forked from ISTI-ansible-roles/ansible-roles
d4science-ghn-cluster: We now manage the iptables firewall on the mongodb cluster.
library/roles: separate task that sets the hostname library/vars/isti-global.yml: add the d4science partners networks as a common variable.
This commit is contained in:
parent
b2242d535d
commit
b9d50790cd
|
|
@ -63,9 +63,17 @@
|
|||
{% if mongodb_allowed_hosts is defined %}
|
||||
# mongodb clients
|
||||
{% for ip in mongodb_allowed_hosts %}
|
||||
{% if mongodb_tcp_port is defined %}
|
||||
-A INPUT -m state --state NEW -s {{ ip }} -p tcp -m tcp --dport {{ mongodb_tcp_port }} -j ACCEPT
|
||||
{% else %}
|
||||
-A INPUT -m state --state NEW -s {{ ip }} -p tcp -m tcp --dport 27017 -j ACCEPT
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% if mongodb_tcp_port is defined %}
|
||||
-A INPUT -p tcp -m tcp --dport {{ mongodb_tcp_port }} -j DROP
|
||||
{% else %}
|
||||
-A INPUT -p tcp -m tcp --dport 27017 -j DROP
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% if dnet_ports is defined %}
|
||||
|
|
|
|||
|
|
@ -1,12 +1,7 @@
|
|||
---
|
||||
mongodb:
|
||||
start_server: 'yes'
|
||||
tcp_port: 27017
|
||||
allowed_hosts:
|
||||
- '{{ ansible_fqdn }}/32'
|
||||
- 127.0.0.1/8
|
||||
|
||||
mongodb_install_from_external_repo: True
|
||||
mongodb_install_packages: True
|
||||
mongodb_install_conf: True
|
||||
mongodb_start_server: 'yes'
|
||||
mongodb_tcp_port: 27017
|
||||
mongodb_http_interface: False
|
||||
|
|
@ -18,5 +13,5 @@ mongodb_logpath: '{{ mongodb_logdir }}/mongodb.log'
|
|||
mongodb_dbpath: /var/lib/mongodb
|
||||
mongodb_directoryperdb: False
|
||||
mongodb_allowed_hosts:
|
||||
- '{{ ansible_fqdn }}/32'
|
||||
- 127.0.0.1/8
|
||||
- '{{ ansible_default_ipv4.address }}/32'
|
||||
|
|
|
|||
|
|
@ -21,41 +21,48 @@
|
|||
apt: pkg={{ item }} state=installed
|
||||
with_items:
|
||||
- mongodb-10gen
|
||||
when: mongodb_install_from_external_repo
|
||||
when:
|
||||
- mongodb_install_from_external_repo
|
||||
- mongodb_install_packages
|
||||
tags: mongodb
|
||||
|
||||
- name: Install the mongodb server
|
||||
apt: pkg={{ item }} state=installed
|
||||
with_items:
|
||||
- mongodb-server
|
||||
when: not mongodb_install_from_external_repo
|
||||
when:
|
||||
- not mongodb_install_from_external_repo
|
||||
- mongodb_install_packages
|
||||
tags: mongodb
|
||||
|
||||
- name: Install the mongodb defaults file
|
||||
copy: content="ENABLE_MONGODB={{ mongodb_start_server }}" dest=/etc/default/mongodb owner=root group=root mode=0444
|
||||
when: mongodb_install_conf
|
||||
tags: mongodb
|
||||
|
||||
- name: Create the mongodb db directory
|
||||
file: dest={{ mongodb_dbpath }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755
|
||||
when: mongodb_install_conf
|
||||
tags: mongodb
|
||||
|
||||
- name: Create the mongodb log directory
|
||||
file: dest={{ mongodb_logdir }} state=directory owner={{ mongodb_user }} group={{ mongodb_group }} mode=0755
|
||||
when: mongodb_install_conf
|
||||
tags: mongodb
|
||||
|
||||
- name: Install the mongodb 2.4 configuration
|
||||
template: src=mongodb-2.4.conf.j2 dest=/etc/mongodb.conf owner=root group=root mode=0444
|
||||
when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'yes' )
|
||||
when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'yes' ) and ( mongodb_install_conf )
|
||||
notify: Restart mongodb
|
||||
tags: mongodb
|
||||
|
||||
- name: Ensure mongodb is started
|
||||
service: name=mongodb state=started enabled=yes
|
||||
when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'yes' )
|
||||
when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'yes' ) and ( mongodb_install_conf )
|
||||
tags: mongodb
|
||||
|
||||
- name: Ensure mongodb is stopped and disabled
|
||||
service: name=mongodb state=stopped enabled=no
|
||||
when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'no' )
|
||||
when: ( mongodb_start_server is defined ) and ( mongodb_start_server == 'no' ) and ( mongodb_install_conf )
|
||||
tags: mongodb
|
||||
|
||||
|
|
|
|||
|
|
@ -2,5 +2,6 @@
|
|||
dependencies:
|
||||
- role: '../../library/roles/deb-apt-setup'
|
||||
- role: '../../library/roles/timezone'
|
||||
- role: '../../library/roles/deb-set-hostname'
|
||||
- role: '../../library/roles/deb-set-locale'
|
||||
- role: '../../library/roles/fail2ban'
|
||||
|
|
|
|||
|
|
@ -1,20 +0,0 @@
|
|||
---
|
||||
# First things first: install python-apt with a raw command
|
||||
- name: install python-apt
|
||||
raw: "apt-get update; apt-get install -y python-apt lsb-release"
|
||||
when: has_apt
|
||||
tags:
|
||||
- pythonapt
|
||||
|
||||
- name: Install python-software-properties
|
||||
apt: pkg=python-software-properties state=installed
|
||||
when: has_apt
|
||||
tags:
|
||||
- pythonapt
|
||||
|
||||
- name: Install software-properties-common on quantal distributions
|
||||
apt: pkg=software-properties-common state=installed
|
||||
when: is_quantal
|
||||
tags:
|
||||
- pythonapt
|
||||
|
||||
|
|
@ -18,6 +18,4 @@
|
|||
when: is_precise and ansible_kernel != "3.2.0-4-amd64"
|
||||
- include: unattended-upgrades.yml
|
||||
- include: install_external_ca_cert.yml
|
||||
- include: set-hostname.yml
|
||||
when: hostname is defined
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue