forked from ISTI-ansible-roles/ansible-roles
d4science-ghn-cluster: We now manage the iptables firewall on the mongodb cluster.
library/roles: separate task that sets the hostname library/vars/isti-global.yml: add the d4science partners networks as a common variable.
This commit is contained in:
parent
b2242d535d
commit
b9d50790cd
|
|
@ -63,9 +63,17 @@
|
||||||
{% if mongodb_allowed_hosts is defined %}
|
{% if mongodb_allowed_hosts is defined %}
|
||||||
# mongodb clients
|
# mongodb clients
|
||||||
{% for ip in mongodb_allowed_hosts %}
|
{% for ip in mongodb_allowed_hosts %}
|
||||||
|
{% if mongodb_tcp_port is defined %}
|
||||||
-A INPUT -m state --state NEW -s {{ ip }} -p tcp -m tcp --dport {{ mongodb_tcp_port }} -j ACCEPT
|
-A INPUT -m state --state NEW -s {{ ip }} -p tcp -m tcp --dport {{ mongodb_tcp_port }} -j ACCEPT
|
||||||
|
{% else %}
|
||||||
|
-A INPUT -m state --state NEW -s {{ ip }} -p tcp -m tcp --dport 27017 -j ACCEPT
|
||||||
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% if mongodb_tcp_port is defined %}
|
||||||
-A INPUT -p tcp -m tcp --dport {{ mongodb_tcp_port }} -j DROP
|
-A INPUT -p tcp -m tcp --dport {{ mongodb_tcp_port }} -j DROP
|
||||||
|
{% else %}
|
||||||
|
-A INPUT -p tcp -m tcp --dport 27017 -j DROP
|
||||||
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if dnet_ports is defined %}
|
{% if dnet_ports is defined %}
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,7 @@
|
||||||
---
|
---
|
||||||
mongodb:
|
|
||||||
start_server: 'yes'
|
|
||||||
tcp_port: 27017
|
|
||||||
allowed_hosts:
|
|
||||||
- '{{ ansible_fqdn }}/32'
|
|
||||||
- 127.0.0.1/8
|
|
||||||
|
|
||||||
mongodb_install_from_external_repo: True
|
mongodb_install_from_external_repo: True
|
||||||
|
mongodb_install_packages: True
|
||||||
|
mongodb_install_conf: True
|
||||||
mongodb_start_server: 'yes'
|
mongodb_start_server: 'yes'
|
||||||
mongodb_tcp_port: 27017
|
mongodb_tcp_port: 27017
|
||||||
mongodb_http_interface: False
|
mongodb_http_interface: False
|
||||||
|
|
@ -18,5 +13,5 @@ mongodb_logpath: '{{ mongodb_logdir }}/mongodb.log'
|
||||||
mongodb_dbpath: /var/lib/mongodb
|
mongodb_dbpath: /var/lib/mongodb
|
||||||
mongodb_directoryperdb: False
|
mongodb_directoryperdb: False
|
||||||
mongodb_allowed_hosts:
|
mongodb_allowed_hosts:
|
||||||
- '{{ ansible_fqdn }}/32'
|
|
||||||
- 127.0.0.1/8
|
- 127.0.0.1/8
|
||||||
|
- '{{ ansible_default_ipv4.address }}/32'
|
||||||
|
|
|
||||||
|
|
@ -21,41 +21,48 @@
|
||||||
apt: pkg={{ item }} state=installed
|
apt: pkg={{ item }} state=installed
|
||||||
with_items:
|
with_items:
|
||||||
- mongodb-10gen
|
- mongodb-10gen
|
||||||
when: mongodb_install_from_external_repo
|
when:
|
||||||
|
- mongodb_install_from_external_repo
|
||||||
|
- mongodb_install_packages
|
||||||
tags: mongodb
|
tags: mongodb
|
||||||
|
|
||||||
- name: Install the mongodb server
|
- name: Install the mongodb server
|
||||||
apt: pkg={{ item }} state=installed
|
apt: pkg={{ item }} state=installed
|
||||||
with_items:
|
with_items:
|
||||||
- mongodb-server
|
- mongodb-server
|
||||||
when: not mongodb_install_from_external_repo
|
when:
|
||||||
|
- not mongodb_install_from_external_repo
|
||||||
|
- mongodb_install_packages
|
||||||
tags: mongodb
|
tags: mongodb
|
||||||
|
|
||||||
- name: Install the mongodb defaults file
|
- name: Install the mongodb defaults file
|
||||||
copy: content="ENABLE_MONGODB={{ mongodb_start_server }}" dest=/etc/default/mongodb owner=root group=root mode=0444
|
copy: content="ENABLE_MONGODB={{ mongodb_start_server }}" dest=/etc/default/mongodb owner=root group=root mode=0444
|
||||||
|
when: mongodb_install_conf
|
||||||
tags: mongodb
|
tags: mongodb
|
||||||
|
|
||||||
- name: Create the mongodb db directory
|
- name: Create the mongodb db directory
|
||||||
file: dest={{ mongodb_dbpath }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755
|
file: dest={{ mongodb_dbpath }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755
|
||||||
|
when: mongodb_install_conf
|
||||||
tags: mongodb
|
tags: mongodb
|
||||||
|
|
||||||
- name: Create the mongodb log directory
|
- name: Create the mongodb log directory
|
||||||
file: dest={{ mongodb_logdir }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755
|
file: dest={{ mongodb_logdir }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755
|
||||||
|
when: mongodb_install_conf
|
||||||
tags: mongodb
|
tags: mongodb
|
||||||
|
|
||||||
- name: Install the mongodb 2.4 configuration
|
- name: Install the mongodb 2.4 configuration
|
||||||
template: src=mongodb-2.4.conf.j2 dest=/etc/mongodb.conf owner=root group=root mode=0444
|
template: src=mongodb-2.4.conf.j2 dest=/etc/mongodb.conf owner=root group=root mode=0444
|
||||||
when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'yes' )
|
when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'yes' ) and ( mongodb_install_conf )
|
||||||
notify: Restart mongodb
|
notify: Restart mongodb
|
||||||
tags: mongodb
|
tags: mongodb
|
||||||
|
|
||||||
- name: Ensure mongodb is started
|
- name: Ensure mongodb is started
|
||||||
service: name=mongodb state=started enabled=yes
|
service: name=mongodb state=started enabled=yes
|
||||||
when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'yes' )
|
when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'yes' ) and ( mongodb_install_conf )
|
||||||
tags: mongodb
|
tags: mongodb
|
||||||
|
|
||||||
- name: Ensure mongodb is stopped and disabled
|
- name: Ensure mongodb is stopped and disabled
|
||||||
service: name=mongodb state=stopped enabled=no
|
service: name=mongodb state=stopped enabled=no
|
||||||
when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'no' )
|
when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'no' ) and ( mongodb_install_conf )
|
||||||
tags: mongodb
|
tags: mongodb
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,5 +2,6 @@
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: '../../library/roles/deb-apt-setup'
|
- role: '../../library/roles/deb-apt-setup'
|
||||||
- role: '../../library/roles/timezone'
|
- role: '../../library/roles/timezone'
|
||||||
|
- role: '../../library/roles/deb-set-hostname'
|
||||||
- role: '../../library/roles/deb-set-locale'
|
- role: '../../library/roles/deb-set-locale'
|
||||||
- role: '../../library/roles/fail2ban'
|
- role: '../../library/roles/fail2ban'
|
||||||
|
|
|
||||||
|
|
@ -1,20 +0,0 @@
|
||||||
---
|
|
||||||
# First things first: install python-apt with a raw command
|
|
||||||
- name: install python-apt
|
|
||||||
raw: "apt-get update; apt-get install -y python-apt lsb-release"
|
|
||||||
when: has_apt
|
|
||||||
tags:
|
|
||||||
- pythonapt
|
|
||||||
|
|
||||||
- name: Install python-software-properties
|
|
||||||
apt: pkg=python-software-properties state=installed
|
|
||||||
when: has_apt
|
|
||||||
tags:
|
|
||||||
- pythonapt
|
|
||||||
|
|
||||||
- name: Install software-properties-common on quantal distributions
|
|
||||||
apt: pkg=software-properties-common state=installed
|
|
||||||
when: is_quantal
|
|
||||||
tags:
|
|
||||||
- pythonapt
|
|
||||||
|
|
||||||
|
|
@ -18,6 +18,4 @@
|
||||||
when: is_precise and ansible_kernel != "3.2.0-4-amd64"
|
when: is_precise and ansible_kernel != "3.2.0-4-amd64"
|
||||||
- include: unattended-upgrades.yml
|
- include: unattended-upgrades.yml
|
||||||
- include: install_external_ca_cert.yml
|
- include: install_external_ca_cert.yml
|
||||||
- include: set-hostname.yml
|
|
||||||
when: hostname is defined
|
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue