diff options
Diffstat (limited to 'collections-debian-merged/ansible_collections/community/mongodb/plugins/modules')
14 files changed, 4368 insertions, 0 deletions
diff --git a/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/__init__.py b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/__init__.py diff --git a/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_balancer.py b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_balancer.py new file mode 100644 index 00000000..85c0e70f --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_balancer.py @@ -0,0 +1,511 @@ +#!/usr/bin/python + +# Copyright: (c) 2020, Rhys Campbell <rhys.james.campbell@googlemail.com> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r''' +--- +module: mongodb_balancer +short_description: Manages the MongoDB Sharded Cluster Balancer. +description: + - Manages the MongoDB Sharded Cluster Balancer. + - Start or stop the balancer. + - Adjust the cluster chunksize. + - Enable or disable autosplit. + - Adds or remove a balancer window. +author: Rhys Campbell (@rhysmeister) +version_added: "1.0.0" + +extends_documentation_fragment: + - community.mongodb.login_options + - community.mongodb.ssl_options + +options: + autosplit: + description: + - Disable or enable the autosplit flag in the config.settings collection. + required: false + type: bool + chunksize: + description: + - Control the size of chunks in the sharded cluster. + - Value should be given in MB. + required: false + type: int + state: + description: + - Manage the Balancer for the Cluster + required: false + type: str + choices: + - "started" + - "stopped" + default: "started" + mongos_process: + description: + - Provide a custom name for the mongos process. + - Most users can ignore this setting. + required: false + type: str + default: "mongos" + window: + description: + - Schedule the balancer window. + - Provide the following dictionary keys start, stop, state + - The state key should be "present" or "absent". + - The start and stop keys are ignored when state is "absent". + - start and stop should be strings in "HH:MM" format indicating the time bounds of the window. + type: raw + required: false +notes: + - Requires the pymongo Python package on the remote host, version 2.4.2+. This + can be installed using pip or the OS package manager. @see U(http://api.mongodb.org/python/current/installation.html) +requirements: + - pymongo +''' + +EXAMPLES = r''' +- name: Start the balancer + community.mongodb.mongodb_balancer: + state: started + +- name: Stop the balancer and disable autosplit + community.mongodb.mongodb_balancer: + state: stopped + autosplit: false + +- name: Enable autosplit + community.mongodb.mongodb_balancer: + autosplit: true + +- name: Change the default chunksize to 128MB + community.mongodb.mongodb_balancer: + chunksize: 128 + +- name: Add or update a balancing window + community.mongodb.mongodb_balancer: + window: + start: "23:00" + stop: "06:00" + state: "present" + +- name: Remove a balancing window + community.mongodb.mongodb_balancer: + window: + state: "absent" +''' + +RETURN = r''' +changed: + description: Whether the balancer state or autosplit changed. + returned: success + type: bool +old_balancer_state: + description: The previous state of the balancer + returned: When balancer state is changed + type: str +new_balancer_state: + description: The new state of the balancer. + returned: When balancer state is changed + type: str +old_autosplit: + description: The previous state of autosplit. + returned: When autosplit is changed. + type: str +new_autosplit: + description: The new state of autosplit. + returned: When autosplit is changed. + type: str +old_chunksize: + description: The previous value for chunksize. + returned: When chunksize is changed. + type: int +new_chunksize: + description: The new value for chunksize. + returned: When chunksize is changed. + type: int +msg: + description: A short description of what happened. + returned: failure + type: str +failed: + description: If something went wrong + returned: failed + type: bool +''' + +from copy import deepcopy + +import os +import ssl as ssl_lib +from distutils.version import LooseVersion +import time +import traceback + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.six import binary_type, text_type +from ansible.module_utils.six.moves import configparser +from ansible.module_utils._text import to_native +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import ( + check_compatibility, + missing_required_lib, + load_mongocnf, + mongodb_common_argument_spec, + ssl_connection_options +) +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import ( + PyMongoVersion, + PYMONGO_IMP_ERR, + pymongo_found, + MongoClient +) + +has_ordereddict = False +try: + from collections import OrderedDict + has_ordereddict = True +except ImportError as excep: + try: + from ordereddict import OrderedDict + has_ordereddict = True + except ImportError as excep: + pass + + +def get_balancer_state(client): + ''' + Gets the state of the MongoDB balancer. The config.settings collection does + not exist until the balancer has been started for the first time + { "_id" : "balancer", "mode" : "full", "stopped" : false } + { "_id" : "autosplit", "enabled" : true } + ''' + balancer_state = None + result = client["config"].settings.find_one({"_id": "balancer"}) + if not result: + balancer_state = "stopped" + else: + if result['stopped'] is False: + balancer_state = "started" + else: + balancer_state = "stopped" + return balancer_state + + +def stop_balancer(client): + ''' + Stops MongoDB balancer + ''' + cmd_doc = OrderedDict([ + ('balancerStop', 1), + ('maxTimeMS', 60000) + ]) + client['admin'].command(cmd_doc) + time.sleep(1) + + +def start_balancer(client): + ''' + Starts MongoDB balancer + ''' + cmd_doc = OrderedDict([ + ('balancerStart', 1), + ('maxTimeMS', 60000) + ]) + client['admin'].command(cmd_doc) + time.sleep(1) + + +def enable_autosplit(client): + client["config"].settings.update({"_id": "autosplit"}, + {"$set": {"enabled": True}}, + upsert=True, + w="majority") + + +def disable_autosplit(client): + client["config"].settings.update({"_id": "autosplit"}, + {"$set": {"enabled": False}}, + upsert=True, + w="majority") + + +def get_autosplit(client): + autosplit = False + result = client["config"].settings.find_one({"_id": "autosplit"}) + if result is not None: + autosplit = result['enabled'] + return autosplit + + +def get_chunksize(client): + ''' + Default chunksize is 64MB + ''' + chunksize = None + result = client["config"].settings.find_one({"_id": "chunksize"}) + if not result: + chunksize = 64 + else: + chunksize = result['value'] + return chunksize + + +def set_chunksize(client, chunksize): + client["config"].settings.save({"_id": "chunksize", + "value": chunksize}) + + +def set_balancing_window(client, start, stop): + s = False + result = client["config"].settings.update_one({"_id": "balancer"}, + {"$set": { + "activeWindow": { + "start": start, + "stop": stop}}}, + upsert=True) + if result.modified_count == 1 or result.upserted_id is not None: + s = True + return s + + +def remove_balancing_window(client): + s = False + result = client["config"].settings.update_one({"_id": "balancer"}, + {"$unset": {"activeWindow": True}}) + if result.modified_count == 1: + s = True + return s + + +def balancing_window(client, start, stop): + s = False + if start is not None and stop is not None: + result = client["config"].settings.find_one({"_id": "balancer", + "activeWindow.start": start, + "activeWindow.stop": stop}) + else: + result = client["config"].settings.find_one({"_id": "balancer", "activeWindow": {"$exists": True}}) + if result: + s = True + return s + + +def validate_window(window, module): + if window is not None: + if 'state' not in window.keys(): + module.fail_json(msg="Balancing window state must be specified") + elif window['state'] not in ['present', 'absent']: + module.fail_json(msg="Balancing window state must be present or absent") + elif window['state'] == "present" \ + and ("start" not in window.keys() + or "stop" not in window.keys()): + module.fail_json(msg="Balancing window start and stop values must be specified") + return True + + +def main(): + argument_spec = mongodb_common_argument_spec() + argument_spec.update( + autosplit=dict(type='bool', default=None), + chunksize=dict(type='int', default=None), + mongos_process=dict(type='str', required=False, default="mongos"), + state=dict(type='str', default="started", choices=["started", "stopped"]), + window=dict(type='raw', default=None) + ) + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True, + required_together=[['login_user', 'login_password']], + ) + + if not has_ordereddict: + module.fail_json(msg='Cannot import OrderedDict class. You can probably install with: pip install ordereddict') + + if not pymongo_found: + module.fail_json(msg=missing_required_lib('pymongo'), + exception=PYMONGO_IMP_ERR) + + login_user = module.params['login_user'] + login_password = module.params['login_password'] + login_database = module.params['login_database'] + login_host = module.params['login_host'] + login_port = module.params['login_port'] + balancer_state = module.params['state'] + autosplit = module.params['autosplit'] + chunksize = module.params['chunksize'] + mongos_process = module.params['mongos_process'] + ssl = module.params['ssl'] + window = module.params['window'] + + # Validate window + validate_window(window, module) + + result = dict( + changed=False, + ) + + connection_params = dict( + host=login_host, + port=int(login_port), + ) + + if ssl: + connection_params = ssl_connection_options(connection_params, module) + + try: + client = MongoClient(**connection_params) + except Exception as excep: + module.fail_json(msg='Unable to connect to MongoDB: %s' % to_native(excep)) + + if login_user is None and login_password is None: + mongocnf_creds = load_mongocnf() + if mongocnf_creds is not False: + login_user = mongocnf_creds['user'] + login_password = mongocnf_creds['password'] + elif login_password is None or login_user is None: + module.fail_json(msg="When supplying login arguments, both 'login_user' and 'login_password' must be provided") + + try: + try: + client['admin'].command('listDatabases', 1.0) # if this throws an error we need to authenticate + except Exception as excep: + if excep.code == 13: + if login_user is not None and login_password is not None: + client.admin.authenticate(login_user, login_password, source=login_database) + else: + module.fail_json(msg='No credentials to authenticate: %s' % to_native(excep)) + else: + module.fail_json(msg='Unknown error: %s' % to_native(excep)) + except Exception as excep: + module.fail_json(msg='unable to connect to database: %s' % to_native(excep), exception=traceback.format_exc()) + # Get server version: + try: + srv_version = LooseVersion(client.server_info()['version']) + except Exception as excep: + module.fail_json(msg='Unable to get MongoDB server version: %s' % to_native(excep)) + try: + # Get driver version:: + driver_version = LooseVersion(PyMongoVersion) + # Check driver and server version compatibility: + check_compatibility(module, srv_version, driver_version) + except Exception as excep: + module.fail_json(msg='Unable to authenticate with MongoDB: %s' % to_native(excep)) + + changed = False + + cluster_balancer_state = None + cluster_autosplit = None + cluster_chunksize = None + old_balancer_state = None + new_balancer_state = None + old_autosplit = None + new_autosplit = None + old_chunksize = None + new_chunksize = None + + try: + + if client["admin"].command("serverStatus")["process"] != mongos_process: + module.fail_json(msg="Process running on {0}:{1} is not a {2}".format(login_host, login_port, mongos_process)) + + cluster_balancer_state = get_balancer_state(client) + if autosplit is not None: + cluster_autosplit = get_autosplit(client) + if chunksize is not None: + cluster_chunksize = get_chunksize(client) + + if module.check_mode: + if balancer_state != cluster_balancer_state: + old_balancer_state = cluster_balancer_state + new_balancer_state = balancer_state + changed = True + if (autosplit is not None + and autosplit != cluster_autosplit): + old_autosplit = cluster_autosplit + new_autosplit = autosplit + changed = True + if (chunksize is not None + and chunksize != cluster_chunksize): + old_chunksize = cluster_chunksize + new_chunksize = chunksize + changed = True + if window is not None: + if balancing_window(client, window.get('start'), window.get('stop')): + if window['state'] == "present": + pass + else: + changed = True + else: + if window['state'] == "present": + changed = True + else: + pass + else: + if balancer_state is not None \ + and balancer_state != cluster_balancer_state: + if balancer_state == "started": + start_balancer(client) + old_balancer_state = cluster_balancer_state + new_balancer_state = get_balancer_state(client) + changed = True + else: + stop_balancer(client) + old_balancer_state = cluster_balancer_state + new_balancer_state = get_balancer_state(client) + changed = True + if autosplit is not None \ + and autosplit != cluster_autosplit: + if autosplit: + enable_autosplit(client) + old_autosplit = cluster_autosplit + new_autosplit = autosplit + changed = True + else: + disable_autosplit(client) + old_autosplit = cluster_autosplit + new_autosplit = autosplit + changed = True + if (chunksize is not None + and chunksize != cluster_chunksize): + set_chunksize(client, chunksize) + old_chunksize = cluster_chunksize + new_chunksize = chunksize + changed = True + if window is not None: + if balancing_window(client, window.get('start'), window.get('stop')): + if window['state'] == "present": + pass + else: + remove_balancing_window(client) + changed = True + else: + if window['state'] == "present": + set_balancing_window(client, + window['start'], + window['stop']) + changed = True + else: + pass + except Exception as excep: + result["msg"] = "An error occurred: {0}".format(excep) + + result['changed'] = changed + if old_balancer_state is not None: + result['old_balancer_state'] = old_balancer_state + result['new_balancer_state'] = new_balancer_state + if old_autosplit is not None: + result['old_autosplit'] = old_autosplit + result['new_autosplit'] = new_autosplit + if old_chunksize is not None: + result['old_chunksize'] = old_chunksize + result['new_chunksize'] = new_chunksize + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_index.py b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_index.py new file mode 100644 index 00000000..d2db559c --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_index.py @@ -0,0 +1,442 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright: (c) 2020, Rhys Campbell (@rhysmeister) <rhys.james.campbell@googlemail.com> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r''' +--- +module: mongodb_index + +short_description: Creates or drops indexes on MongoDB collections. + +description: + - Creates or drops indexes on MongoDB collections. + - Supports multiple index options, i.e. unique, sparse and partial. + - Validates existence of indexes by name only. + +author: Rhys Campbell (@rhysmeister) +version_added: "1.0.0" + +extends_documentation_fragment: + - community.mongodb.login_options + - community.mongodb.ssl_options + +options: + indexes: + description: + - List of indexes to create or drop + type: list + elements: raw + required: yes + replica_set: + description: + - Replica set to connect to (automatically connects to primary for writes). + type: str +notes: + - Requires the pymongo Python package on the remote host, version 2.4.2+. + +requirements: + - pymongo +''' + +EXAMPLES = r''' +- name: Create a single index on a collection + community.mongodb.mongodb_index: + login_user: admin + login_password: secret + indexes: + - database: mydb + collection: test + keys: + - username: 1 + last_login: -1 + options: + name: myindex + state: present + +- name: Drop an index on a collection + community.mongodb.mongodb_index: + login_user: admin + login_password: secret + indexes: + - database: mydb + collection: test + options: + name: myindex + state: absent + +- name: Create multiple indexes + community.mongodb.mongodb_index: + login_user: admin + login_password: secret + indexes: + - database: mydb + collection: test + keys: + - username: 1 + last_login: -1 + options: + name: myindex + state: present + - database: mydb + collection: test + keys: + - email: 1 + last_login: -1 + options: + name: myindex2 + state: present + +- name: Add a unique index + community.mongodb.mongodb_index: + login_port: 27017 + login_user: admin + login_password: secret + login_database: "admin" + indexes: + - database: "test" + collection: "rhys" + keys: + username: 1 + options: + name: myuniqueindex + unique: true + state: present + +- name: Add a ttl index + community.mongodb.mongodb_index: + login_port: 27017 + login_user: admin + login_password: secret + login_database: "admin" + indexes: + - database: "test" + collection: "rhys" + keys: + created: 1 + options: + name: myttlindex + expireAfterSeconds: 3600 + state: present + +- name: Add a sparse index + community.mongodb.mongodb_index: + login_port: 27017 + login_user: admin + login_password: secret + login_database: "admin" + indexes: + - database: "test" + collection: "rhys" + keys: + last_login: -1 + options: + name: mysparseindex + sparse: true + state: present + +- name: Add a partial index + community.mongodb.mongodb_index: + login_port: 27017 + login_user: admin + login_password: secret + login_database: "admin" + indexes: + - database: "test" + collection: "rhys" + keys: + last_login: -1 + options: + name: mypartialindex + partialFilterExpression: + rating: + $gt: 5 + state: present + +- name: Add a index in the background (background option is deprecated from 4.2+) + community.mongodb.mongodb_index: + login_port: 27017 + login_user: admin + login_password: secret + login_database: "admin" + indexes: + - database: "test" + collection: "rhys" + options: + name: idxbackground + keys: + username: -1 + backgroud: true + state: present + +- name: Check creating 5 index all with multiple options specified + community.mongodb.mongodb_index: + login_port: 27017 + login_user: admin + login_password: secret + login_database: "admin" + indexes: + - database: "test" + collection: "indextest" + options: + name: "idx_unq_username" + unique: true + keys: + username: -1 + state: present + - database: "test" + collection: "indextest" + options: + name: "idx_last_login" + sparse: true + keys: + last_login: -1 + state: present + - database: "test" + collection: "indextest" + options: + name: "myindex" + keys: + first_name: 1 + last_name: -1 + city: 1 + state: present + - database: "test" + collection: partialtest + options: + name: "idx_partialtest" + partialFilterExpression: + rating: + $gt: 5 + keys: + rating: -1 + title: 1 + state: present + - database: "test" + collection: "wideindex" + options: + name: "mywideindex" + keys: + email: -1 + username: 1 + first_name: 1 + last_name: 1 + dob: -1 + city: 1 + last_login: -1 + review_count: 1 + rating_count: 1 + last_post: -1 + state: present +''' + +RETURN = r''' +indexes_created: + description: List of indexes created. + returned: always + type: list + sample: ["myindex", "myindex2"] +indexes_dropped: + description: List of indexes dropped. + returned: always + type: list + sample: ["myindex", "myindex2"] +changed: + description: Indicates the module has changed something. + returned: When the module has changed something. + type: bool +failed: + description: Indicates the module has failed. + returned: When the module has encountered an error. + type: bool +''' + +from uuid import UUID + +from distutils.version import LooseVersion + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils._text import to_native +from ansible.module_utils.six import iteritems +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import ( + check_compatibility, + missing_required_lib, + mongodb_common_argument_spec, + ssl_connection_options +) +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import PyMongoVersion, PYMONGO_IMP_ERR, pymongo_found, MongoClient +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import index_exists, create_index, drop_index + + +def validate_module(module): + ''' + Runs validation rules specific the mongodb_index module + ''' + required_index_keys = [ + "database", + "collection", + "options", + "state", + ] + indexes = module.params['indexes'] + + if len(indexes) == 0: + module.fail_json(msg="One or more indexes must be specified") + if not all(isinstance(i, dict) for i in indexes): + module.fail_json(msg="Indexes must be supplied as dictionaries") + + # Ensure keys are present in index spec + for k in required_index_keys: + for i in indexes: + if k not in i.keys(): + module.fail_json(msg="Missing required index key {0}".format(k)) + + # Check index subkeys look correct + for i in indexes: + if not isinstance(i["database"], str): + module.fail_json(msg="database key should be str") + elif not isinstance(i["collection"], str): + module.fail_json(msg="collection key should be str") + elif i["state"] == "present" and "keys" not in i.keys(): + module.fail_json(msg="keys must be supplied when state is present") + elif i["state"] == "present" and not isinstance(i["keys"], dict): + module.fail_json(msg="keys key should be dict") + elif not isinstance(i["options"], dict): + module.fail_json(msg="options key should be dict") + elif "name" not in i["options"]: + module.fail_json(msg="The options dict must contain a name field") + elif i["state"] not in ["present", "absent"]: + module.fail_json(msg="state must be one of present or absent") + + +# ================ +# Module execution +# +def main(): + argument_spec = mongodb_common_argument_spec() + argument_spec.update( + indexes=dict(type='list', elements='raw', required=True), + replica_set=dict(type='str'), + ) + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True, + required_together=[['login_user', 'login_password']], + ) + + if not pymongo_found: + module.fail_json(msg=missing_required_lib('pymongo'), + exception=PYMONGO_IMP_ERR) + + validate_module(module) + + login_user = module.params['login_user'] + login_password = module.params['login_password'] + login_database = module.params['login_database'] + login_host = module.params['login_host'] + login_port = module.params['login_port'] + ssl = module.params['ssl'] + indexes = module.params['indexes'] + replica_set = module.params['replica_set'] + + connection_params = { + 'host': login_host, + 'port': login_port, + } + + if replica_set: + connection_params["replicaset"] = replica_set + + if ssl: + connection_params = ssl_connection_options(connection_params, module) + + client = MongoClient(**connection_params) + + if login_user: + try: + client.admin.authenticate(login_user, login_password, source=login_database) + except Exception as e: + module.fail_json(msg='Unable to authenticate: %s' % to_native(e)) + + # Get server version: + try: + srv_version = LooseVersion(client.server_info()['version']) + except Exception as e: + module.fail_json(msg='Unable to get MongoDB server version: %s' % to_native(e)) + + # Get driver version:: + driver_version = LooseVersion(PyMongoVersion) + + # Check driver and server version compatibility: + check_compatibility(module, srv_version, driver_version) + + # Pre flight checks done + indexes_created = [] + indexes_dropped = [] + changed = None + for i in indexes: + try: + idx = index_exists(client, i["database"], i["collection"], i["options"]["name"]) + except Exception as excep: + module.fail_json(msg="Could not determine index status: {0}".format(str(excep))) + if module.check_mode: + if idx: + if i["state"] == "present": + changed = False + elif i["state"] == "absent": + indexes_dropped.append("{0}.{1}.{2}".format(i["database"], + i["collection"], + i["options"]["name"])) + changed = True + else: + if i["state"] == "present": + indexes_created.append("{0}.{1}.{2}".format(i["database"], + i["collection"], + i["options"]["name"])) + changed = True + elif i["state"] == "absent": + changed = False + else: + if idx: + if i["state"] == "present": + changed = False + elif i["state"] == "absent": + try: + drop_index(client, i["database"], i["collection"], + i["options"]["name"]) + indexes_dropped.append("{0}.{1}.{2}".format(i["database"], + i["collection"], + i["options"]["name"])) + changed = True + except Exception as excep: + module.fail_json(msg="Error dropping index: {0}".format(str(excep))) + + else: + if i["state"] == "present": + try: + create_index(client=client, + database=i["database"], + collection=i["collection"], + keys=i["keys"], + options=i["options"]) + indexes_created.append("{0}.{1}.{2}".format(i["database"], + i["collection"], + i["options"]["name"])) + changed = True + except Exception as excep: + module.fail_json(msg="Error creating index: {0}".format(str(excep))) + elif i["state"] == "absent": + changed = False + + module.exit_json(changed=changed, + indexes_created=indexes_created, + indexes_dropped=indexes_dropped) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_info.py b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_info.py new file mode 100644 index 00000000..19d46f97 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_info.py @@ -0,0 +1,343 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright: (c) 2020, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r''' +--- +module: mongodb_info + +short_description: Gather information about MongoDB instance. + +description: +- Gather information about MongoDB instance. + +author: Andrew Klychkov (@Andersson007) +version_added: "1.0.0" + +extends_documentation_fragment: + - community.mongodb.login_options + - community.mongodb.ssl_options + +options: + filter: + description: + - Limit the collected information by comma separated string or YAML list. + - Allowable values are C(general), C(databases), C(total_size), C(parameters), C(users), C(roles). + - By default, collects all subsets. + - You can use '!' before value (for example, C(!users)) to exclude it from the information. + - If you pass including and excluding values to the filter, for example, I(filter=!general,users), + the excluding values, C(!general) in this case, will be ignored. + required: no + type: list + elements: str + +notes: + - Requires the pymongo Python package on the remote host, version 2.4.2+. + +requirements: + - pymongo +''' + +EXAMPLES = r''' +- name: Gather all supported information + community.mongodb.mongodb_info: + login_user: admin + login_password: secret + register: result + +- name: Show gathered info + debug: + msg: '{{ result }}' + +- name: Gather only information about databases and their total size + community.mongodb.mongodb_info: + login_user: admin + login_password: secret + filter: databases, total_size + +- name: Gather all information except parameters + community.mongodb.mongodb_info: + login_user: admin + login_password: secret + filter: '!parameters' +''' + +RETURN = r''' +general: + description: General instance information. + returned: always + type: dict + sample: {"allocator": "tcmalloc", "bits": 64, "storageEngines": ["biggie"], "version": "4.2.3", "maxBsonObjectSize": 16777216} +databases: + description: Database information. + returned: always + type: dict + sample: {"admin": {"empty": false, "sizeOnDisk": 245760}, "config": {"empty": false, "sizeOnDisk": 110592}} +total_size: + description: Total size of all databases in bytes. + returned: always + type: int + sample: 397312 +users: + description: User information. + returned: always + type: dict + sample: { "db": {"new_user": {"_id": "config.new_user", "mechanisms": ["SCRAM-SHA-1", "SCRAM-SHA-256"], "roles": []}}} +roles: + description: Role information. + returned: always + type: dict + sample: { "db": {"restore": {"inheritedRoles": [], "isBuiltin": true, "roles": []}}} +parameters: + description: Server parameters information. + returned: always + type: dict + sample: {"maxOplogTruncationPointsAfterStartup": 100, "maxOplogTruncationPointsDuringStartup": 100, "maxSessions": 1000000} +''' + +from uuid import UUID + +import ssl as ssl_lib +from distutils.version import LooseVersion + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils._text import to_native +from ansible.module_utils.six import iteritems +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import ( + check_compatibility, + missing_required_lib, + mongodb_common_argument_spec, + ssl_connection_options +) +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import PyMongoVersion, PYMONGO_IMP_ERR, pymongo_found, MongoClient + + +class MongoDbInfo(): + """Class for gathering MongoDB instance information. + + Args: + module (AnsibleModule): Object of AnsibleModule class. + client (pymongo): pymongo client object to interact with the database. + """ + def __init__(self, module, client): + self.module = module + self.client = client + self.admin_db = self.client.admin + self.info = { + 'general': {}, + 'databases': {}, + 'total_size': {}, + 'parameters': {}, + 'users': {}, + 'roles': {}, + } + + def get_info(self, filter_): + """Get MongoDB instance information and return it based on filter_. + + Args: + filter_ (list): List of collected subsets (e.g., general, users, etc.), + when it is empty, return all available information. + """ + self.__collect() + + inc_list = [] + exc_list = [] + + if filter_: + partial_info = {} + + for fi in filter_: + if fi.lstrip('!') not in self.info: + self.module.warn("filter element '%s' is not allowable, ignored" % fi) + continue + + if fi[0] == '!': + exc_list.append(fi.lstrip('!')) + + else: + inc_list.append(fi) + + if inc_list: + for i in self.info: + if i in inc_list: + partial_info[i] = self.info[i] + + else: + for i in self.info: + if i not in exc_list: + partial_info[i] = self.info[i] + + return partial_info + + else: + return self.info + + def __collect(self): + """Collect information.""" + # Get general info: + self.info['general'] = self.client.server_info() + + # Get parameters: + self.info['parameters'] = self.get_parameters_info() + + # Gather info about databases and their total size: + self.info['databases'], self.info['total_size'] = self.get_db_info() + + for dbname, val in iteritems(self.info['databases']): + # Gather info about users for each database: + self.info['users'].update(self.get_users_info(dbname)) + + # Gather info about roles for each database: + self.info['roles'].update(self.get_roles_info(dbname)) + + def get_roles_info(self, dbname): + """Gather information about roles. + + Args: + dbname (str): Database name to get role info from. + + Returns a dictionary with role information for the given db. + """ + db = self.client[dbname] + result = db.command({'rolesInfo': 1, 'showBuiltinRoles': True})['roles'] + + roles_dict = {} + for elem in result: + roles_dict[elem['role']] = {} + for key, val in iteritems(elem): + if key in ['role', 'db']: + continue + + roles_dict[elem['role']][key] = val + + return {dbname: roles_dict} + + def get_users_info(self, dbname): + """Gather information about users. + + Args: + dbname (str): Database name to get user info from. + + Returns a dictionary with user information for the given db. + """ + db = self.client[dbname] + result = db.command({'usersInfo': 1})['users'] + + users_dict = {} + for elem in result: + users_dict[elem['user']] = {} + for key, val in iteritems(elem): + if key in ['user', 'db']: + continue + + if isinstance(val, UUID): + val = val.hex + + users_dict[elem['user']][key] = val + + return {dbname: users_dict} + + def get_db_info(self): + """Gather information about databases. + + Returns a dictionary with database information. + """ + result = self.admin_db.command({'listDatabases': 1}) + total_size = int(result['totalSize']) + result = result['databases'] + + db_dict = {} + for elem in result: + db_dict[elem['name']] = {} + for key, val in iteritems(elem): + if key == 'name': + continue + + if key == 'sizeOnDisk': + val = int(val) + + db_dict[elem['name']][key] = val + + return db_dict, total_size + + def get_parameters_info(self): + """Gather parameters information. + + Returns a dictionary with parameters. + """ + return self.admin_db.command({'getParameter': '*'}) + + +# ================ +# Module execution +# + +def main(): + argument_spec = mongodb_common_argument_spec() + argument_spec.update( + filter=dict(type='list', elements='str', required=False) + ) + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True, + required_together=[['login_user', 'login_password']], + ) + + if not pymongo_found: + module.fail_json(msg=missing_required_lib('pymongo'), + exception=PYMONGO_IMP_ERR) + + login_user = module.params['login_user'] + login_password = module.params['login_password'] + login_database = module.params['login_database'] + login_host = module.params['login_host'] + login_port = module.params['login_port'] + ssl = module.params['ssl'] + filter_ = module.params['filter'] + + if filter_: + filter_ = [f.strip() for f in filter_] + + connection_params = { + 'host': login_host, + 'port': login_port, + } + + if ssl: + connection_params = ssl_connection_options(connection_params, module) + + client = MongoClient(**connection_params) + + if login_user: + try: + client.admin.authenticate(login_user, login_password, source=login_database) + except Exception as e: + module.fail_json(msg='Unable to authenticate: %s' % to_native(e)) + + # Get server version: + try: + srv_version = LooseVersion(client.server_info()['version']) + except Exception as e: + module.fail_json(msg='Unable to get MongoDB server version: %s' % to_native(e)) + + # Get driver version:: + driver_version = LooseVersion(PyMongoVersion) + + # Check driver and server version compatibility: + check_compatibility(module, srv_version, driver_version) + + # Initialize an object and start main work: + mongodb = MongoDbInfo(module, client) + + module.exit_json(changed=False, **mongodb.get_info(filter_)) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_maintenance.py b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_maintenance.py new file mode 100644 index 00000000..0706dfd4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_maintenance.py @@ -0,0 +1,192 @@ +#!/usr/bin/python + +# Copyright: (c) 2020, Rhys Campbell <rhys.james.campbell@googlemail.com> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r''' +--- +module: mongodb_maintenance +short_description: Enables or disables maintenance mode for a secondary member. +description: + - Enables or disables maintenance mode for a secondary member. + - Wrapper around the replSetMaintenance command. + - Performs no actions against a PRIMARY member. + - When enabled SECONDARY members will not service reads. +author: Rhys Campbell (@rhysmeister) +version_added: "1.0.0" + +extends_documentation_fragment: + - community.mongodb.login_options + - community.mongodb.ssl_options + +options: + maintenance: + description: Enable or disable maintenance mode. + type: bool + default: false +notes: + - Requires the pymongo Python package on the remote host, version 2.4.2+. This + can be installed using pip or the OS package manager. @see U(http://api.mongodb.org/python/current/installation.html) +requirements: + - pymongo +''' + +EXAMPLES = r''' +- name: Enable maintenance mode + community.mongodb.mongodb_maintenance: + maintenance: true + +- name: Disable maintenance mode + community.mongodb.mongodb_maintenance: + maintenance: false +''' + +RETURN = r''' +changed: + description: Whether the member was placed into maintenance mode or not. + returned: success + type: bool +msg: + description: A short description of what happened. + returned: success + type: str +failed: + description: If something went wrong + returned: failed + type: bool +''' + +from copy import deepcopy + +import os +import ssl as ssl_lib +from distutils.version import LooseVersion + + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.six import binary_type, text_type +from ansible.module_utils.six.moves import configparser +from ansible.module_utils._text import to_native +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import ( + check_compatibility, + missing_required_lib, + load_mongocnf, + mongodb_common_argument_spec, + member_state, + ssl_connection_options +) +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import PyMongoVersion, PYMONGO_IMP_ERR, pymongo_found, MongoClient + + +def put_in_maint_mode(client): + client['admin'].command('replSetMaintenance', True) + + +def remove_maint_mode(client): + client['admin'].command('replSetMaintenance', False) + + +def main(): + argument_spec = mongodb_common_argument_spec() + argument_spec.update( + maintenance=dict(type='bool', default=False) + ) + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True, + required_together=[['login_user', 'login_password']], + ) + + if not pymongo_found: + module.fail_json(msg=missing_required_lib('pymongo'), + exception=PYMONGO_IMP_ERR) + + login_user = module.params['login_user'] + login_password = module.params['login_password'] + login_database = module.params['login_database'] + login_host = module.params['login_host'] + login_port = module.params['login_port'] + maintenance = module.params['maintenance'] + ssl = module.params['ssl'] + + result = dict( + changed=False, + ) + + connection_params = dict( + host=login_host, + port=int(login_port), + ) + + if ssl: + connection_params = ssl_connection_options(connection_params, module) + + try: + client = MongoClient(**connection_params) + except Exception as excep: + module.fail_json(msg='Unable to connect to MongoDB: %s' % to_native(excep)) + + if login_user is None and login_password is None: + mongocnf_creds = load_mongocnf() + if mongocnf_creds is not False: + login_user = mongocnf_creds['user'] + login_password = mongocnf_creds['password'] + elif login_password is None or login_user is None: + module.fail_json(msg="When supplying login arguments, both 'login_user' and 'login_password' must be provided") + + if login_user is not None and login_password is not None: + try: + client.admin.authenticate(login_user, login_password, source=login_database) + # Get server version: + try: + srv_version = LooseVersion(client.server_info()['version']) + except Exception as excep: + module.fail_json(msg='Unable to get MongoDB server version: %s' % to_native(excep)) + + # Get driver version:: + driver_version = LooseVersion(PyMongoVersion) + # Check driver and server version compatibility: + check_compatibility(module, srv_version, driver_version) + except Exception as excep: + module.fail_json(msg='Unable to authenticate with MongoDB: %s' % to_native(excep)) + + try: + state = member_state(client) + if state == "PRIMARY": + result["msg"] = "no action taken as member state was PRIMARY" + elif state == "SECONDARY": + if maintenance: + if module.check_mode: + result["changed"] = True + result["msg"] = "member was placed into maintenance mode" + else: + put_in_maint_mode(client) + result["changed"] = True + result["msg"] = "member was placed into maintenance mode" + else: + result["msg"] = "No action taken as maintenance parameter is false and member state is SECONDARY" + elif state == "RECOVERING": + if maintenance: + result["msg"] = "no action taken as member is already in a RECOVERING state" + else: + if module.check_mode: + result["changed"] = True + result["msg"] = "the member was removed from maintenance mode" + else: + remove_maint_mode(client) + result["changed"] = True + result["msg"] = "the member was removed from maintenance mode" + else: + result["msg"] = "no action taken as member state was {0}".format(state) + except Exception as excep: + module.fail_json(msg='module encountered an error: %s' % to_native(excep)) + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_oplog.py b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_oplog.py new file mode 100644 index 00000000..ce8c4477 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_oplog.py @@ -0,0 +1,252 @@ +#!/usr/bin/python + +# Copyright: (c) 2020, Rhys Campbell <rhys.james.campbell@googlemail.com> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r''' +--- +module: mongodb_oplog +short_description: Resizes the MongoDB oplog. +description: + - Resizes the MongoDB oplog. + - This module should only be used with MongoDB 3.6 and above. + - Old MongoDB versions should use an alternative method. + - Consult U(https://docs.mongodb.com/manual/tutorial/change-oplog-size) for further info. +author: Rhys Campbell (@rhysmeister) +version_added: "1.0.0" + +extends_documentation_fragment: + - community.mongodb.login_options + - community.mongodb.ssl_options + +options: + oplog_size_mb: + description: + - New size of the oplog in MB. + type: int + required: true + compact: + description: + - Runs compact against the oplog.rs collection in the local database to reclaim disk space. + - Performs no actions against PRIMARY members. + - The MongoDB user must have the compact role on the local database for this feature to work. + type: bool + default: false + required: false + ver: + description: + - Version of MongoDB this module is supported from. + - You probably don't want to modifiy this. + - Included here for internal testing. + type: str + default: "3.6" +notes: + - Requires the pymongo Python package on the remote host, version 2.4.2+. This + can be installed using pip or the OS package manager. @see U(http://api.mongodb.org/python/current/installation.html) +requirements: + - pymongo +''' + +EXAMPLES = r''' +- name: Resize oplog to 16 gigabytes, or 16000 megabytes + community.mongodb.mongodb_oplog: + oplog_size_mb: 16000 + +- name: Resize oplog to 8 gigabytes and compact secondaries to reclaim space + community.mongodb.mongodb_oplog: + oplog_size_mb: 8000 + compact: true +''' + +RETURN = r''' +changed: + description: Whether the member oplog was modified. + returned: success + type: bool +compacted: + description: Whether the member oplog was compacted. + returned: success + type: bool +msg: + description: A short description of what happened. + returned: success + type: str +failed: + description: If something went wrong + returned: failed + type: bool +''' + +from copy import deepcopy + +import os +import ssl as ssl_lib +from distutils.version import LooseVersion + + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.six import binary_type, text_type +from ansible.module_utils.six.moves import configparser +from ansible.module_utils._text import to_native +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import ( + check_compatibility, + missing_required_lib, + load_mongocnf, + mongodb_common_argument_spec, + member_state, + ssl_connection_options +) +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import ( + PyMongoVersion, + PYMONGO_IMP_ERR, + pymongo_found, + MongoClient +) + +has_ordereddict = False +try: + from collections import OrderedDict + has_ordereddict = True +except ImportError as excep: + try: + from ordereddict import OrderedDict + has_ordereddict = True + except ImportError as excep: + pass + + +def get_olplog_size(client): + return int(client["local"].command("collStats", "oplog.rs")["maxSize"]) / 1024 / 1024 + + +def set_oplog_size(client, oplog_size_mb): + cmd_doc = OrderedDict([ + ('replSetResizeOplog', 1), + ('size', oplog_size_mb) + ]) + client["admin"].command(cmd_doc) + + +def compact_oplog(client): + client["local"].command("compact", "oplog.rs") + + +def main(): + argument_spec = mongodb_common_argument_spec() + argument_spec.update( + compact=dict(type='bool', default=False), + oplog_size_mb=dict(type='int', required=True), + ver=dict(type='str', default='3.6') + ) + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True, + required_together=[['login_user', 'login_password']], + ) + + if not has_ordereddict: + module.fail_json(msg='Cannot import OrderedDict class. You can probably install with: pip install ordereddict') + + if not pymongo_found: + module.fail_json(msg=missing_required_lib('pymongo'), + exception=PYMONGO_IMP_ERR) + + login_user = module.params['login_user'] + login_password = module.params['login_password'] + login_database = module.params['login_database'] + login_host = module.params['login_host'] + login_port = module.params['login_port'] + oplog_size_mb = float(module.params['oplog_size_mb']) # MongoDB 4.4 inists on a real + compact = module.params['compact'] + ver = module.params['ver'] + ssl = module.params['ssl'] + + result = dict( + changed=False, + ) + + connection_params = dict( + host=login_host, + port=int(login_port), + ) + + if ssl: + connection_params = ssl_connection_options(connection_params, module) + + try: + client = MongoClient(**connection_params) + except Exception as excep: + module.fail_json(msg='Unable to connect to MongoDB: %s' % to_native(excep)) + + if login_user is None and login_password is None: + mongocnf_creds = load_mongocnf() + if mongocnf_creds is not False: + login_user = mongocnf_creds['user'] + login_password = mongocnf_creds['password'] + elif login_password is None or login_user is None: + module.fail_json(msg="When supplying login arguments, both 'login_user' and 'login_password' must be provided") + + if login_user is not None and login_password is not None: + try: + client.admin.authenticate(login_user, login_password, source=login_database) + # Get server version: + try: + srv_version = LooseVersion(client.server_info()['version']) + if srv_version < LooseVersion(ver): + module.fail_json(msg="This module does not support MongoDB {0}".format(srv_version)) + except Exception as excep: + module.fail_json(msg='Unable to get MongoDB server version: %s' % to_native(excep)) + + # Get driver version:: + driver_version = LooseVersion(PyMongoVersion) + # Check driver and server version compatibility: + check_compatibility(module, srv_version, driver_version) + except Exception as excep: + module.fail_json(msg='Unable to authenticate with MongoDB: %s' % to_native(excep)) + + try: + current_oplog_size = get_olplog_size(client) + except Exception as excep: + module.fail_json(msg='Unable to get current oplog size: %s' % to_native(excep)) + if oplog_size_mb == current_oplog_size: + result["msg"] = "oplog_size_mb is already {0} mb".format(int(oplog_size_mb)) + result["compacted"] = False + else: + try: + state = member_state(client) + except Exception as excep: + module.fail_json(msg='Unable to get member state: %s' % to_native(excep)) + if module.check_mode: + result["changed"] = True + result["msg"] = "oplog has been resized from {0} mb to {1} mb".format(int(current_oplog_size), + int(oplog_size_mb)) + if state == "SECONDARY" and compact and current_oplog_size > oplog_size_mb: + result["compacted"] = True + else: + result["compacted"] = False + else: + try: + set_oplog_size(client, oplog_size_mb) + result["changed"] = True + result["msg"] = "oplog has been resized from {0} mb to {1} mb".format(int(current_oplog_size), + int(oplog_size_mb)) + except Exception as excep: + module.fail_json(msg='Unable to set oplog size: %s' % to_native(excep)) + if state == "SECONDARY" and compact and current_oplog_size > oplog_size_mb: + try: + compact_oplog(client) + result["compacted"] = True + except Exception as excep: + module.fail_json(msg='Error compacting member oplog: %s' % to_native(excep)) + else: + result["compacted"] = False + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_parameter.py b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_parameter.py new file mode 100644 index 00000000..646195bc --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_parameter.py @@ -0,0 +1,195 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# (c) 2016, Loic Blot <loic.blot@unix-experience.fr> +# Sponsored by Infopro Digital. http://www.infopro-digital.com/ +# Sponsored by E.T.A.I. http://www.etai.fr/ +# +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r''' +--- +module: mongodb_parameter +short_description: Change an administrative parameter on a MongoDB server +description: + - Change an administrative parameter on a MongoDB server. +version_added: "1.0.0" + +extends_documentation_fragment: + - community.mongodb.login_options + - community.mongodb.ssl_options + +options: + replica_set: + description: + - Replica set to connect to (automatically connects to primary for writes). + type: str + param: + description: + - MongoDB administrative parameter to modify. + type: str + required: true + value: + description: + - MongoDB administrative parameter value to set. + type: str + required: true + param_type: + description: + - Define the type of parameter value. + default: str + type: str + choices: [int, str] + +notes: + - Requires the pymongo Python package on the remote host, version 2.4.2+. + - This can be installed using pip or the OS package manager. + - See also U(http://api.mongodb.org/python/current/installation.html) +requirements: [ "pymongo" ] +author: "Loic Blot (@nerzhul)" +''' + +EXAMPLES = r''' +- name: Set MongoDB syncdelay to 60 (this is an int) + community.mongodb.mongodb_parameter: + param: syncdelay + value: 60 + param_type: int +''' + +RETURN = r''' +before: + description: value before modification + returned: success + type: str +after: + description: value after modification + returned: success + type: str +''' + +import os +from distutils.version import LooseVersion +import traceback + +from ansible.module_utils.basic import AnsibleModule, missing_required_lib +from ansible.module_utils.six.moves import configparser +from ansible.module_utils._text import to_native +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import ( + check_compatibility, + missing_required_lib, + load_mongocnf, + mongodb_common_argument_spec, + ssl_connection_options +) +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import ( + PyMongoVersion, + PYMONGO_IMP_ERR, + pymongo_found, + MongoClient +) +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import ConnectionFailure, OperationFailure + +# ========================================= +# Module execution. +# + + +def main(): + argument_spec = mongodb_common_argument_spec() + argument_spec.update( + replica_set=dict(default=None), + param=dict(required=True), + value=dict(required=True), + param_type=dict(default="str", choices=['str', 'int']) + ) + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=False, + required_together=[['login_user', 'login_password']], + ) + + if not pymongo_found: + module.fail_json(msg=missing_required_lib('pymongo'), + exception=PYMONGO_IMP_ERR) + + login_user = module.params['login_user'] + login_password = module.params['login_password'] + login_host = module.params['login_host'] + login_port = module.params['login_port'] + login_database = module.params['login_database'] + + replica_set = module.params['replica_set'] + ssl = module.params['ssl'] + + param = module.params['param'] + param_type = module.params['param_type'] + value = module.params['value'] + + connection_params = dict( + host=login_host, + port=int(login_port), + ) + + if ssl: + connection_params = ssl_connection_options(connection_params, module) + + # Verify parameter is coherent with specified type + try: + if param_type == 'int': + value = int(value) + except ValueError: + module.fail_json(msg="value '%s' is not %s" % (value, param_type)) + + try: + if replica_set: + client = MongoClient(replicaset=replica_set, **connection_params) + else: + client = MongoClient(**connection_params) + + if login_user is None and login_password is None: + mongocnf_creds = load_mongocnf() + if mongocnf_creds is not False: + login_user = mongocnf_creds['user'] + login_password = mongocnf_creds['password'] + elif login_password is None or login_user is None: + module.fail_json(msg='when supplying login arguments, both login_user and login_password must be provided') + + if login_user is not None and login_password is not None: + client.admin.authenticate(login_user, login_password, source=login_database) + + # Get server version: + try: + srv_version = LooseVersion(client.server_info()['version']) + except Exception as e: + module.fail_json(msg='Unable to get MongoDB server version: %s' % to_native(e)) + + # Get driver version:: + driver_version = LooseVersion(PyMongoVersion) + + # Check driver and server version compatibility: + check_compatibility(module, srv_version, driver_version) + + except ConnectionFailure as e: + module.fail_json(msg='unable to connect to database: %s' % to_native(e), exception=traceback.format_exc()) + + db = client.admin + + try: + after_value = db.command("setParameter", **{param: value}) + except OperationFailure as e: + module.fail_json(msg="unable to change parameter: %s" % to_native(e), exception=traceback.format_exc()) + + if "was" not in after_value: + module.exit_json(changed=True, msg="Unable to determine old value, assume it changed.") + else: + module.exit_json(changed=(value != after_value["was"]), before=after_value["was"], + after=value) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_replicaset.py b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_replicaset.py new file mode 100644 index 00000000..cfb23311 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_replicaset.py @@ -0,0 +1,390 @@ +#!/usr/bin/python + +# Copyright: (c) 2018, Rhys Campbell <rhys.james.campbell@googlemail.com> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r''' +--- +module: mongodb_replicaset +short_description: Initialises a MongoDB replicaset. +description: + - Initialises a MongoDB replicaset in a new deployment. + - Validates the replicaset name for existing deployments. + - Advanced replicaset member configuration possible (see examples). +author: Rhys Campbell (@rhysmeister) +version_added: "1.0.0" + +extends_documentation_fragment: + - community.mongodb.login_options + - community.mongodb.ssl_options + +options: + replica_set: + description: + - Replicaset name. + type: str + default: rs0 + members: + description: + - Yaml list consisting of the replicaset members. + - Csv string will also be accepted i.e. mongodb1:27017,mongodb2:27017,mongodb3:27017. + - A dictionary can also be used to specify advanced replicaset member options. + - If a port number is not provided then 27017 is assumed. + type: list + elements: raw + validate: + description: + - Performs some basic validation on the provided replicaset config. + type: bool + default: yes + arbiter_at_index: + description: + - Identifies the position of the member in the array that is an arbiter. + type: int + chaining_allowed: + description: + - When I(settings.chaining_allowed=true), the replicaset allows secondary members to replicate from other + secondary members. + - When I(settings.chaining_allowed=false), secondaries can replicate only from the primary. + type: bool + default: yes + heartbeat_timeout_secs: + description: + - Number of seconds that the replicaset members wait for a successful heartbeat from each other. + - If a member does not respond in time, other members mark the delinquent member as inaccessible. + - The setting only applies when using I(protocol_version=0). When using I(protocol_version=1) the relevant + setting is I(settings.election_timeout_millis). + type: int + default: 10 + election_timeout_millis: + description: + - The time limit in milliseconds for detecting when a replicaset's primary is unreachable. + type: int + default: 10000 + protocol_version: + description: Version of the replicaset election protocol. + type: int + choices: [ 0, 1 ] + default: 1 +notes: +- Requires the pymongo Python package on the remote host, version 2.4.2+. This + can be installed using pip or the OS package manager. @see U(http://api.mongodb.org/python/current/installation.html) +requirements: +- pymongo +''' + +EXAMPLES = r''' +# Create a replicaset called 'rs0' with the 3 provided members +- name: Ensure replicaset rs0 exists + community.mongodb.mongodb_replicaset: + login_host: localhost + login_user: admin + login_password: admin + replica_set: rs0 + members: + - mongodb1:27017 + - mongodb2:27017 + - mongodb3:27017 + when: groups.mongod.index(inventory_hostname) == 0 + +# Create two single-node replicasets on the localhost for testing +- name: Ensure replicaset rs0 exists + community.mongodb.mongodb_replicaset: + login_host: localhost + login_port: 3001 + login_user: admin + login_password: secret + login_database: admin + replica_set: rs0 + members: localhost:3001 + validate: no + +- name: Ensure replicaset rs1 exists + community.mongodb.mongodb_replicaset: + login_host: localhost + login_port: 3002 + login_user: admin + login_password: secret + login_database: admin + replica_set: rs1 + members: localhost:3002 + validate: no + +- name: Create a replicaset and use a custom priority for each member + community.mongodb.mongodb_replicaset: + login_host: localhost + login_user: admin + login_password: admin + replica_set: rs0 + members: + - host: "localhost:3001" + priority: 1 + - host: "localhost:3002" + priority: 0.5 + - host: "localhost:3003" + priority: 0.5 + when: groups.mongod.index(inventory_hostname) == 0 + +- name: Create replicaset rs1 with options and member tags + community.mongodb.mongodb_replicaset: + login_host: localhost + login_port: 3001 + login_database: admin + replica_set: rs1 + members: + - host: "localhost:3001" + priority: 1 + tags: + dc: "east" + usage: "production" + - host: "localhost:3002" + priority: 1 + tags: + dc: "east" + usage: "production" + - host: "localhost:3003" + priority: 0 + hidden: true + slaveDelay: 3600 + tags: + dc: "west" + usage: "reporting" +''' + +RETURN = r''' +mongodb_replicaset: + description: The name of the replicaset that has been created. + returned: success + type: str +''' + +from copy import deepcopy + +import os +import ssl as ssl_lib +from distutils.version import LooseVersion + + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.six import binary_type, text_type +from ansible.module_utils.six.moves import configparser +from ansible.module_utils._text import to_native +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import ( + check_compatibility, + missing_required_lib, + load_mongocnf, + mongodb_common_argument_spec, + ssl_connection_options +) +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import PyMongoVersion, PYMONGO_IMP_ERR, pymongo_found, MongoClient + + +def replicaset_find(client): + """Check if a replicaset exists. + + Args: + client (cursor): Mongodb cursor on admin database. + + Returns: + dict: when user exists, False otherwise. + """ + doc = client['admin'].command('isMaster') + if 'setName' in doc.keys(): + return str(doc['setName']) + return False + + +def replicaset_add(module, client, replica_set, members, arbiter_at_index, protocol_version, + chaining_allowed, heartbeat_timeout_secs, election_timeout_millis): + + try: + from collections import OrderedDict + except ImportError as excep: + try: + from ordereddict import OrderedDict + except ImportError as excep: + module.fail_json(msg='Cannot import OrderedDict class. You can probably install with: pip install ordereddict: %s' + % to_native(excep)) + + members_dict_list = [] + index = 0 + settings = { + "chainingAllowed": bool(chaining_allowed), + } + if protocol_version == 0: + settings['heartbeatTimeoutSecs'] = heartbeat_timeout_secs + else: + settings['electionTimeoutMillis'] = election_timeout_millis + for member in members: + if isinstance(member, str): + if ':' not in member: # No port supplied. Assume 27017 + member += ":27017" + members_dict_list.append(OrderedDict([("_id", int(index)), ("host", member)])) + if index == arbiter_at_index: + members_dict_list[index]['arbiterOnly'] = True + index += 1 + elif isinstance(member, dict): + hostname = member["host"] + if ':' not in hostname: + hostname += ":27017" + members_dict_list.append(OrderedDict([("_id", int(index)), ("host", hostname)])) + for key in list(member.keys()): + if key != "host": + members_dict_list[index][key] = member[key] + if index == arbiter_at_index: + members_dict_list[index]['arbiterOnly'] = True + index += 1 + else: + raise ValueError("member should be a str or dict. Instead found: {0}".format(str(type(members)))) + + conf = OrderedDict([("_id", replica_set), + ("protocolVersion", protocol_version), + ("members", members_dict_list), + ("settings", settings)]) + try: + client["admin"].command('replSetInitiate', conf) + except Exception as excep: + raise Exception("Some problem {0} | {1}".format(str(excep), str(conf))) + + +def replicaset_remove(module, client, replica_set): + raise NotImplementedError + # exists = replicaset_find(client, replica_set) + # if exists: + # if module.check_mode: + # module.exit_json(changed=True, replica_set=replica_set) + # db = client[db_name] + # db.remove_user(replica_set) + # else: + # module.exit_json(changed=False, user=user) + + +# ========================================= +# Module execution. +# + + +def main(): + argument_spec = mongodb_common_argument_spec() + argument_spec.update( + arbiter_at_index=dict(type='int'), + chaining_allowed=dict(type='bool', default=True), + election_timeout_millis=dict(type='int', default=10000), + heartbeat_timeout_secs=dict(type='int', default=10), + members=dict(type='list', elements='raw'), + protocol_version=dict(type='int', default=1, choices=[0, 1]), + replica_set=dict(type='str', default="rs0"), + validate=dict(type='bool', default=True) + ) + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True, + required_together=[['login_user', 'login_password']], + ) + + if not pymongo_found: + module.fail_json(msg=missing_required_lib('pymongo'), + exception=PYMONGO_IMP_ERR) + + login_user = module.params['login_user'] + login_password = module.params['login_password'] + login_database = module.params['login_database'] + login_host = module.params['login_host'] + login_port = module.params['login_port'] + replica_set = module.params['replica_set'] + members = module.params['members'] + arbiter_at_index = module.params['arbiter_at_index'] + validate = module.params['validate'] + ssl = module.params['ssl'] + protocol_version = module.params['protocol_version'] + chaining_allowed = module.params['chaining_allowed'] + heartbeat_timeout_secs = module.params['heartbeat_timeout_secs'] + election_timeout_millis = module.params['election_timeout_millis'] + + if validate: + if len(members) <= 2 or len(members) % 2 == 0: + module.fail_json(msg="MongoDB Replicaset validation failed. Invalid number of replicaset members.") + if arbiter_at_index is not None and len(members) - 1 < arbiter_at_index: + module.fail_json(msg="MongoDB Replicaset validation failed. Invalid arbiter index.") + + result = dict( + changed=False, + replica_set=replica_set, + ) + + connection_params = dict( + host=login_host, + port=int(login_port), + ) + + if ssl: + connection_params = ssl_connection_options(connection_params, module) + + try: + client = MongoClient(**connection_params) + except Exception as e: + module.fail_json(msg='Unable to connect to database: %s' % to_native(e)) + + try: + rs = replicaset_find(client) + except Exception as e: + module.fail_json(msg='Unable to connect to query replicaset: %s' % to_native(e)) + + if isinstance(rs, str): + if replica_set == rs: + result['changed'] = False + result['replica_set'] = rs + module.exit_json(**result) + else: + module.fail_json(msg="The replica_set name of {0} does not match the expected: {1}".format(rs, replica_set)) + else: # replicaset does not exit + + # Some validation stuff + if len(replica_set) == 0: + module.fail_json(msg="Parameter replica_set must not be an empty string") + + if module.check_mode is False: + try: + # If we have auth details use then otherwise attempt without + if login_user is None and login_password is None: + mongocnf_creds = load_mongocnf() + if mongocnf_creds is not False: + login_user = mongocnf_creds['user'] + login_password = mongocnf_creds['password'] + elif login_password is None or login_user is None: + module.fail_json(msg="When supplying login arguments, both 'login_user' and 'login_password' must be provided") + + if login_user is not None and login_password is not None: + try: + client.admin.authenticate(login_user, login_password, source=login_database) + # Get server version: + try: + srv_version = LooseVersion(client.server_info()['version']) + except Exception as e: + module.fail_json(msg='Unable to get MongoDB server version: %s' % to_native(e)) + + # Get driver version:: + driver_version = LooseVersion(PyMongoVersion) + # Check driver and server version compatibility: + check_compatibility(module, srv_version, driver_version) + except Exception as excep: + module.fail_json(msg='Unable to authenticate with MongoDB: %s' % to_native(excep)) + replicaset_add(module, client, replica_set, members, + arbiter_at_index, protocol_version, + chaining_allowed, heartbeat_timeout_secs, + election_timeout_millis) + result['changed'] = True + except Exception as e: + module.fail_json(msg='Unable to create replica_set: %s' % to_native(e)) + else: + result['changed'] = True + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_shard.py b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_shard.py new file mode 100644 index 00000000..3587135d --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_shard.py @@ -0,0 +1,369 @@ +#!/usr/bin/python + +# (c) 2018, Rhys Campbell <rhys.james.campbell@googlemail.com> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = ''' +--- +module: mongodb_shard +short_description: Add or remove shards from a MongoDB Cluster +description: + - Add or remove shards from a MongoDB Cluster. +author: Rhys Campbell (@rhysmeister) +version_added: "1.0.0" + +extends_documentation_fragment: + - community.mongodb.login_options + - community.mongodb.ssl_options + +options: + shard: + description: + - The shard connection string. + - Should be supplied in the form <replicaset>/host:port as detailed in U(https://docs.mongodb.com/manual/tutorial/add-shards-to-shard-cluster/). + - For example rs0/example1.mongodb.com:27017. + required: true + type: str + sharded_databases: + description: + - Enable sharding on the listed database. + - Can be supplied as a string or a list of strings. + - Sharding cannot be disabled on a database. + required: false + type: raw + mongos_process: + description: + - Provide a custom name for the mongos process you are connecting to. + - Most users can ignore this setting. + required: false + type: str + default: "mongos" + state: + description: + - Whether the shard should be present or absent from the Cluster. + required: false + type: str + default: present + choices: + - "absent" + - "present" + +notes: + - Requires the pymongo Python package on the remote host, version 2.4.2+. +requirements: [ pymongo ] +''' + +EXAMPLES = ''' +- name: Add a replicaset shard named rs1 with a member running on port 27018 on mongodb0.example.net + community.mongodb.mongodb_shard: + login_user: admin + login_password: admin + shard: "rs1/mongodb0.example.net:27018" + state: present + +- name: Add a standalone mongod shard running on port 27018 of mongodb0.example.net + community.mongodb.mongodb_shard: + login_user: admin + login_password: admin + shard: "mongodb0.example.net:27018" + state: present + +- name: To remove a shard called 'rs1' + community.mongodb.mongodb_shard: + login_user: admin + login_password: admin + shard: rs1 + state: absent + +# Single node shard running on localhost +- name: Ensure shard rs0 exists + community.mongodb.mongodb_shard: + login_user: admin + login_password: secret + shard: "rs0/localhost:3001" + state: present + +# Single node shard running on localhost +- name: Ensure shard rs1 exists + community.mongodb.mongodb_shard: + login_user: admin + login_password: secret + shard: "rs1/localhost:3002" + state: present + +# Enable sharding on a few databases when creating the shard +- name: To remove a shard called 'rs1' + community.mongodb.mongodb_shard: + login_user: admin + login_password: admin + shard: rs1 + sharded_databases: + - db1 + - db2 + state: present +''' + +RETURN = ''' +mongodb_shard: + description: The name of the shard to create. + returned: success + type: str +sharded_enabled: + description: Databases that have had sharding enabled during module execution. + returned: success when sharding is enabled + type: list +''' + +import os +import ssl as ssl_lib +from distutils.version import LooseVersion +import traceback +import time + + +from ansible.module_utils.basic import AnsibleModule, missing_required_lib +from ansible.module_utils.six import binary_type, text_type +from ansible.module_utils.six.moves import configparser +from ansible.module_utils._text import to_native +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import ( + check_compatibility, + missing_required_lib, + load_mongocnf, + mongodb_common_argument_spec, + ssl_connection_options +) +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import ( + PyMongoVersion, + PYMONGO_IMP_ERR, + pymongo_found, + MongoClient +) + + +def shard_find(client, shard): + """Check if a shard exists. + + Args: + client (cursor): Mongodb cursor on admin database. + shard (str): shard to check. + + Returns: + dict: when user exists, False otherwise. + """ + if '/' in shard: + s = shard.split('/')[0] + else: + s = shard + for shard in client["config"].shards.find({"_id": s}): + return shard + return False + + +def shard_add(client, shard): + try: + sh = client["admin"].command('addShard', shard) + except Exception as excep: + raise excep + return sh + + +def shard_remove(client, shard): + try: + sh = client["admin"].command('removeShard', shard) + except Exception as excep: + raise excep + return sh + + +def sharded_dbs(client): + ''' + Returns the sharded databases + Args: + client (cursor): Mongodb cursor on admin database. + Returns: + a list of database names that are sharded + ''' + sharded_databases = [] + for entry in client["config"].databases.find({"partitioned": True}, {"_id": 1}): + sharded_databases.append(entry["_id"]) + return sharded_databases + + +def enable_database_sharding(client, database): + ''' + Enables sharding on a database + Args: + client (cursor): Mongodb cursor on admin database. + Returns: + true on success, false on failure + ''' + s = False + db = client["admin"].command('enableSharding', database) + if db: + s = True + return s + + +def any_dbs_to_shard(client, sharded_databases): + ''' + Return a list of databases that need to have sharding enabled + sharded_databases - Provided by module + cluster_sharded_databases - List of sharded dbs from the mongos + ''' + dbs_to_shard = [] + cluster_sharded_databases = sharded_dbs(client) + for db in sharded_databases: + if db not in cluster_sharded_databases: + dbs_to_shard.append(db) + return dbs_to_shard + + +# ========================================= +# Module execution. +# + + +def main(): + argument_spec = mongodb_common_argument_spec() + argument_spec.update( + mongos_process=dict(type='str', required=False, default="mongos"), + shard=dict(type='str', required=True), + sharded_databases=dict(type="raw", required=False), + state=dict(type='str', required=False, default='present', choices=['absent', 'present']) + ) + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True, + required_together=[['login_user', 'login_password']], + ) + + if not pymongo_found: + module.fail_json(msg=missing_required_lib('pymongo'), + exception=PYMONGO_IMP_ERR) + + login_user = module.params['login_user'] + login_password = module.params['login_password'] + login_database = module.params['login_database'] + login_host = module.params['login_host'] + login_port = module.params['login_port'] + ssl = module.params['ssl'] + shard = module.params['shard'] + state = module.params['state'] + sharded_databases = module.params['sharded_databases'] + mongos_process = module.params['mongos_process'] + + try: + connection_params = { + "host": login_host, + "port": int(login_port) + } + + if ssl: + connection_params = ssl_connection_options(connection_params, module) + + client = MongoClient(**connection_params) + + try: + # Get server version: + try: + srv_version = LooseVersion(client.server_info()['version']) + except Exception as e: + module.fail_json(msg='Unable to get MongoDB server version: %s' % to_native(e)) + + # Get driver version:: + driver_version = LooseVersion(PyMongoVersion) + + # Check driver and server version compatibility: + check_compatibility(module, srv_version, driver_version) + except Exception as excep: + if excep.code == 13: + if login_user is not None and login_password is not None: + client.admin.authenticate(login_user, login_password, source=login_database) + check_compatibility(module, client) + else: + raise excep + else: + raise excep + + if login_user is None and login_password is None: + mongocnf_creds = load_mongocnf() + if mongocnf_creds is not False: + login_user = mongocnf_creds['user'] + login_password = mongocnf_creds['password'] + elif login_password is None or login_user is None: + module.fail_json(msg='when supplying login arguments, both login_user and login_password must be provided') + + try: + client['admin'].command('listDatabases', 1.0) # if this throws an error we need to authenticate + except Exception as excep: + if excep.code == 13: + if login_user is not None and login_password is not None: + client.admin.authenticate(login_user, login_password, source=login_database) + else: + raise excep + else: + raise excep + + except Exception as e: + module.fail_json(msg='unable to connect to database: %s' % to_native(e), exception=traceback.format_exc()) + + try: + if client["admin"].command("serverStatus")["process"] != mongos_process: + module.fail_json(msg="Process running on {0}:{1} is not a {2}".format(login_host, login_port, mongos_process)) + shard_created = False + dbs_to_shard = [] + + if sharded_databases is not None: + if isinstance(sharded_databases, str): + sharded_databases = list(sharded_databases) + dbs_to_shard = any_dbs_to_shard(client, sharded_databases) + + if module.check_mode: + if state == "present": + changed = False + if not shard_find(client, shard) or len(dbs_to_shard) > 0: + changed = True + elif state == "absent": + if not shard_find(client, shard): + changed = False + else: + changed = True + else: + if state == "present": + if not shard_find(client, shard): + shard_add(client, shard) + changed = True + else: + changed = False + if len(dbs_to_shard) > 0: + for db in dbs_to_shard: + enable_database_sharding(client, db) + changed = True + elif state == "absent": + if shard_find(client, shard): + shard_remove(client, shard) + changed = True + else: + changed = False + except Exception as e: + action = "add" + if state == "absent": + action = "remove" + module.fail_json(msg='Unable to {0} shard: %s'.format(action) % to_native(e), exception=traceback.format_exc()) + + result = { + "changed": changed, + "shard": shard, + } + if len(dbs_to_shard) > 0: + result['sharded_enabled'] = dbs_to_shard + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_shell.py b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_shell.py new file mode 100644 index 00000000..59d927ec --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_shell.py @@ -0,0 +1,365 @@ +#!/usr/bin/python + +# 2020 Rhys Campbell <rhys.james.campbell@googlemail.com> +# https://github.com/rhysmeister +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import absolute_import, division, print_function + + +DOCUMENTATION = ''' +--- +module: mongodb_shell +author: Rhys Campbell (@rhysmeister) +short_description: Run commands via the MongoDB shell. +requirements: + - mongo +description: + - Run commands via the MongoDB shell. + - Commands provided with the eval parameter or included in a Javascript file. + - Attempts to parse returned data into a format that Ansible can use. + +extends_documentation_fragment: + - community.mongodb.login_options + +options: + mongo_cmd: + description: + - The MongoDB shell command. + type: str + default: "mongo" + db: + description: + - The database to run commands against + type: str + required: false + default: "test" + file: + description: + - Path to a file containing MongoDB commands. + type: str + eval: + description: + - A MongoDB command to run. + type: str + nodb: + description: + - Specify a non-default encoding for output. + type: bool + default: false + norc: + description: + - Prevents the shell from sourcing and evaluating ~/.mongorc.js on start up. + type: bool + default: false + quiet: + description: + - Silences output from the shell during the connection process.. + type: bool + default: true + debug: + description: + - show additional debug info. + type: bool + default: false + transform: + description: + - Transform the output returned to the user. + - auto - Attempt to automatically decide the best tranformation. + - split - Split output on a character. + - json - parse as json. + - raw - Return the raw output. + type: str + choices: + - "auto" + - "split" + - "json" + - "raw" + default: "auto" + split_char: + description: + - Used by the split action in the transform stage. + type: str + default: " " + stringify: + description: + - Wraps the command in eval in JSON.stringify(<js cmd>). + - Useful for escaping documents that are returned in Extended JSON format. + type: bool + default: false + additional_args: + description: + - Additional arguments to supply to the mongo command. + - Supply as key-value pairs. + - If the parameter is a valueless flag supply an empty string as the value. + type: raw + idempotent: + description: + - Provides a form of pseudo-idempotency to the module. + - We perform a hash calculation on the contents of the eval key or the file name provided in the file key. + - When the command is first execute a filed called <hash>.success will be created. + - The module will not rerun the command if this file exists and idempotent is set to true. + type: bool + default: false +''' + +EXAMPLES = ''' +- name: Run the listDatabases command + community.mongodb.mongodb_shell: + login_user: user + login_password: secret + eval: "db.adminCommand('listDatabases')" + +- name: List collections and stringify the output + community.mongodb.mongodb_shell: + login_user: user + login_password: secret + eval: "db.adminCommand('listCollections')" + stringify: yes + +- name: Run the showBuiltinRoles command + community.mongodb.mongodb_shell: + login_user: user + login_password: secret + eval: "db.getRoles({showBuiltinRoles: true})" + +- name: Run a js file containing MongoDB commands with pseudo-idempotency + community.mongodb.mongodb_shell: + login_user: user + login_password: secret + file: "/path/to/mongo/file.js" + idempotent: yes + +- name: Provide a couple of additional cmd args + community.mongodb.mongodb_shell: + login_user: user + login_password: secret + eval: "db.adminCommand('listDatabases')" + additional_args: + verbose: True + networkMessageCompressors: "snappy" +''' + +RETURN = ''' +file: + description: JS file that was executed successfully. + returned: When a js file is used. + type: str +msg: + description: A message indicating what has happened. + returned: always + type: str +transformed_output: + description: Output from the mongo command. We attempt to parse this into a list or json where possible. + returned: on success + type: list +changed: + description: Change status. + returned: always + type: bool +failed: + description: Something went wrong. + returned: on failure + type: bool +out: + description: Raw stdout from mongo. + returned: when debug is set to true + type: str +err: + description: Raw stderr from mongo. + returned: when debug is set to true + type: str +rc: + description: Return code from mongo. + returned: when debug is set to true + type: int +''' + +from ansible.module_utils.basic import AnsibleModule, load_platform_subclass +import socket +import re +import time +import json +import os +__metaclass__ = type + +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import ( + mongodb_common_argument_spec +) + + +def add_arg_to_cmd(cmd_list, param_name, param_value, is_bool=False): + """ + @cmd_list - List of cmd args. + @param_name - Param name / flag. + @param_value - Value of the parameter + @is_bool - Flag is a boolean and has no value. + """ + if is_bool is False and param_value is not None: + cmd_list.append(param_name) + if param_name == "--eval": + cmd_list.append("\"{0}\"".format(param_value)) + else: + cmd_list.append(param_value) + elif is_bool is True: + cmd_list.append(param_name) + return cmd_list + + +def transform_output(output, transform_type, split_char): + if transform_type == "auto": # determine what transform_type to perform + if output.strip().startswith("{") or output.strip().startswith("["): + transform_type = "json" + elif isinstance(output.strip().split(None), list): # Splits on whitespace + transform_type = "split" + split_char = None + elif isinstance(output.strip().split(","), list): + transform_type = "split" + split_char = "," + elif isinstance(output.strip().split(" "), list): + transform_type = "split" + split_char = " " + elif isinstance(output.strip().split("|"), list): + transform_type = "split" + split_char = "|" + elif isinstance(output.strip().split("\t"), list): + transform_type = "split" + split_char = "\t" + else: + tranform_type = "raw" + if transform_type == "json": + output = json.loads(output) + elif transform_type == "split": + output = output.strip().split(split_char) + elif transform_type == "raw": + output = output.strip() + return output + + +def get_hash_value(module): + ''' + Returns the hash value of either the provided file or eval command + ''' + hash_value = None + try: + import hashlib + except ImportError as excep: + module.fail_json(msg="Unable to import hashlib: {0}".format(excep.message)) + if module.params['file'] is not None: + hash_value = hashlib.md5(module.params['file'].encode('utf-8')).hexdigest() + else: + hash_value = hashlib.md5(module.params['eval'].encode('utf-8')).hexdigest() + return hash_value + + +def touch(fname, times=None): + with open(fname, 'a'): + os.utime(fname, times) + + +def main(): + argument_spec = mongodb_common_argument_spec(ssl_options=False) + argument_spec.update( + mongo_cmd=dict(type='str', default="mongo"), + file=dict(type='str', required=False), + eval=dict(type='str', required=False), + db=dict(type='str', required=False, default="test"), + nodb=dict(type='bool', required=False, default=False), + norc=dict(type='bool', required=False, default=False), + quiet=dict(type='bool', required=False, default=True), + debug=dict(type='bool', required=False, default=False), + transform=dict(type='str', choices=["auto", "split", "json", "raw"], default="auto"), + split_char=dict(type='str', default=" "), + stringify=dict(type='bool', default=False), + additional_args=dict(type='raw'), + idempotent=dict(type='bool', default=False) + ) + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True, + required_together=[['login_user', 'login_password']], + mutually_exclusive=[["eval", "file"]] + ) + + args = [ + module.params['mongo_cmd'], + module.params['db'] + ] + + hash_value = get_hash_value(module) + + if module.params['idempotent']: + if os.path.isfile("{0}.success".format(hash_value)): + module.exit_json(changed=False, + msg="The file {0}.success was found meaning this " + "command has already successfully executed " + "on this MongoDB host.".format(hash_value)) + + if not module.params['file']: + if module.params['eval'].startswith("show "): + msg = "You cannot use any shell helper (e.g. use <dbname>, show dbs, etc.)"\ + " inside the eval parameter because they are not valid JavaScript." + module.fail_json(msg=msg) + if module.params['stringify']: + module.params['eval'] = "JSON.stringify({0})".format(module.params['eval']) + + args = add_arg_to_cmd(args, "--host", module.params['login_host']) + args = add_arg_to_cmd(args, "--port", module.params['login_port']) + args = add_arg_to_cmd(args, "--username", module.params['login_user']) + args = add_arg_to_cmd(args, "--password", module.params['login_password']) + args = add_arg_to_cmd(args, "--authenticationDatabase", module.params['login_database']) + args = add_arg_to_cmd(args, "--eval", module.params['eval']) + args = add_arg_to_cmd(args, "--nodb", None, module.params['nodb']) + args = add_arg_to_cmd(args, "--norc", None, module.params['norc']) + args = add_arg_to_cmd(args, "--quiet", None, module.params['quiet']) + + additional_args = module.params['additional_args'] + if additional_args is not None: + for key, value in additional_args.items(): + if isinstance(value, bool): + args.append(" --{0}".format(key)) + elif isinstance(value, str) or isinstance(value, int): + args.append(" --{0} {1}".format(key, value)) + if module.params['file']: + args.pop(1) + args.append(module.params['file']) + + rc = None + out = '' + err = '' + result = {} + cmd = " ".join(str(item) for item in args) + + (rc, out, err) = module.run_command(cmd, check_rc=False) + + if module.params['debug']: + result['out'] = out + result['err'] = err + result['rc'] = rc + result['cmd'] = cmd + + if rc != 0: + if err is None or err == "": + err = out + module.fail_json(msg=err.strip(), **result) + else: + result['changed'] = True + if module.params['idempotent']: + touch("{0}.success".format(hash_value)) + try: + output = transform_output(out, + module.params['transform'], + module.params['split_char']) + result['transformed_output'] = output + result['msg'] = "transform type was {0}".format(module.params['transform']) + if module.params['file'] is not None: + result['file'] = module.params['file'] + except Exception as excep: + result['msg'] = "Error tranforming output: {0}".format(str(excep)) + result['transformed_output'] = None + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_shutdown.py b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_shutdown.py new file mode 100644 index 00000000..4e555fe9 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_shutdown.py @@ -0,0 +1,183 @@ +#!/usr/bin/python + +# Copyright: (c) 2020, Rhys Campbell <rhys.james.campbell@googlemail.com> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r''' +--- +module: mongodb_shutdown +short_description: Cleans up all database resources and then terminates the mongod/mongos process. +description: + - Cleans up all database resources and then terminates the process. +author: Rhys Campbell (@rhysmeister) +version_added: "1.0.0" + +extends_documentation_fragment: + - community.mongodb.login_options + - community.mongodb.ssl_options + +options: + force: + description: + - Specify true to force the mongod to shut down. + - Force shutdown interrupts any ongoing operations on the mongod and may result in unexpected behavior. + type: bool + default: false + timeout: + description: + - The number of seconds the primary should wait for a secondary to catch up. + type: int + default: 10 +notes: +- Requires the pymongo Python package on the remote host, version 2.4.2+. This + can be installed using pip or the OS package manager. @see U(http://api.mongodb.org/python/current/installation.html) +requirements: + - pymongo +''' + +EXAMPLES = r''' +- name: Attempt to perform a clean shutdown + community.mongodb.mongodb_shutdown: + +- name: Force shutdown with a timeout of 60 seconds + mongodb_maintenance: + force: true + timeout: 60 +''' + +RETURN = r''' +changed: + description: Whether the member was shutdown. + returned: success + type: bool +msg: + description: A short description of what happened. + returned: success + type: str +failed: + description: If something went wrong + returned: failed + type: bool +''' + +from copy import deepcopy + +import os +import ssl as ssl_lib +from distutils.version import LooseVersion + + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.six import binary_type, text_type +from ansible.module_utils.six.moves import configparser +from ansible.module_utils._text import to_native +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import ( + check_compatibility, + missing_required_lib, + load_mongocnf, + mongodb_common_argument_spec, + ssl_connection_options +) +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import PyMongoVersion, PYMONGO_IMP_ERR, pymongo_found, MongoClient + + +def main(): + argument_spec = mongodb_common_argument_spec() + argument_spec.update( + force=dict(type='bool', default=False), + timeout=dict(type='int', default=10) + ) + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True, + required_together=[['login_user', 'login_password']], + ) + + try: + from collections import OrderedDict + except ImportError as excep: + try: + from ordereddict import OrderedDict + except ImportError as excep: + module.fail_json(msg='Cannot import OrderedDict class. You can probably install with: pip install ordereddict: %s' + % to_native(excep)) + + if not pymongo_found: + module.fail_json(msg=missing_required_lib('pymongo'), + exception=PYMONGO_IMP_ERR) + + login_user = module.params['login_user'] + login_password = module.params['login_password'] + login_database = module.params['login_database'] + login_host = module.params['login_host'] + login_port = module.params['login_port'] + force = module.params['force'] + timeout = module.params['timeout'] + ssl = module.params['ssl'] + + result = dict( + changed=False, + ) + + connection_params = dict( + host=login_host, + port=int(login_port), + ) + + if ssl: + connection_params = ssl_connection_options(connection_params, module) + + try: + client = MongoClient(**connection_params) + except Exception as excep: + module.fail_json(msg='Unable to connect to MongoDB: %s' % to_native(excep)) + + if login_user is None and login_password is None: + mongocnf_creds = load_mongocnf() + if mongocnf_creds is not False: + login_user = mongocnf_creds['user'] + login_password = mongocnf_creds['password'] + elif login_password is None or login_user is None: + module.fail_json(msg="When supplying login arguments, both 'login_user' and 'login_password' must be provided") + + if login_user is not None and login_password is not None: + try: + client.admin.authenticate(login_user, login_password, source=login_database) + # Get server version: + try: + srv_version = LooseVersion(client.server_info()['version']) + except Exception as excep: + module.fail_json(msg='Unable to get MongoDB server version: %s' % to_native(excep)) + + # Get driver version:: + driver_version = LooseVersion(PyMongoVersion) + # Check driver and server version compatibility: + check_compatibility(module, srv_version, driver_version) + except Exception as excep: + module.fail_json(msg='Unable to authenticate with MongoDB: %s' % to_native(excep)) + + try: + cmd_doc = OrderedDict([ + ('shutdown', 1), + ('force', force), + ('timeout', timeout) + ]) + client['admin'].command(cmd_doc) + result["changed"] = True + result["msg"] = "mongod process was terminated sucessfully" + except Exception as excep: + if "connection closed" in str(excep): + result["changed"] = True + result["msg"] = "mongod process was terminated sucessfully" + else: + result["msg"] = "An error occurred: {0}".format(excep) + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_status.py b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_status.py new file mode 100644 index 00000000..479fc3c6 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_status.py @@ -0,0 +1,349 @@ +#!/usr/bin/python + +# Copyright: (c) 2018, Rhys Campbell <rhys.james.campbell@googlemail.com> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r''' +--- +module: mongodb_status +short_description: Validates the status of the cluster. +description: + - Validates the status of the cluster. + - The module expects all replicaset nodes to be PRIMARY, SECONDARY or ARBITER. + - Will wait until a timeout for the replicaset state to converge if required. + - Can also be used to lookup the current PRIMARY member (see examples). +author: Rhys Campbell (@rhysmeister) +version_added: "1.0.0" + +extends_documentation_fragment: + - community.mongodb.login_options + - community.mongodb.ssl_options + +options: + replica_set: + description: + - Replicaset name. + type: str + default: rs0 + poll: + description: + - The maximum number of times to query for the replicaset status before the set converges or we fail. + type: int + default: 1 + interval: + description: + - The number of seconds to wait between polling executions. + type: int + default: 30 +notes: +- Requires the pymongo Python package on the remote host, version 2.4.2+. This + can be installed using pip or the OS package manager. @see U(http://api.mongodb.org/python/current/installation.html) +requirements: +- pymongo +''' + +EXAMPLES = r''' +- name: Check replicaset is healthy, fail if not after first attempt + community.mongodb.mongodb_status: + replica_set: rs0 + when: ansible_hostname == "mongodb1" + +- name: Wait for the replicaset rs0 to converge, check 5 times, 10 second interval between checks + community.mongodb.mongodb_status: + replica_set: rs0 + poll: 5 + interval: 10 + when: ansible_hostname == "mongodb1" + +# Get the replicaset status and then lookup the primary's hostname and save to a variable +- name: Ensure replicaset is stable before beginning + community.mongodb.mongodb_status: + login_user: "{{ admin_user }}" + login_password: "{{ admin_user_password }}" + poll: 3 + interval: 10 + register: rs + +- name: Lookup PRIMARY replicaset member + set_fact: + primary: "{{ item.key.split('.')[0] }}" + loop: "{{ lookup('dict', rs.replicaset) }}" + when: "'PRIMARY' in item.value" +''' + +RETURN = r''' +failed: + description: If the mnodule had failed or not. + returned: always + type: bool +iterations: + description: Number of times the module has queried the replicaset status. + returned: always + type: int +msg: + description: Status message. + returned: always + type: str +replicaset: + description: The last queried status of all the members of the replicaset if obtainable. + returned: always + type: dict +''' + + +from copy import deepcopy +import time + +import os +import ssl as ssl_lib +from distutils.version import LooseVersion +import traceback + + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.six import binary_type, text_type +from ansible.module_utils.six.moves import configparser +from ansible.module_utils._text import to_native +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import ( + check_compatibility, + missing_required_lib, + load_mongocnf, + mongodb_common_argument_spec, + ssl_connection_options +) +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import PyMongoVersion, PYMONGO_IMP_ERR, pymongo_found, MongoClient + + +def replicaset_status(client, module): + """ + Return the replicaset status document from MongoDB + # https://docs.mongodb.com/manual/reference/command/replSetGetStatus/ + """ + rs = client.admin.command('replSetGetStatus') + return rs + + +def replicaset_members(replicaset_document): + """ + Returns the members section of the MongoDB replicaset document + """ + return replicaset_document["members"] + + +def replicaset_friendly_document(members_document): + """ + Returns a version of the members document with + only the info this module requires: name & stateStr + """ + friendly_document = {} + + for member in members_document: + friendly_document[member["name"]] = member["stateStr"] + return friendly_document + + +def replicaset_statuses(members_document, module): + """ + Return a list of the statuses + """ + statuses = [] + for member in members_document: + statuses.append(members_document[member]) + return statuses + + +def replicaset_good(statuses, module): + """ + Returns true if the replicaset is in a "good" condition. + Good is defined as an odd number of servers >= 3, with + max one primary, and any even amount of + secondary and arbiter servers + """ + module.debug(msg=str(statuses)) + msg = "Unset" + status = None + valid_statuses = ["PRIMARY", "SECONDARY", "ARBITER"] + # Odd number of servers is good + if len(statuses) % 2 == 1: + if (statuses.count("PRIMARY") == 1 + and ((statuses.count("SECONDARY") + + statuses.count("ARBITER")) % 2 == 0) + and len(set(statuses) - set(valid_statuses)) == 0): + status = True + msg = "replicaset is in a converged state" + else: + status = False + msg = "replicaset is not currently in a converged state" + else: + msg = "Even number of servers currently in replicaset." + status = False + return status, msg + + +def replicaset_status_poll(client, module): + """ + client - MongoDB Client + poll - Number of times to poll + interval - interval between polling attempts + """ + iterations = 0 # How many times we have queried the cluster + failures = 0 # Number of failures when querying the replicaset + poll = module.params['poll'] + interval = module.params['interval'] + status = None + return_doc = {} + + while iterations < poll: + try: + iterations += 1 + replicaset_document = replicaset_status(client, module) + members = replicaset_members(replicaset_document) + friendly_document = replicaset_friendly_document(members) + statuses = replicaset_statuses(friendly_document, module) + status, msg = replicaset_good(statuses, module) + if status: # replicaset looks good + return_doc = {"failures": failures, + "poll": poll, + "iterations": iterations, + "msg": msg, + "replicaset": friendly_document} + break + else: + failures += 1 + return_doc = {"failures": failures, + "poll": poll, + "iterations": iterations, + "msg": msg, + "replicaset": friendly_document, + "failed": True} + if iterations == poll: + break + else: + time.sleep(interval) + except Exception as e: + failures += 1 + return_doc['failed'] = True + return_doc['msg'] = str(e) + status = False + if iterations == poll: + break + else: + time.sleep(interval) + + return_doc['failures'] = failures + return status, return_doc['msg'], return_doc + + +# ========================================= +# Module execution. +# + + +def main(): + argument_spec = mongodb_common_argument_spec() + argument_spec.update( + interval=dict(type='int', default=30), + poll=dict(type='int', default=1), + replica_set=dict(type='str', default="rs0"), + ) + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=False, + required_together=[['login_user', 'login_password']], + ) + if not pymongo_found: + module.fail_json(msg=missing_required_lib('pymongo'), + exception=PYMONGO_IMP_ERR) + + login_user = module.params['login_user'] + login_password = module.params['login_password'] + login_database = module.params['login_database'] + login_host = module.params['login_host'] + login_port = module.params['login_port'] + replica_set = module.params['replica_set'] + ssl = module.params['ssl'] + poll = module.params['poll'] + interval = module.params['interval'] + + result = dict( + failed=False, + replica_set=replica_set, + ) + + connection_params = dict( + host=login_host, + port=int(login_port), + ) + + if ssl: + connection_params = ssl_connection_options(connection_params, module) + + try: + client = MongoClient(**connection_params) + except Exception as e: + module.fail_json(msg='Unable to connect to database: %s' % to_native(e)) + + try: + # Get server version: + try: + srv_version = LooseVersion(client.server_info()['version']) + except Exception as e: + module.fail_json(msg='Unable to get MongoDB server version: %s' % to_native(e)) + + # Get driver version:: + driver_version = LooseVersion(PyMongoVersion) + + # Check driver and server version compatibility: + check_compatibility(module, srv_version, driver_version) + except Exception as excep: + if excep.code != 13: + raise excep + if login_user is None or login_password is None: + raise excep + client.admin.authenticate(login_user, login_password, source=login_database) + check_compatibility(module, client) + + if login_user is None and login_password is None: + mongocnf_creds = load_mongocnf() + if mongocnf_creds is not False: + login_user = mongocnf_creds['user'] + login_password = mongocnf_creds['password'] + elif login_password is None or login_user is None: + module.fail_json(msg="When supplying login arguments, both 'login_user' and 'login_password' must be provided") + + try: + client['admin'].command('listDatabases', 1.0) # if this throws an error we need to authenticate + except Exception as excep: + if "not authorized on" in str(excep) or "command listDatabases requires authentication" in str(excep): + if login_user is not None and login_password is not None: + try: + client.admin.authenticate(login_user, login_password, source=login_database) + except Exception as excep: + module.fail_json(msg='unable to connect to database: %s' % to_native(excep), exception=traceback.format_exc()) + else: + module.fail_json(msg='unable to connect to database: %s' % to_native(excep), exception=traceback.format_exc()) + else: + module.fail_json(msg='unable to connect to database: %s' % to_native(excep), exception=traceback.format_exc()) + + if len(replica_set) == 0: + module.fail_json(msg="Parameter 'replica_set' must not be an empty string") + + try: + status, msg, return_doc = replicaset_status_poll(client, module) # Sort out the return doc + replicaset = return_doc['replicaset'] + iterations = return_doc['iterations'] + except Exception as e: + module.fail_json(msg='Unable to query replica_set info: %s' % str(e)) + + if status is False: + module.fail_json(msg=msg, replicaset=replicaset, iterations=iterations) + else: + module.exit_json(msg=msg, replicaset=replicaset, iterations=iterations) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_stepdown.py b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_stepdown.py new file mode 100644 index 00000000..48d2b085 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_stepdown.py @@ -0,0 +1,317 @@ +#!/usr/bin/python + +# Copyright: (c) 2020, Rhys Campbell <rhys.james.campbell@googlemail.com> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r''' +--- +module: mongodb_stepdown +short_description: Step down the MongoDB node from a PRIMARY state. +description: > + Step down the MongoDB node from the PRIMARY state if it has that status. + Returns OK immediately if the member is already in the SECONDARY or ARBITER states. + Will wait until a timeout for the member state to reach SECONDARY or PRIMARY, + if the member state is currently STARTUP, RECOVERING, STARTUP2 or ROLLBACK, + before taking any needed action. +author: Rhys Campbell (@rhysmeister) +version_added: "1.0.0" + +extends_documentation_fragment: + - community.mongodb.login_options + - community.mongodb.ssl_options + +options: + poll: + description: + - The maximum number of times query for the member status. + type: int + default: 1 + interval: + description: + - The number of seconds to wait between poll executions. + type: int + default: 30 + stepdown_seconds: + description: + - The number of seconds to step down the primary, during which time the stepdown member is ineligible for becoming primary. + type: int + default: 60 + secondary_catch_up: + description: + - The secondaryCatchUpPeriodSecs parameter for the stepDown command. + - The number of seconds that mongod will wait for an electable secondary to catch up to the primary. + type: int + default: 10 + force: + description: + - Optional. A boolean that determines whether the primary steps down if no electable and up-to-date secondary exists within the wait period. + type: bool + default: false +notes: + - Requires the pymongo Python package on the remote host, version 2.4.2+. This + can be installed using pip or the OS package manager. @see U(http://api.mongodb.org/python/current/installation.html) +requirements: + - pymongo +''' + +EXAMPLES = r''' +- name: Step down the current MongoDB member + community.mongodb.mongodb_stepdown: + login_user: admin + login_password: secret + +- name: Step down the current MongoDB member, poll a maximum of 5 times if member state is recovering + community.mongodb.mongodb_stepdown: + login_user: admin + login_password: secret + poll: 5 + interval: 10 +''' + +RETURN = r''' +failed: + description: If the module had failed or not. + returned: always + type: bool +iteration: + description: Number of times the module has queried the replicaset status. + returned: always + type: int +msg: + description: Status message. + returned: always + type: str +''' + + +from copy import deepcopy +import time + +import os +import ssl as ssl_lib +from distutils.version import LooseVersion +import traceback + + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.six import binary_type, text_type +from ansible.module_utils.six.moves import configparser +from ansible.module_utils._text import to_native +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import ( + check_compatibility, + missing_required_lib, + load_mongocnf, + mongodb_common_argument_spec, + ssl_connection_options +) +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import PyMongoVersion, PYMONGO_IMP_ERR, pymongo_found, MongoClient + + +def member_status(client): + """ + Return the member status string + # https://docs.mongodb.com/manual/reference/command/replSetGetStatus/ + """ + myStateStr = None + rs = client.admin.command('replSetGetStatus') + for member in rs["members"]: + if "self" in member.keys(): + myStateStr = member["stateStr"] + return myStateStr + + +def member_stepdown(client, module): + """ + client - MongoDB Client + module - Ansible module object + """ + + try: + from collections import OrderedDict + except ImportError as excep: + try: + from ordereddict import OrderedDict + except ImportError as excep: + module.fail_json(msg='Cannot import OrderedDict class. You can probably install with: pip install ordereddict: %s' + % to_native(excep)) + + iterations = 0 # How many times we have queried the member + failures = 0 # Number of failures when querying the replicaset + poll = module.params['poll'] + interval = module.params['interval'] + stepdown_seconds = module.params['stepdown_seconds'] + secondary_catch_up = module.params['secondary_catch_up'] + force = module.params['force'] + return_doc = {} + status = None + + while iterations < poll: + try: + iterations += 1 + return_doc['iterations'] = iterations + myStateStr = member_status(client) + if myStateStr == "PRIMARY": + # Run step down command + if module.check_mode: + return_doc["msg"] = "member was stepped down" + return_doc['changed'] = True + status = True + break + else: + cmd_doc = OrderedDict([ + ('replSetStepDown', stepdown_seconds), + ('secondaryCatchUpPeriodSecs', secondary_catch_up), + ('force', force) + ]) + try: + client.admin.command(cmd_doc) # For now we assume the stepDown was successful + except Exception as excep: + # 4.0 and below close the connection as part of the stepdown. + # This code should be removed once we support 4.2+ onwards + # https://tinyurl.com/yc79g9ay + if str(excep) == "connection closed": + pass + else: + raise excep + return_doc['changed'] = True + status = True + return_doc["msg"] = "member was stepped down" + break + elif myStateStr in ["SECONDARY", "ARBITER"]: + return_doc["msg"] = "member was already at {0} state".format(myStateStr) + return_doc['changed'] = False + status = True + break + elif myStateStr in ["STARTUP", "RECOVERING", "STARTUP2", "ROLLBACK"]: + time.sleep(interval) # Wait for interval + else: + return_doc["msg"] = "Unexpected member state {0}".format(myStateStr) + return_doc['changed'] = False + status = False + break + except Exception as e: + failures += 1 + return_doc['failed'] = True + return_doc['changed'] = False + return_doc['msg'] = str(e) + status = False + if iterations == poll: + break + else: + time.sleep(interval) + + return status, return_doc['msg'], return_doc + + +# ========================================= +# Module execution. +# + + +def main(): + argument_spec = mongodb_common_argument_spec() + argument_spec.update( + force=dict(type='bool', default=False), + interval=dict(type='int', default=30), + poll=dict(type='int', default=1), + secondary_catch_up=dict(type='int', default=10), + stepdown_seconds=dict(type='int', default=60) + ) + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True, + required_together=[['login_user', 'login_password']], + ) + if not pymongo_found: + module.fail_json(msg=missing_required_lib('pymongo'), + exception=PYMONGO_IMP_ERR) + + login_user = module.params['login_user'] + login_password = module.params['login_password'] + login_database = module.params['login_database'] + login_host = module.params['login_host'] + login_port = module.params['login_port'] + ssl = module.params['ssl'] + poll = module.params['poll'] + interval = module.params['interval'] + stepdown_seconds = module.params['stepdown_seconds'] + secondary_catch_up = module.params['secondary_catch_up'] + + result = dict( + failed=False, + ) + + connection_params = dict( + host=login_host, + port=int(login_port), + ) + + if ssl: + connection_params = ssl_connection_options(connection_params, module) + + try: + client = MongoClient(**connection_params) + except Exception as e: + module.fail_json(msg='Unable to connect to database: %s' % to_native(e)) + + try: + # Get server version: + try: + srv_version = LooseVersion(client.server_info()['version']) + except Exception as e: + module.fail_json(msg='Unable to get MongoDB server version: %s' % to_native(e)) + + # Get driver version:: + driver_version = LooseVersion(PyMongoVersion) + + # Check driver and server version compatibility: + check_compatibility(module, srv_version, driver_version) + except Exception as excep: + if "not authorized on" not in str(excep) and "there are no users authenticated" not in str(excep): + raise excep + if login_user is None or login_password is None: + raise excep + client.admin.authenticate(login_user, login_password, source=login_database) + check_compatibility(module, client) + + if login_user is None and login_password is None: + mongocnf_creds = load_mongocnf() + if mongocnf_creds is not False: + login_user = mongocnf_creds['user'] + login_password = mongocnf_creds['password'] + elif login_password is None or login_user is None: + module.fail_json(msg="When supplying login arguments, both 'login_user' and 'login_password' must be provided") + + try: + client['admin'].command('listDatabases', 1.0) # if this throws an error we need to authenticate + except Exception as excep: + if "not authorized on" in str(excep) or "command listDatabases requires authentication" in str(excep): + if login_user is not None and login_password is not None: + try: + client.admin.authenticate(login_user, login_password, source=login_database) + except Exception as excep: + module.fail_json(msg='unable to connect to database: %s' % to_native(excep), exception=traceback.format_exc()) + else: + module.fail_json(msg='unable to connect to database: %s' % to_native(excep), exception=traceback.format_exc()) + else: + module.fail_json(msg='unable to connect to database: %s' % to_native(excep), exception=traceback.format_exc()) + + try: + status, msg, return_doc = member_stepdown(client, module) + iterations = return_doc['iterations'] + changed = return_doc['changed'] + except Exception as e: + module.fail_json(msg='Unable to query replica_set info: %s' % str(e)) + + if status is False: + module.fail_json(msg=msg, iterations=iterations, changed=changed) + else: + module.exit_json(msg=msg, iterations=iterations, changed=changed) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_user.py b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_user.py new file mode 100644 index 00000000..199038d8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/plugins/modules/mongodb_user.py @@ -0,0 +1,460 @@ +#!/usr/bin/python + +# (c) 2012, Elliott Foster <elliott@fourkitchens.com> +# Sponsored by Four Kitchens http://fourkitchens.com. +# (c) 2014, Epic Games, Inc. +# +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = ''' +--- +module: mongodb_user +short_description: Adds or removes a user from a MongoDB database +description: + - Adds or removes a user from a MongoDB database. +version_added: "1.0.0" + +extends_documentation_fragment: + - community.mongodb.login_options + - community.mongodb.ssl_options + +options: + replica_set: + description: + - Replica set to connect to (automatically connects to primary for writes). + type: str + database: + description: + - The name of the database to add/remove the user from. + required: true + type: str + aliases: [db] + name: + description: + - The name of the user to add or remove. + required: true + aliases: [user] + type: str + password: + description: + - The password to use for the user. + type: str + aliases: [pass] + roles: + type: list + elements: raw + description: + - > + The database user roles valid values could either be one or more of the following strings: + 'read', 'readWrite', 'dbAdmin', 'userAdmin', 'clusterAdmin', 'readAnyDatabase', 'readWriteAnyDatabase', 'userAdminAnyDatabase', + 'dbAdminAnyDatabase' + - "Or the following dictionary '{ db: DATABASE_NAME, role: ROLE_NAME }'." + - "This param requires pymongo 2.5+. If it is a string, mongodb 2.4+ is also required. If it is a dictionary, mongo 2.6+ is required." + state: + description: + - The database user state. + default: present + choices: [absent, present] + type: str + update_password: + default: always + choices: [always, on_create] + description: + - C(always) will always update passwords and cause the module to return changed. + - C(on_create) will only set the password for newly created users. + - This must be C(always) to use the localhost exception when adding the first admin user. + type: str + create_for_localhost_exception: + type: path + description: + - This is parmeter is only useful for handling special treatment around the localhost exception. + - If C(login_user) is defined, then the localhost exception is not active and this parameter has no effect. + - If this file is NOT present (and C(login_user) is not defined), then touch this file after successfully adding the user. + - If this file is present (and C(login_user) is not defined), then skip this task. + +notes: + - Requires the pymongo Python package on the remote host, version 2.4.2+. This + can be installed using pip or the OS package manager. Newer mongo server versions require newer + pymongo versions. @see http://api.mongodb.org/python/current/installation.html +requirements: + - "pymongo" +author: + - "Elliott Foster (@elliotttf)" + - "Julien Thebault (@Lujeni)" +''' + +EXAMPLES = ''' +- name: Create 'burgers' database user with name 'bob' and password '12345'. + community.mongodb.mongodb_user: + database: burgers + name: bob + password: 12345 + state: present + +- name: Create a database user via SSL (MongoDB must be compiled with the SSL option and configured properly) + community.mongodb.mongodb_user: + database: burgers + name: bob + password: 12345 + state: present + ssl: True + +- name: Delete 'burgers' database user with name 'bob'. + community.mongodb.mongodb_user: + database: burgers + name: bob + state: absent + +- name: Define more users with various specific roles (if not defined, no roles is assigned, and the user will be added via pre mongo 2.2 style) + community.mongodb.mongodb_user: + database: burgers + name: ben + password: 12345 + roles: read + state: present + +- name: Define roles + community.mongodb.mongodb_user: + database: burgers + name: jim + password: 12345 + roles: readWrite,dbAdmin,userAdmin + state: present + +- name: Define roles + community.mongodb.mongodb_user: + database: burgers + name: joe + password: 12345 + roles: readWriteAnyDatabase + state: present + +- name: Add a user to database in a replica set, the primary server is automatically discovered and written to + community.mongodb.mongodb_user: + database: burgers + name: bob + replica_set: belcher + password: 12345 + roles: readWriteAnyDatabase + state: present + +# add a user 'oplog_reader' with read only access to the 'local' database on the replica_set 'belcher'. This is useful for oplog access (MONGO_OPLOG_URL). +# please notice the credentials must be added to the 'admin' database because the 'local' database is not synchronized and can't receive user credentials +# To login with such user, the connection string should be MONGO_OPLOG_URL="mongodb://oplog_reader:oplog_reader_password@server1,server2/local?authSource=admin" +# This syntax requires mongodb 2.6+ and pymongo 2.5+ +- name: Roles as a dictionary + community.mongodb.mongodb_user: + login_user: root + login_password: root_password + database: admin + user: oplog_reader + password: oplog_reader_password + state: present + replica_set: belcher + roles: + - db: local + role: read + +- name: Adding a user with X.509 Member Authentication + community.mongodb.mongodb_user: + login_host: "mongodb-host.test" + login_port: 27001 + login_database: "$external" + database: "admin" + name: "admin" + password: "test" + roles: + - dbAdminAnyDatabase + ssl: true + ssl_ca_certs: "/tmp/ca.crt" + ssl_certfile: "/tmp/tls.key" #cert and key in one file + state: present + auth_mechanism: "MONGODB-X509" + connection_options: + - "tlsAllowInvalidHostnames=true" +''' + +RETURN = ''' +user: + description: The name of the user to add or remove. + returned: success + type: str +''' + +import os +import ssl as ssl_lib +from distutils.version import LooseVersion +import traceback +from operator import itemgetter + + +from ansible.module_utils.basic import AnsibleModule, missing_required_lib +from ansible.module_utils.six import binary_type, text_type +from ansible.module_utils.six.moves import configparser +from ansible.module_utils._text import to_native, to_bytes +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import ( + check_compatibility, + missing_required_lib, + load_mongocnf, + mongodb_common_argument_spec, + ssl_connection_options +) +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import PyMongoVersion, PYMONGO_IMP_ERR, pymongo_found, MongoClient + + +def user_find(client, user, db_name): + """Check if the user exists. + + Args: + client (cursor): Mongodb cursor on admin database. + user (str): User to check. + db_name (str): User's database. + + Returns: + dict: when user exists, False otherwise. + """ + for mongo_user in client[db_name].command('usersInfo')['users']: + if mongo_user['user'] == user: + # NOTE: there is no 'db' field in mongo 2.4. + if 'db' not in mongo_user: + return mongo_user + + if mongo_user["db"] in [db_name, "admin"]: # Workaround to make the condition works with AWS DocumentDB, since all users are in the admin database. + + return mongo_user + return False + + +def user_add(module, client, db_name, user, password, roles): + # pymongo's user_add is a _create_or_update_user so we won't know if it was changed or updated + # without reproducing a lot of the logic in database.py of pymongo + db = client[db_name] + + try: + exists = user_find(client, user, db_name) + except Exception as excep: + # We get this exception: "not authorized on admin to execute command" + # when auth is enabled on a new instance. The loalhost exception should + # allow us to create the first user. If the localhost exception does not apply, + # then user creation will also fail with unauthorized. So, ignore Unauthorized here. + if hasattr(excep, 'code') and excep.code == 13: # 13=Unauthorized + exists = False + else: + raise + + if exists: + user_add_db_command = 'updateUser' + else: + user_add_db_command = 'createUser' + + user_dict = {} + + if password is not None: + user_dict["pwd"] = password + if roles is not None: + user_dict["roles"] = roles + + db.command(user_add_db_command, user, **user_dict) + + +def user_remove(module, client, db_name, user): + exists = user_find(client, user, db_name) + if exists: + if module.check_mode: + module.exit_json(changed=True, user=user) + db = client[db_name] + db.command("dropUser", user) + else: + module.exit_json(changed=False, user=user) + + +def check_if_roles_changed(uinfo, roles, db_name): + # We must be aware of users which can read the oplog on a replicaset + # Such users must have access to the local DB, but since this DB does not store users credentials + # and is not synchronized among replica sets, the user must be stored on the admin db + # Therefore their structure is the following : + # { + # "_id" : "admin.oplog_reader", + # "user" : "oplog_reader", + # "db" : "admin", # <-- admin DB + # "roles" : [ + # { + # "role" : "read", + # "db" : "local" # <-- local DB + # } + # ] + # } + + def make_sure_roles_are_a_list_of_dict(roles, db_name): + output = list() + for role in roles: + if isinstance(role, (binary_type, text_type)): + new_role = {"role": role, "db": db_name} + output.append(new_role) + else: + output.append(role) + return output + + roles_as_list_of_dict = make_sure_roles_are_a_list_of_dict(roles, db_name) + uinfo_roles = uinfo.get('roles', []) + + if sorted(roles_as_list_of_dict, key=itemgetter('db')) == sorted(uinfo_roles, key=itemgetter('db')): + return False + return True + + +# ========================================= +# Module execution. +# + +def main(): + argument_spec = mongodb_common_argument_spec() + argument_spec.update( + database=dict(required=True, aliases=['db']), + name=dict(required=True, aliases=['user']), + password=dict(aliases=['pass'], no_log=True), + replica_set=dict(default=None), + roles=dict(default=None, type='list', elements='raw'), + state=dict(default='present', choices=['absent', 'present']), + update_password=dict(default="always", choices=["always", "on_create"], no_log=False), + create_for_localhost_exception=dict(default=None, type='path'), + ) + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True, + required_together=[['login_user', 'login_password']], + ) + if not pymongo_found: + module.fail_json(msg=missing_required_lib('pymongo'), + exception=PYMONGO_IMP_ERR) + + login_user = module.params['login_user'] + login_password = module.params['login_password'] + login_host = module.params['login_host'] + login_port = module.params['login_port'] + login_database = module.params['login_database'] + create_for_localhost_exception = module.params['create_for_localhost_exception'] + b_create_for_localhost_exception = ( + to_bytes(create_for_localhost_exception, errors='surrogate_or_strict') + if create_for_localhost_exception is not None else None + ) + + replica_set = module.params['replica_set'] + db_name = module.params['database'] + user = module.params['name'] + password = module.params['password'] + ssl = module.params['ssl'] + roles = module.params['roles'] or [] + state = module.params['state'] + update_password = module.params['update_password'] + + try: + connection_params = { + "host": login_host, + "port": int(login_port), + } + + if replica_set: + connection_params["replicaset"] = replica_set + + if ssl: + connection_params = ssl_connection_options(connection_params, module) + + client = MongoClient(**connection_params) + + if login_user is None and login_password is None: + mongocnf_creds = load_mongocnf() + if mongocnf_creds is not False: + login_user = mongocnf_creds['user'] + login_password = mongocnf_creds['password'] + elif login_password is None or login_user is None: + module.fail_json(msg='when supplying login arguments, both login_user and login_password must be provided') + + if login_user is not None and login_password is not None: + client.admin.authenticate(login_user, login_password, source=login_database) + # Get server version: + try: + srv_version = LooseVersion(client.server_info()['version']) + except Exception as e: + module.fail_json(msg='Unable to get MongoDB server version: %s' % to_native(e)) + + # Get driver version:: + driver_version = LooseVersion(PyMongoVersion) + + # Check driver and server version compatibility: + check_compatibility(module, srv_version, driver_version) + elif LooseVersion(PyMongoVersion) >= LooseVersion('3.0'): + if db_name != "admin": + module.fail_json(msg='The localhost login exception only allows the first admin account to be created') + # else: this has to be the first admin user added + + except Exception as e: + module.fail_json(msg='unable to connect to database: %s' % to_native(e), exception=traceback.format_exc()) + + if state == 'present': + if password is None and update_password == 'always': + module.fail_json(msg='password parameter required when adding a user unless update_password is set to on_create') + + if login_user is None and create_for_localhost_exception is not None: + if os.path.exists(b_create_for_localhost_exception): + try: + client.close() + except Exception: + pass + module.exit_json(changed=False, user=user, skipped=True, msg="The path in create_for_localhost_exception exists.") + + try: + if update_password != 'always': + uinfo = user_find(client, user, db_name) + if uinfo: + password = None + if not check_if_roles_changed(uinfo, roles, db_name): + module.exit_json(changed=False, user=user) + + if module.check_mode: + module.exit_json(changed=True, user=user) + + user_add(module, client, db_name, user, password, roles) + except Exception as e: + module.fail_json(msg='Unable to add or update user: %s' % to_native(e), exception=traceback.format_exc()) + finally: + try: + client.close() + except Exception: + pass + # Here we can check password change if mongo provide a query for that : https://jira.mongodb.org/browse/SERVER-22848 + # newuinfo = user_find(client, user, db_name) + # if uinfo['role'] == newuinfo['role'] and CheckPasswordHere: + # module.exit_json(changed=False, user=user) + + if login_user is None and create_for_localhost_exception is not None: + # localhost exception applied. + try: + # touch the file + open(b_create_for_localhost_exception, 'wb').close() + except Exception as e: + module.fail_json( + changed=True, + msg='Added user but unable to touch create_for_localhost_exception file %s: %s' % (create_for_localhost_exception, to_native(e)), + exception=traceback.format_exc() + ) + + elif state == 'absent': + try: + user_remove(module, client, db_name, user) + except Exception as e: + module.fail_json(msg='Unable to remove user: %s' % to_native(e), exception=traceback.format_exc()) + finally: + try: + client.close() + except Exception: + pass + module.exit_json(changed=True, user=user) + + +if __name__ == '__main__': + main() |