key: keyserver='hkp://keyserver.ubuntu.com:80' id={{ item }} state=present
|
|
||||||
with_items: '{{ mongodb_repo_keys }}'
|
|
||||||
when: mongodb_install_from_external_repo
|
|
||||||
register: apt_key_update_cache
|
|
||||||
|
|
||||||
- name: Remove the old mongodb-org apt repositories
|
|
||||||
apt_repository: repo='{{ item }}' state=absent update_cache=yes
|
|
||||||
with_items: '{{ mongodb_old_repositories }}'
|
|
||||||
when: mongodb_upgrade_from_older_version
|
|
||||||
|
|
||||||
- name: Install the mongodb-org repository
|
|
||||||
apt_repository: repo="{{ mongodb_apt_repository }}" update_cache=yes state=present
|
|
||||||
|
|
||||||
- name: Install/Update the mongodb-org configuration
|
|
||||||
template: src=mongod-{{ mongodb_version }}.conf.j2 dest=/etc/mongod.conf owner=root group=root mode=0444 backup=yes
|
|
||||||
when: mongodb_install_conf
|
|
||||||
notify: Restart mongodb
|
|
||||||
tags: [ 'mongodb', 'mongodb_update_conf', 'mongodb_keyfile' ]
|
|
||||||
|
|
||||||
when:
|
|
||||||
- mongodb_install_server
|
|
||||||
- mongodb_install_from_external_repo
|
|
||||||
tags: [ 'mongodb' ]
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: We are upgrading, install the latest version of the mongodb-org packages, external repository
|
|
||||||
apt: pkg={{ mongodb_server_pkgs_external_repo }} state=latest update_cache=yes cache_valid_time=1800
|
|
||||||
when: mongodb_upgrade_from_older_version
|
|
||||||
|
|
||||||
- name: Install the mongodb-org packages, external repository
|
|
||||||
apt: pkg={{ mongodb_server_pkgs_external_repo }} state={{ mongodb_pkg_state }} update_cache=yes cache_valid_time=1800
|
|
||||||
|
|
||||||
- name: Install the mongodb-org defaults file
|
|
||||||
template: src=mongod-default.j2 dest=/etc/default/mongod owner=root group=root mode=0444
|
|
||||||
when: mongodb_install_conf
|
|
||||||
notify: Restart mongod
|
|
||||||
tags: [ 'mongodb', 'mongodb_update_conf' ]
|
|
||||||
|
|
||||||
when:
|
|
||||||
- mongodb_install_server
|
|
||||||
- mongodb_install_packages
|
|
||||||
- mongodb_install_from_external_repo
|
|
||||||
tags: mongodb
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: We are upgrading, install the latest version of the mongodb packages
|
|
||||||
apt: pkg={{ mongodb_server_pkgs }} state=latest update_cache=yes cache_valid_time=1800
|
|
||||||
when: mongodb_upgrade_from_older_version
|
|
||||||
|
|
||||||
- name: Install the mongodb packages
|
|
||||||
apt: pkg={{ mongodb_server_pkgs }} state={{ mongodb_pkg_state }} update_cache=yes cache_valid_time=1800
|
|
||||||
|
|
||||||
- name: Install/Update the mongodb configuration
|
|
||||||
template: src=mongod-{{ mongodb_version }}.conf.j2 dest=/etc/mongodb.conf owner=root group=root mode=0444 backup=yes
|
|
||||||
when: mongodb_install_conf
|
|
||||||
notify: Restart mongod
|
|
||||||
tags: [ 'mongodb', 'mongodb_update_conf' ]
|
|
||||||
|
|
||||||
when:
|
|
||||||
- mongodb_install_server
|
|
||||||
- mongodb_install_packages
|
|
||||||
- not mongodb_install_from_external_repo
|
|
||||||
tags: mongodb
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: Create the mongodb log directory
|
|
||||||
file: dest={{ mongodb_logdir }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755
|
|
||||||
when: mongodb_install_conf
|
|
||||||
|
|
||||||
- name: Create the mongodb db directory
|
|
||||||
file: dest={{ mongodb_dbpath }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755
|
|
||||||
when: mongodb_install_conf
|
|
||||||
|
|
||||||
- name: Install the cron job that manages log files rotation
|
|
||||||
template: src=mongo_log_rotate.sh.j2 dest=/etc/cron.daily/mongo_log_rotate owner=root group=root mode=0555
|
|
||||||
when: not mongodb_systemlog_external_logrotate
|
|
||||||
|
|
||||||
when: mongodb_install_server
|
|
||||||
tags: mongodb
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: Create the mongodb conf directory
|
|
||||||
file: dest={{ mongodb_conf_path }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755
|
|
||||||
|
|
||||||
- name: Install the keyfile if it is a replica cluster
|
|
||||||
copy: src='vault-{{ mongodb_replicaset }}-keyfile' dest={{ mongodb_conf_path }}/{{ mongodb_keyfile_name }} owner=mongodb group=mongodb mode=0400
|
|
||||||
notify: Restart mongod
|
|
||||||
|
|
||||||
when: mongodb_cluster_enabled
|
|
||||||
tags: [ 'mongodb', 'mongodb_keyfile', 'mongodb_update_conf' ]
|
|
||||||
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: Ensure mongodb is started and enabled
|
|
||||||
service: name=mongodb state=started enabled=yes
|
|
||||||
|
|
||||||
when:
|
|
||||||
- mongodb_install_server
|
|
||||||
- mongodb_start_server == 'yes'
|
|
||||||
- not mongodb_install_from_external_repo
|
|
||||||
tags: mongodb
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: Ensure mongodb-org is started and enabled
|
|
||||||
service: name=mongod state=started enabled=yes
|
|
||||||
|
|
||||||
when:
|
|
||||||
- mongodb_install_server
|
|
||||||
- mongodb_start_server == 'yes'
|
|
||||||
- mongodb_install_from_external_repo
|
|
||||||
tags: mongodb
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: Install the mongodb client packages
|
|
||||||
apt: pkg={{ mongodb_client_pkgs }} state={{ mongodb_pkg_state }} update_cache=yes cache_valid_time=1800
|
|
||||||
|
|
||||||
- name: Install the mongodb client packages, external repository
|
|
||||||
apt: pkg={{ mongodb_client_pkgs_external_repo }} state={{ mongodb_pkg_state }} update_cache=yes cache_valid_time=1800
|
|
||||||
|
|
||||||
when: not mongodb_install_server
|
|
||||||
tags: [ 'mongodb', 'mongodb_client' ]
|
|
|
@ -1,14 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
MONGO_PID_FILE={{ mongodb_dbpath }}/mongod.lock
|
|
||||||
LOG_RETAIN_DAYS={{ mongodb_log_retain_days }}
|
|
||||||
RETVAL=
|
|
||||||
|
|
||||||
MONGO_PID=$( cat $MONGO_PID_FILE )
|
|
||||||
# Tell mongo to rotate its log file
|
|
||||||
kill -SIGUSR1 $MONGO_PID
|
|
||||||
|
|
||||||
RETVAL=$?
|
|
||||||
|
|
||||||
# Remove the old log files
|
|
||||||
find {{ mongodb_logdir }} -name "{{ mongodb_log_file }}.*" -ctime +$LOG_RETAIN_DAYS -exec rm -f {} \;
|
|
|
@ -1,54 +0,0 @@
|
||||||
# mongod.conf
|
|
||||||
|
|
||||||
# for documentation of all options, see:
|
|
||||||
# http://docs.mongodb.org/manual/reference/configuration-options/
|
|
||||||
|
|
||||||
# Where and how to store data.
|
|
||||||
storage:
|
|
||||||
dbPath: {{ mongodb_dbpath }}
|
|
||||||
journal:
|
|
||||||
enabled: true
|
|
||||||
directoryPerDB: {{ mongodb_directoryperdb }}
|
|
||||||
engine: {{ mongodb_storage_engine }}
|
|
||||||
# mmapv1:
|
|
||||||
# wiredTiger:
|
|
||||||
|
|
||||||
# where to write logging data.
|
|
||||||
systemLog:
|
|
||||||
destination: {{ mongodb_systemlog_destination }}
|
|
||||||
path: {{ mongodb_logpath }}
|
|
||||||
{% if not mongodb_systemlog_external_logrotate %}
|
|
||||||
logRotate: rename
|
|
||||||
logAppend: false
|
|
||||||
{% else %}
|
|
||||||
logRotate: reopen
|
|
||||||
logAppend: true
|
|
||||||
{% endif %}
|
|
||||||
# network interfaces
|
|
||||||
net:
|
|
||||||
port: {{ mongodb_tcp_port }}
|
|
||||||
bindIp: {{ mongo_bind_ip }}
|
|
||||||
http:
|
|
||||||
enabled: {{ mongodb_http_interface }}
|
|
||||||
JSONPEnabled: {{ mongodb_http_interface }}
|
|
||||||
RESTInterfaceEnabled: {{ mongodb_http_interface }}
|
|
||||||
{% if mongodb_ssl_enabled %}
|
|
||||||
ssl:
|
|
||||||
mode: {{ mongodb_ssl_mode }}
|
|
||||||
PEMKeyFile: '{{ mongodb_ssl_certkey_file }}'
|
|
||||||
CAFile: '{{ mongodb_ssl_CA_file }}'
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
#processManagement:
|
|
||||||
|
|
||||||
{%if mongodb_cluster_enabled %}
|
|
||||||
security:
|
|
||||||
keyFile: /data/mongo_home/dev-d4science-keyfile
|
|
||||||
|
|
||||||
replication:
|
|
||||||
oplogSizeMB: 2000
|
|
||||||
replSetName: {{ mongodb_replicaset }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
#sharding:
|
|
||||||
|
|
|
@ -1,54 +0,0 @@
|
||||||
# mongod.conf
|
|
||||||
|
|
||||||
# for documentation of all options, see:
|
|
||||||
# http://docs.mongodb.org/manual/reference/configuration-options/
|
|
||||||
|
|
||||||
# Where and how to store data.
|
|
||||||
storage:
|
|
||||||
dbPath: {{ mongodb_dbpath }}
|
|
||||||
journal:
|
|
||||||
enabled: true
|
|
||||||
directoryPerDB: {{ mongodb_directoryperdb }}
|
|
||||||
engine: {{ mongodb_storage_engine }}
|
|
||||||
# mmapv1:
|
|
||||||
# wiredTiger:
|
|
||||||
|
|
||||||
# where to write logging data.
|
|
||||||
systemLog:
|
|
||||||
destination: {{ mongodb_systemlog_destination }}
|
|
||||||
path: {{ mongodb_logpath }}
|
|
||||||
{% if not mongodb_systemlog_external_logrotate %}
|
|
||||||
logRotate: rename
|
|
||||||
logAppend: false
|
|
||||||
{% else %}
|
|
||||||
logRotate: reopen
|
|
||||||
logAppend: true
|
|
||||||
{% endif %}
|
|
||||||
# network interfaces
|
|
||||||
net:
|
|
||||||
port: {{ mongodb_tcp_port }}
|
|
||||||
bindIp: {{ mongo_bind_ip }}
|
|
||||||
http:
|
|
||||||
enabled: {{ mongodb_http_interface }}
|
|
||||||
JSONPEnabled: {{ mongodb_http_interface }}
|
|
||||||
RESTInterfaceEnabled: {{ mongodb_http_interface }}
|
|
||||||
{% if mongodb_ssl_enabled %}
|
|
||||||
ssl:
|
|
||||||
mode: {{ mongodb_ssl_mode }}
|
|
||||||
PEMKeyFile: '{{ mongodb_ssl_certkey_file }}'
|
|
||||||
CAFile: '{{ mongodb_ssl_CA_file }}'
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
#processManagement:
|
|
||||||
|
|
||||||
{%if mongodb_cluster_enabled %}
|
|
||||||
security:
|
|
||||||
keyFile: /data/mongo_home/dev-d4science-keyfile
|
|
||||||
|
|
||||||
replication:
|
|
||||||
oplogSizeMB: 2000
|
|
||||||
replSetName: {{ mongodb_replicaset }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
#sharding:
|
|
||||||
|
|
|
@ -1,61 +0,0 @@
|
||||||
# mongod.conf
|
|
||||||
|
|
||||||
# for documentation of all options, see:
|
|
||||||
# http://docs.mongodb.org/manual/reference/configuration-options/
|
|
||||||
|
|
||||||
# Where and how to store data.
|
|
||||||
storage:
|
|
||||||
dbPath: {{ mongodb_dbpath }}
|
|
||||||
journal:
|
|
||||||
enabled: true
|
|
||||||
directoryPerDB: {{ mongodb_directoryperdb }}
|
|
||||||
engine: {{ mongodb_storage_engine }}
|
|
||||||
# mmapv1:
|
|
||||||
# wiredTiger:
|
|
||||||
|
|
||||||
# where to write logging data.
|
|
||||||
systemLog:
|
|
||||||
destination: {{ mongodb_systemlog_destination }}
|
|
||||||
{% if mongodb_logrotate_management %}
|
|
||||||
{% if not mongodb_systemlog_external_logrotate %}
|
|
||||||
logRotate: rename
|
|
||||||
logAppend: false
|
|
||||||
{% else %}
|
|
||||||
logRotate: reopen
|
|
||||||
logAppend: true
|
|
||||||
{% endif %}
|
|
||||||
{% else %}
|
|
||||||
logAppend: true
|
|
||||||
{% endif %}
|
|
||||||
path: {{ mongodb_logpath }}
|
|
||||||
# network information
|
|
||||||
net:
|
|
||||||
port: {{ mongodb_tcp_port }}
|
|
||||||
bindIp: {{ mongo_bind_ip }}
|
|
||||||
{% if mongodb_ssl_enabled %}
|
|
||||||
ssl:
|
|
||||||
mode: {{ mongodb_ssl_mode }}
|
|
||||||
PEMKeyFile: '{{ mongodb_ssl_certkey_file }}'
|
|
||||||
CAFile: '{{ mongodb_ssl_CA_file }}'
|
|
||||||
disabledProtocols: {{ mongodb_ssl_disabled_protocols }}
|
|
||||||
allowConnectionsWithoutCertificates: {{ mongodb_ssl_allowConnectionsWithoutCertificates }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
#processManagement:
|
|
||||||
{% if mongodb_authorization_enabled or mongodb_cluster_enabled %}
|
|
||||||
security:
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if mongodb_authorization_enabled %}
|
|
||||||
authorization: enabled
|
|
||||||
{% endif %}
|
|
||||||
{%if mongodb_cluster_enabled %}
|
|
||||||
keyFile: {{ mongodb_replica_keyfile }}
|
|
||||||
|
|
||||||
replication:
|
|
||||||
oplogSizeMB: {{ mongodb_oplog_size }}
|
|
||||||
replSetName: {{ mongodb_replicaset }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
#sharding:
|
|
||||||
|
|
|
@ -1,52 +0,0 @@
|
||||||
# mongod.conf
|
|
||||||
|
|
||||||
# for documentation of all options, see:
|
|
||||||
# http://docs.mongodb.org/manual/reference/configuration-options/
|
|
||||||
|
|
||||||
# Where and how to store data.
|
|
||||||
storage:
|
|
||||||
dbPath: {{ mongodb_dbpath }}
|
|
||||||
journal:
|
|
||||||
enabled: true
|
|
||||||
directoryPerDB: {{ mongodb_directoryperdb }}
|
|
||||||
engine: {{ mongodb_storage_engine }}
|
|
||||||
# mmapv1:
|
|
||||||
# wiredTiger:
|
|
||||||
|
|
||||||
# where to write logging data.
|
|
||||||
systemLog:
|
|
||||||
destination: {{ mongodb_systemlog_destination }}
|
|
||||||
path: {{ mongodb_logpath }}
|
|
||||||
{% if not mongodb_systemlog_external_logrotate %}
|
|
||||||
logRotate: rename
|
|
||||||
logAppend: false
|
|
||||||
{% else %}
|
|
||||||
logRotate: reopen
|
|
||||||
logAppend: true
|
|
||||||
{% endif %}
|
|
||||||
# network interfaces
|
|
||||||
net:
|
|
||||||
port: {{ mongodb_tcp_port }}
|
|
||||||
bindIp: {{ mongo_bind_ip }}
|
|
||||||
{% if mongodb_ssl_enabled %}
|
|
||||||
ssl:
|
|
||||||
mode: {{ mongodb_ssl_mode }}
|
|
||||||
PEMKeyFile: '{{ mongodb_ssl_certkey_file }}'
|
|
||||||
CAFile: '{{ mongodb_ssl_CA_file }}'
|
|
||||||
disabledProtocols: {{ mongodb_ssl_disabled_protocols }}
|
|
||||||
allowConnectionsWithoutCertificates: {{ mongodb_ssl_allowConnectionsWithoutCertificates }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
#processManagement:
|
|
||||||
|
|
||||||
{%if mongodb_cluster_enabled %}
|
|
||||||
security:
|
|
||||||
keyFile: /data/mongo_home/dev-d4science-keyfile
|
|
||||||
|
|
||||||
replication:
|
|
||||||
oplogSizeMB: 2000
|
|
||||||
replSetName: {{ mongodb_replicaset }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
#sharding:
|
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
ENABLE_MONGOD="{{ mongodb_start_server }}"
|
|
||||||
CONF={{ mongodb_conf_file }}
|
|
||||||
DAEMON={{ mongodb_daemon }}
|
|
||||||
DAEMONUSER={{ mongodb_user }}
|
|
||||||
DAEMON_OPTS="{{ mongod_additional_options }} --config $CONF"
|
|
||||||
|
|
|
@ -1,33 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
LE_CERTS_DIR=/etc/letsencrypt/live/$HOSTNAME
|
|
||||||
LE_LOG_DIR=/var/log/acme
|
|
||||||
MONGODB_CERTDIR=/etc/pki/mongodb
|
|
||||||
MONGODB_CERTFILE=$MONGODB_CERTDIR/mongodb.pem
|
|
||||||
DATE=$( date )
|
|
||||||
echo "$DATE" >> $LE_LOG_DIR/mongodb.log
|
|
||||||
|
|
||||||
if [ -f /etc/default/letsencrypt ] ; then
|
|
||||||
. /etc/default/letsencrypt
|
|
||||||
else
|
|
||||||
echo "No letsencrypt default file" >> $LE_LOG_DIR/mongodb.log
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
[ ! -d $MONGODB_CERTDIR ] && mkdir $MONGODB_CERTDIR
|
|
||||||
|
|
||||||
echo "Building the new certificate file" >> $LE_LOG_DIR/mongodb.log
|
|
||||||
cat ${LE_CERTS_DIR}/{cert,privkey} > ${MONGODB_CERTFILE}
|
|
||||||
chmod 440 ${MONGODB_CERTFILE}
|
|
||||||
chgrp mongodb ${MONGODB_CERTFILE}
|
|
||||||
|
|
||||||
{% if mongodb_ssl_enabled %}
|
|
||||||
echo "Reload the mongod service" >> "$LE_LOG_DIR/mongodb.log"
|
|
||||||
service mongod stop >> "$LE_LOG_DIR/mongodb.log" 2>&1
|
|
||||||
sleep 10
|
|
||||||
service mongod start > "$LE_LOG_DIR/mongodb.log" 2>&1
|
|
||||||
{% endif %}
|
|
||||||
echo "Done." >> $LE_LOG_DIR/mongodb.log
|
|
||||||
|
|
||||||
exit 0
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
---
|
|
||||||
# IMPORTANT: mongodb does not support ecdsa keys, but it starts anyway without any error.
|
|
||||||
letsencrypt_acme_key_type: rsa
|
|
||||||
|
|
|
@ -1,25 +0,0 @@
|
||||||
---
|
|
||||||
mongodb_install_from_external_repo: True
|
|
||||||
mongodb_install_packages: True
|
|
||||||
mongodb_install_conf: True
|
|
||||||
mongodb_latest_version: True
|
|
||||||
mongodb_specific_version: 2.4.3
|
|
||||||
#mongodb-org_version: False
|
|
||||||
mongodb_start_server: 'yes'
|
|
||||||
mongodb_tcp_port: 27017
|
|
||||||
mongodb_http_interface: False
|
|
||||||
mongodb_http_port: 28017
|
|
||||||
mongodb_user: mongodb
|
|
||||||
mongodb_group: mongodb
|
|
||||||
mongodb_logdir: /var/log/mongodb
|
|
||||||
mongodb_log_file: mongodb.log
|
|
||||||
mongodb_logpath: '{{ mongodb_logdir }}/{{ mongodb_log_file }}'
|
|
||||||
mongodb_dbpath: /var/lib/mongodb
|
|
||||||
mongodb_log_retain_days: 7
|
|
||||||
mongodb_directoryperdb: False
|
|
||||||
mongodb_allowed_hosts:
|
|
||||||
- 127.0.0.1/8
|
|
||||||
- '{{ ansible_default_ipv4.address }}/32'
|
|
||||||
|
|
||||||
mongodb_cluster_enabled: False
|
|
||||||
mongodb_replicaset: storagedev
|
|
|
@ -1,7 +0,0 @@
|
||||||
---
|
|
||||||
- name: Update apt cache
|
|
||||||
apt: update_cache=yes
|
|
||||||
ignore_errors: true
|
|
||||||
|
|
||||||
- name: Restart mongodb
|
|
||||||
service: name=mongodb state=restarted
|
|
|
@ -1,83 +0,0 @@
|
||||||
---
|
|
||||||
- name: Install the mongodb apt key
|
|
||||||
#apt_key: id=7F0CEB10 state=present
|
|
||||||
raw: apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
|
|
||||||
when: mongodb_install_from_external_repo
|
|
||||||
tags: mongodb
|
|
||||||
|
|
||||||
- name: Install the mongodb repository
|
|
||||||
apt_repository: repo="deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen" update_cache=yes state=present
|
|
||||||
when: mongodb_install_from_external_repo
|
|
||||||
register: external_repo
|
|
||||||
tags: mongodb
|
|
||||||
|
|
||||||
- name: Update the apt cache
|
|
||||||
apt: update_cache=yes
|
|
||||||
when: external_repo is changed
|
|
||||||
ignore_errors: True
|
|
||||||
tags: mongodb
|
|
||||||
|
|
||||||
- name: Install the latest version of mongodb server
|
|
||||||
apt: pkg={{ item }} state=latest
|
|
||||||
with_items:
|
|
||||||
- mongodb-10gen
|
|
||||||
when:
|
|
||||||
- mongodb_install_from_external_repo
|
|
||||||
- mongodb_install_packages
|
|
||||||
- mongodb_latest_version
|
|
||||||
tags: mongodb
|
|
||||||
|
|
||||||
- name: Install the mongodb-10gen server
|
|
||||||
apt: pkg={{ item }}={{ mongodb_specific_version }} state=present
|
|
||||||
with_items:
|
|
||||||
- mongodb-10gen
|
|
||||||
when:
|
|
||||||
- mongodb_install_from_external_repo
|
|
||||||
- mongodb_install_packages
|
|
||||||
- not mongodb_latest_version
|
|
||||||
tags: mongodb
|
|
||||||
|
|
||||||
- name: Install the mongodb server
|
|
||||||
apt: pkg={{ item }} state=present
|
|
||||||
with_items:
|
|
||||||
- mongodb-server
|
|
||||||
when:
|
|
||||||
- not mongodb_install_from_external_repo
|
|
||||||
- mongodb_install_packages
|
|
||||||
tags: mongodb
|
|
||||||
|
|
||||||
- name: Install the mongodb defaults file
|
|
||||||
copy: content="ENABLE_MONGODB={{ mongodb_start_server }}" dest=/etc/default/mongodb owner=root group=root mode=0444
|
|
||||||
when: mongodb_install_conf
|
|
||||||
tags: mongodb
|
|
||||||
|
|
||||||
- name: Create the mongodb db directory
|
|
||||||
file: dest={{ mongodb_dbpath }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755
|
|
||||||
when: mongodb_install_conf
|
|
||||||
tags: mongodb
|
|
||||||
|
|
||||||
- name: Create the mongodb log directory
|
|
||||||
file: dest={{ mongodb_logdir }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755
|
|
||||||
when: mongodb_install_conf
|
|
||||||
tags: mongodb
|
|
||||||
|
|
||||||
- name: Install the mongodb 2.4 configuration
|
|
||||||
template: src=mongodb-2.4.conf.j2 dest=/etc/mongodb.conf owner=root group=root mode=0444
|
|
||||||
when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'yes' ) and ( mongodb_install_conf )
|
|
||||||
notify: Restart mongodb
|
|
||||||
tags: mongodb
|
|
||||||
|
|
||||||
- name: Install the cron job that manages log files rotation
|
|
||||||
template: src=mongo_log_rotate.sh.j2 dest=/etc/cron.daily/mongo_log_rotate owner=root group=root mode=0555
|
|
||||||
tags: mongodb
|
|
||||||
|
|
||||||
- name: Ensure mongodb is started
|
|
||||||
service: name=mongodb state=started enabled=yes
|
|
||||||
when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'yes' ) and ( mongodb_install_conf )
|
|
||||||
tags: mongodb
|
|
||||||
|
|
||||||
- name: Ensure mongodb is stopped and disabled
|
|
||||||
service: name=mongodb state=stopped enabled=no
|
|
||||||
when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'no' ) and ( mongodb_install_conf )
|
|
||||||
tags: mongodb
|
|
||||||
|
|
|
@ -1,14 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
MONGO_PID_FILE={{ mongodb_dbpath }}/mongod.lock
|
|
||||||
LOG_RETAIN_DAYS={{ mongodb_log_retain_days }}
|
|
||||||
RETVAL=
|
|
||||||
|
|
||||||
MONGO_PID=$( cat $MONGO_PID_FILE )
|
|
||||||
# Tell mongo to rotate its log file
|
|
||||||
kill -SIGUSR1 $MONGO_PID
|
|
||||||
|
|
||||||
RETVAL=$?
|
|
||||||
|
|
||||||
# Remove the old log files
|
|
||||||
find {{ mongodb_logdir }} -name "{{ mongodb_log_file }}.*" -ctime +$LOG_RETAIN_DAYS -exec rm -f {} \;
|
|
|
@ -1,87 +0,0 @@
|
||||||
# Note: if you run mongodb as a non-root user (recommended) you may
|
|
||||||
# need to create and set permissions for this directory manually,
|
|
||||||
# e.g., if the parent directory isn't mutable by the mongodb user.
|
|
||||||
dbpath={{ mongodb_dbpath }}
|
|
||||||
directoryperdb={{ mongodb_directoryperdb }}
|
|
||||||
|
|
||||||
#where to log
|
|
||||||
logpath={{ mongodb_logpath }}
|
|
||||||
|
|
||||||
logappend=true
|
|
||||||
|
|
||||||
port = {{ mongodb_tcp_port }}
|
|
||||||
|
|
||||||
# Disables write-ahead journaling
|
|
||||||
# nojournal = true
|
|
||||||
|
|
||||||
# Enables periodic logging of CPU utilization and I/O wait
|
|
||||||
#cpu = true
|
|
||||||
|
|
||||||
# Turn on/off security. Off is currently the default
|
|
||||||
#noauth = true
|
|
||||||
#auth = true
|
|
||||||
|
|
||||||
# Verbose logging output.
|
|
||||||
#verbose = true
|
|
||||||
|
|
||||||
# Inspect all client data for validity on receipt (useful for
|
|
||||||
# developing drivers)
|
|
||||||
#objcheck = true
|
|
||||||
|
|
||||||
# Enable db quota management
|
|
||||||
#quota = true
|
|
||||||
|
|
||||||
# Set oplogging level where n is
|
|
||||||
# 0=off (default)
|
|
||||||
# 1=W
|
|
||||||
# 2=R
|
|
||||||
# 3=both
|
|
||||||
# 7=W+some reads
|
|
||||||
#diaglog = 0
|
|
||||||
# Ignore query hints
|
|
||||||
#nohints = true
|
|
||||||
|
|
||||||
{% if not mongodb_http_interface %}
|
|
||||||
# Disable the HTTP interface (Defaults to localhost:28017).
|
|
||||||
nohttpinterface = true
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
# Turns off server-side scripting. This will result in greatly limited
|
|
||||||
# functionality
|
|
||||||
#noscripting = true
|
|
||||||
|
|
||||||
# Turns off table scans. Any query that would do a table scan fails.
|
|
||||||
#notablescan = true
|
|
||||||
|
|
||||||
# Disable data file preallocation.
|
|
||||||
#noprealloc = true
|
|
||||||
|
|
||||||
# Specify .ns file size for new databases.
|
|
||||||
# nssize = <size>
|
|
||||||
|
|
||||||
# Accout token for Mongo monitoring server.
|
|
||||||
#mms-token = <token>
|
|
||||||
|
|
||||||
# Server name for Mongo monitoring server.
|
|
||||||
#mms-name = <server-name>
|
|
||||||
|
|
||||||
# Ping interval for Mongo monitoring server.
|
|
||||||
#mms-interval = <seconds>
|
|
||||||
|
|
||||||
# Replication Options
|
|
||||||
|
|
||||||
# in master/slave replicated mongo databases, specify here whether
|
|
||||||
# this is a slave or master
|
|
||||||
#slave = true
|
|
||||||
#source = master.example.com
|
|
||||||
# Slave only: specify a single database to replicate
|
|
||||||
#only = master.example.com
|
|
||||||
# or
|
|
||||||
#master = true
|
|
||||||
#source = slave.example.com
|
|
||||||
|
|
||||||
{% if mongodb_cluster_enabled %}
|
|
||||||
# in replica set configuration, specify the name of the replica set
|
|
||||||
replSet = {{ mongodb_replicaset }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
Loading…
Reference in New Issue