diff --git a/ubuntu-deb-general/tasks/set-hostname.yml b/deb-set-hostname/tasks/main.yml similarity index 100% rename from ubuntu-deb-general/tasks/set-hostname.yml rename to deb-set-hostname/tasks/main.yml diff --git a/iptables/templates/iptables-rules.v4.j2 b/iptables/templates/iptables-rules.v4.j2 index e3a396f7..03dc4444 100644 --- a/iptables/templates/iptables-rules.v4.j2 +++ b/iptables/templates/iptables-rules.v4.j2 @@ -63,9 +63,17 @@ {% if mongodb_allowed_hosts is defined %} # mongodb clients {% for ip in mongodb_allowed_hosts %} +{% if mongodb_tcp_port is defined %} -A INPUT -m state --state NEW -s {{ ip }} -p tcp -m tcp --dport {{ mongodb_tcp_port }} -j ACCEPT +{% else %} +-A INPUT -m state --state NEW -s {{ ip }} -p tcp -m tcp --dport 27017 -j ACCEPT +{% endif %} {% endfor %} +{% if mongodb_tcp_port is defined %} -A INPUT -p tcp -m tcp --dport {{ mongodb_tcp_port }} -j DROP +{% else %} +-A INPUT -p tcp -m tcp --dport 27017 -j DROP +{% endif %} {% endif %} {% if dnet_ports is defined %} diff --git a/mongodb/defaults/main.yml b/mongodb/defaults/main.yml index f80e739c..d7274b98 100644 --- a/mongodb/defaults/main.yml +++ b/mongodb/defaults/main.yml @@ -1,12 +1,7 @@ --- -mongodb: - start_server: 'yes' - tcp_port: 27017 - allowed_hosts: - - '{{ ansible_fqdn }}/32' - - 127.0.0.1/8 - mongodb_install_from_external_repo: True +mongodb_install_packages: True +mongodb_install_conf: True mongodb_start_server: 'yes' mongodb_tcp_port: 27017 mongodb_http_interface: False @@ -18,5 +13,5 @@ mongodb_logpath: '{{ mongodb_logdir }}/mongodb.log' mongodb_dbpath: /var/lib/mongodb mongodb_directoryperdb: False mongodb_allowed_hosts: - - '{{ ansible_fqdn }}/32' - 127.0.0.1/8 + - '{{ ansible_default_ipv4.address }}/32' diff --git a/mongodb/tasks/main.yml b/mongodb/tasks/main.yml index fd7c34eb..2404adfc 100644 --- a/mongodb/tasks/main.yml +++ b/mongodb/tasks/main.yml @@ -21,41 +21,48 @@ apt: pkg={{ item }} state=installed with_items: - mongodb-10gen - when: mongodb_install_from_external_repo + when: + - mongodb_install_from_external_repo + - mongodb_install_packages tags: mongodb - name: Install the mongodb server apt: pkg={{ item }} state=installed with_items: - mongodb-server - when: not mongodb_install_from_external_repo + when: + - not mongodb_install_from_external_repo + - mongodb_install_packages tags: mongodb - name: Install the mongodb defaults file copy: content="ENABLE_MONGODB={{ mongodb_start_server }}" dest=/etc/default/mongodb owner=root group=root mode=0444 + when: mongodb_install_conf tags: mongodb - name: Create the mongodb db directory file: dest={{ mongodb_dbpath }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755 + when: mongodb_install_conf tags: mongodb - name: Create the mongodb log directory file: dest={{ mongodb_logdir }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755 + when: mongodb_install_conf tags: mongodb - name: Install the mongodb 2.4 configuration template: src=mongodb-2.4.conf.j2 dest=/etc/mongodb.conf owner=root group=root mode=0444 - when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'yes' ) + when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'yes' ) and ( mongodb_install_conf ) notify: Restart mongodb tags: mongodb - name: Ensure mongodb is started service: name=mongodb state=started enabled=yes - when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'yes' ) + when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'yes' ) and ( mongodb_install_conf ) tags: mongodb - name: Ensure mongodb is stopped and disabled service: name=mongodb state=stopped enabled=no - when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'no' ) + when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'no' ) and ( mongodb_install_conf ) tags: mongodb diff --git a/ubuntu-deb-general/meta/main.yml b/ubuntu-deb-general/meta/main.yml index 6af20c9e..041d0423 100644 --- a/ubuntu-deb-general/meta/main.yml +++ b/ubuntu-deb-general/meta/main.yml @@ -2,5 +2,6 @@ dependencies: - role: '../../library/roles/deb-apt-setup' - role: '../../library/roles/timezone' + - role: '../../library/roles/deb-set-hostname' - role: '../../library/roles/deb-set-locale' - role: '../../library/roles/fail2ban' diff --git a/ubuntu-deb-general/tasks/apt-setup.yml b/ubuntu-deb-general/tasks/apt-setup.yml deleted file mode 100644 index 898ac983..00000000 --- a/ubuntu-deb-general/tasks/apt-setup.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# First things first: install python-apt with a raw command -- name: install python-apt - raw: "apt-get update; apt-get install -y python-apt lsb-release" - when: has_apt - tags: - - pythonapt - -- name: Install python-software-properties - apt: pkg=python-software-properties state=installed - when: has_apt - tags: - - pythonapt - -- name: Install software-properties-common on quantal distributions - apt: pkg=software-properties-common state=installed - when: is_quantal - tags: - - pythonapt - diff --git a/ubuntu-deb-general/tasks/main.yml b/ubuntu-deb-general/tasks/main.yml index aa9e9a9e..86fc67e6 100644 --- a/ubuntu-deb-general/tasks/main.yml +++ b/ubuntu-deb-general/tasks/main.yml @@ -18,6 +18,4 @@ when: is_precise and ansible_kernel != "3.2.0-4-amd64" - include: unattended-upgrades.yml - include: install_external_ca_cert.yml -- include: set-hostname.yml - when: hostname is defined