diff options
Diffstat (limited to 'collections-debian-merged/ansible_collections/community/mongodb/roles')
148 files changed, 4999 insertions, 0 deletions
diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/.yamllint b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/.yamllint new file mode 100644 index 00000000..88276760 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/.yamllint @@ -0,0 +1,33 @@ +--- +# Based on ansible-lint config +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: + max-spaces-after: -1 + level: error + commas: + max-spaces-after: -1 + level: error + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + max: 3 + level: error + hyphens: + level: error + indentation: disable + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: disable + new-lines: + type: unix + trailing-spaces: disable + truthy: disable diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/README.md b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/README.md new file mode 100644 index 00000000..3fc91610 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/README.md @@ -0,0 +1,56 @@ +mongodb_auth +============ + +This role to enables auth on MongoDB servers, adds the first admin user, and adds a list of other users. +If your mongo instance requires ssl or an alternative auth_mechanism, please use +[`module_defaults`](https://docs.ansible.com/ansible/latest/user_guide/playbooks_module_defaults.html) +to provide the default auth details for `community.mongodb.mongodb_user` (these defaults are ignored +when adding the initial admin user with the localhost exception). + +If running this on a MongoDB server that already has an admin user (ie when using this role to audit +an alternate install method), you must touch `/root/mongodb_admin.success` or you will get an error +when this role tries to add the admin user again. + +Role Variables +-------------- + +mongod_host: The domain or ip to use to communicate with mongod. Default localhost. +mongod_port: The port used by the mongod process. Default 27017. +mongod_package: The mongod package to install. Default mongodb-org-server. +authorization: Enable authorization. Default enabled. +mongodb_admin_db: MongoDB admin database (for adding users). Default admin. +mongodb_admin_user: MongoDB admin username. Default admin. +mongodb_admin_pwd: MongoDB admin password. Defaults to value of mongodb_admin_default_pwd. +mongodb_admin_default_pwd: MongoDB admin password (for parent roles to override without overriding user's password). Default admin. +mongodb_users: List of additional users to add. Each user dict should include fields: db, user, pwd, roles +mongodb_force_update_password: Whether or not to force a password update for any users in mongodb_users. Setting this to yes will result in 'changed' on every run, even if the password is the same. Setting this to no only adds a password when creating the user. + +IMPORTANT NOTE: It is expected that mongodb_admin_user & mongodb_admin_pwd values be overridden in your own file protected by Ansible Vault. Any production environments should protect these values. For more information see [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html) + +Dependencies +------------ + +mongodb_repository + +Example Playbook +---------------- + +Install MongoDB preparing hosts for a Sharded Cluster. + +```yaml + - hosts: servers + roles: + - { role: mongodb_repository } + - { role: mongodb_mongod, mongod_port: 27018, sharding: true } + - { role: mongodb_auth, mongod_port: 27018, mongod_host: 127.0.0.1, mongodb_admin_pwd: f00b@r } +``` + +License +------- + +BSD + +Author Information +------------------ + +Jacob Floyd (https://github.com/cognifloyd) diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/defaults/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/defaults/main.yml new file mode 100644 index 00000000..2612ee7b --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/defaults/main.yml @@ -0,0 +1,27 @@ +--- +# defaults file for mongodb_auth +mongod_port: 27017 +mongod_package: "mongodb-org-server" + +authorization: "enabled" + +# when adding auth, the login credentials to use +mongodb_admin_user: admin +# For production use - please change the admin password! +mongodb_admin_pwd: "{{ mongodb_default_admin_pwd }}" +# The default is separate so other roles can provide a default without overriding a user provided password. +mongodb_default_admin_pwd: admin +# allow for alternate admin roles (eg userAdminAnyDatabase) +mongodb_admin_roles: "root" + +# Additional users to add. +mongodb_users: [] +# - db: somedatabase +# user: someuser +# pwd: "S0meP@ss" +# roles: readWrite + +# whether or not to force a password update for any users in mongodb_users +# Setting this to yes will result in 'changed' on every run, even if the password is the same. +# See the comment in tasks/main.yml for more details. +mongodb_force_update_password: no diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/meta/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/meta/main.yml new file mode 100644 index 00000000..c2ab9e8b --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/meta/main.yml @@ -0,0 +1,30 @@ +--- +galaxy_info: + author: Jacob Floyd + description: Configure auth on MongoDB servers + + license: BSD + + min_ansible_version: 2.9 + + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/Dockerfile.j2 b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/Dockerfile.j2 new file mode 100644 index 00000000..935dd3d7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/Dockerfile.j2 @@ -0,0 +1,39 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +{% if item.env is defined %} +{% for var, value in item.env.items() %} +{% if value %} +ENV {{ var }} {{ value }} +{% endif %} +{% endfor %} +{% endif %} +# Add systemd-sysv package for Debian to get systemd working (and procps for sysctl) and netbase for firewalld +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates iproute2 systemd-sysv procps netbase && apt-get clean; \ + elif [ $(command -v dnf) ] && grep -q 'platform:el8' /etc/os-release ; then dnf makecache && dnf update -y && dnf --assumeyes install python3 sudo python3-devel bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && rm -Rf /usr/share/doc && rm -Rf /usr/share/man && dnf clean all && cp /bin/true /sbin/agetty; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash iproute && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash iproute && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi + +{% if item.image == 'centos:8' %} +# Stuff for systemd https://hub.docker.com/_/centos +RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \ + systemd-tmpfiles-setup.service ] || rm -f $i; done); \ + rm -f /lib/systemd/system/multi-user.target.wants/*;\ + rm -f /etc/systemd/system/*.wants/*;\ + rm -f /lib/systemd/system/local-fs.target.wants/*; \ + rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ + rm -f /lib/systemd/system/basic.target.wants/*;\ + rm -f /lib/systemd/system/anaconda.target.wants/*; + +VOLUME [ "/sys/fs/cgroup" ] +CMD ["/sbin/init"] +{% endif %} diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/molecule.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/molecule.yml new file mode 100644 index 00000000..783a1cdd --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/molecule.yml @@ -0,0 +1,50 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-data: + line-length: disable +platforms: + - name: centos_7 + image: centos:7 + command: /sbin/init + privileged: True + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: centos_8 + image: centos:8 + command: /sbin/init + privileged: True + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: ubuntu_16 + image: ubuntu:16.04 + command: /sbin/init + privileged: True + - name: ubuntu_18 + image: ubuntu:18.04 + command: /sbin/init + privileged: True + - name: debian_buster + image: debian:buster + command: /sbin/init + privileged: True + - name: debian_stretch + image: debian:stretch + command: /sbin/init + privileged: True +provisioner: + name: ansible + lint: + name: ansible-lint + enabled: false +verifier: + name: testinfra + lint: + name: flake8 + options: + ignore: 'E501' diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/playbook.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/playbook.yml new file mode 100644 index 00000000..ca136e75 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/playbook.yml @@ -0,0 +1,65 @@ +--- +- name: Converge + hosts: all + become: yes + vars: + # for this test, each machine is an isolated mongod instance + replicaset: false + sharding: false + + # initially disable authorization on some hosts + hosts_with_auth_disabled: + - ubuntu_18 + - debian_buster + + # add some users for some of the hosts + hosts_with_extra_user: + - centos_8 + - ubuntu_16 + - debian_buster + mongodb_users_empty: [] + mongodb_users_full: + - db: somedatabase + user: someuser + pwd: "S0meP@ss" + roles: readWrite + - db: somedatabase + user: otheruser + pwd: "0th3rP@ss" + roles: readWrite + mongodb_users: "{% if inventory_hostname in hosts_with_extra_user %}{{ mongodb_users_full }}{% else %}{{ mongodb_users_empty }}{% endif %}" + + roles: + - role: mongodb_repository + tags: molecule-idempotence-notest + - role: mongodb_mongod + authorization: "{% if inventory_hostname in hosts_with_auth_disabled %}disabled{% else %}enabled{% endif %}" + tags: molecule-idempotence-notest # avoids false positive where replacing conf file disables authorization again + + tasks: + - name: Add EPEL repo to CentOS 7 to allow installing pip package + become: yes + yum: + name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_facts.distribution_major_version }}.noarch.rpm" + state: present + when: inventory_hostname == 'centos_7' + + - name: Install python stuff + package: + name: + - "python{% if needs_3 %}3{% endif %}-setuptools" + - "python{% if needs_3 %}3{% endif %}-pip" + vars: + needs_3: "{{ ansible_facts.python.version.major == 3 }}" + + - name: Install pymongo + pip: + name: pymongo + + - name: Enable mongo auth + include_role: + name: mongodb_auth + + - name: Install MongoDB Shell + package: + name: mongodb-org-shell diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/tests/test_default.py b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/tests/test_default.py new file mode 100644 index 00000000..933015a0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/tests/test_default.py @@ -0,0 +1,56 @@ +import os +import yaml + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ["MOLECULE_INVENTORY_FILE"] +).get_hosts("all") + + +def include_vars(host): + ansible = host.ansible("include_vars", + 'file="../../defaults/main.yml"', + False, + False) + return ansible + + +def test_mongod_cnf_file(host): + f = host.file("/etc/mongod.conf") + + assert f.exists + assert yaml.safe_load(f.content)["security"]["authorization"] == "enabled" + + +def test_mongod_service(host): + mongod_service = include_vars(host)["ansible_facts"].get("mongod_service", "mongod") + s = host.service(mongod_service) + + assert s.is_running + assert s.is_enabled + + +def test_mongod_port(host): + port = include_vars(host)["ansible_facts"].get("mongod_port", 27017) + s = host.socket("tcp://0.0.0.0:{0}".format(port)) + assert s.is_listening + + +def test_mongo_shell_connectivity(host): + """ + Tests that we can connect to mongos via the shell annd run a cmd + """ + facts = include_vars(host)["ansible_facts"] + port = facts.get("mongod_port", 27017) + user = facts.get("mongod_admin_user", "admin") + pwd = facts.get("mongod_default_admin_pwd", "admin") + + cmd = host.run( + "mongo admin --username {user} --password {pwd} --port {port} --eval 'db.runCommand({{listDatabases: 1}})'".format( + user=user, pwd=pwd, port=port + ) + ) + + assert cmd.rc == 0 + assert "admin" in cmd.stdout diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/virtualbox/molecule.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/virtualbox/molecule.yml new file mode 100644 index 00000000..14d29680 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/virtualbox/molecule.yml @@ -0,0 +1,54 @@ +--- +dependency: + name: galaxy +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint + options: + config-data: + line-length: disable +platforms: + - name: centos-7 + box: centos/7 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: ubuntu-16 + box: ubuntu/xenial64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: ubuntu-18 + box: ubuntu/bionic64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: debian-buster + box: debian/buster64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: debian-stretch + box: debian/contrib-stretch64 # Standard debian/stretch64 had issues: Unable to locate package linux-headers-4.9.0-9-amd64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true +provisioner: + name: ansible + lint: + name: ansible-lint + enabled: false +verifier: + name: testinfra + lint: + name: flake8 + options: + ignore: 'E501' diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/virtualbox/playbook.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/virtualbox/playbook.yml new file mode 100644 index 00000000..5a0e4614 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/virtualbox/playbook.yml @@ -0,0 +1,66 @@ +--- +- name: Converge + hosts: all + become: yes + vars: + # for this test, each machine is an isolated mongod instance + replicaset: false + sharding: false + + # initially disable authorization on some hosts + hosts_with_auth_disabled: + - ubuntu_18 + - debian_buster + + # add some users for some of the hosts + hosts_with_extra_user: + - centos_8 + - ubuntu_16 + - debian_buster + mongodb_users_empty: [] + mongodb_users_full: + - db: somedatabase + user: someuser + pwd: "S0meP@ss" + roles: readWrite + - db: somedatabase + user: otheruser + pwd: "0th3rP@ss" + roles: readWrite + mongodb_users: "{% if inventory_hostname in hosts_with_extra_user %}{{ mongodb_users_full }}{% else %}{{ mongodb_users_empty }}{% endif %}" + + roles: + - role: mongodb_repository + tags: molecule-idempotence-notest + - role: mongodb_mongod + vars: + authorization: "{% if inventory_hostname in hosts_with_auth_disabled %}disabled{% else %}enabled{% endif %}" + tags: molecule-idempotence-notest # avoids false positive where replacing conf file disables authorization again + + tasks: + - name: Add EPEL repo to CentOS 7 to allow installing pip package + become: yes + yum: + name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_facts.distribution_major_version }}.noarch.rpm" + state: present + when: inventory_hostname == 'centos_7' + + - name: Install python stuff + package: + name: + - "python{% if needs_3 %}3{% endif %}-setuptools" + - "python{% if needs_3 %}3{% endif %}-pip" + vars: + needs_3: "{{ ansible_facts.python.version.major == 3 }}" + + - name: Install pymongo + pip: + name: pymongo + + - name: Enable mongo auth + include_role: + name: mongodb_auth + + - name: Install MongoDB Shell + package: + name: mongodb-org-shell diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/virtualbox/prepare.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/virtualbox/prepare.yml new file mode 100644 index 00000000..0f186973 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/virtualbox/prepare.yml @@ -0,0 +1,40 @@ +--- +- name: Prepare + hosts: all + become: yes + vars: + avahi_packages_redhat: + - "avahi" + - "nss-mdns" + avahi_packages_debian: + - "avahi-daemon" + - "avahi-discover" + - "libnss-mdns" + tasks: + + - name: Ensure epel is available + yum: + name: epel-release + state: present + when: ansible_os_family == "RedHat" + + - name: Install avahi packages + package: + name: "{{ avahi_packages_redhat }}" + state: present + when: ansible_os_family == "RedHat" + + - name: Install avahi packages + package: + name: "{{ avahi_packages_debian }}" + state: present + when: ansible_os_family == "Debian" + + # debian-stretch seems to require a reboot for avahi-daemon to run + - name: Reboot host + reboot: + + - name: Ensure avahi-daemon is started + service: + name: avahi-daemon + state: started diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/virtualbox/tests/test_default.py b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/virtualbox/tests/test_default.py new file mode 100644 index 00000000..933015a0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/virtualbox/tests/test_default.py @@ -0,0 +1,56 @@ +import os +import yaml + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ["MOLECULE_INVENTORY_FILE"] +).get_hosts("all") + + +def include_vars(host): + ansible = host.ansible("include_vars", + 'file="../../defaults/main.yml"', + False, + False) + return ansible + + +def test_mongod_cnf_file(host): + f = host.file("/etc/mongod.conf") + + assert f.exists + assert yaml.safe_load(f.content)["security"]["authorization"] == "enabled" + + +def test_mongod_service(host): + mongod_service = include_vars(host)["ansible_facts"].get("mongod_service", "mongod") + s = host.service(mongod_service) + + assert s.is_running + assert s.is_enabled + + +def test_mongod_port(host): + port = include_vars(host)["ansible_facts"].get("mongod_port", 27017) + s = host.socket("tcp://0.0.0.0:{0}".format(port)) + assert s.is_listening + + +def test_mongo_shell_connectivity(host): + """ + Tests that we can connect to mongos via the shell annd run a cmd + """ + facts = include_vars(host)["ansible_facts"] + port = facts.get("mongod_port", 27017) + user = facts.get("mongod_admin_user", "admin") + pwd = facts.get("mongod_default_admin_pwd", "admin") + + cmd = host.run( + "mongo admin --username {user} --password {pwd} --port {port} --eval 'db.runCommand({{listDatabases: 1}})'".format( + user=user, pwd=pwd, port=port + ) + ) + + assert cmd.rc == 0 + assert "admin" in cmd.stdout diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/tasks/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/tasks/main.yml new file mode 100644 index 00000000..4ead377c --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/tasks/main.yml @@ -0,0 +1,94 @@ +--- +# tasks file for mongodb_auth +- name: Include OS-specific vars + include_vars: + file: "{{ lookup('first_found', params) }}" + vars: + params: + paths: + - "vars" + files: + - "{{ ansible_facts.distribution }}-{{ ansible_facts.distribution_version }}.yml" + - "{{ ansible_facts.os_family }}-{{ ansible_facts.distribution_major_version }}.yml" + - "{{ ansible_facts.distribution }}.yml" + - "{{ ansible_facts.os_family }}.yml" + - default.yml + +- name: Ensure mongod and pyyaml packages are installed + package: + name: + - "{{ mongod_package }}" + # pyyaml is used to validate yaml files on change + - "{{ pyyaml_package }}" + register: _pkg + until: _pkg is succeeded + retries: 5 + +- name: Warn about default credentials + when: mongodb_admin_pwd == mongodb_default_admin_pwd + debug: + msg: "[WARNING] Using default admin credentials for mongodb admin account! Please change them!" + +- name: Add mongo admin user with localhost exception + community.mongodb.mongodb_user: + state: present + + # on_create triggers additional queries that are not compatible with localhost exception + update_password: always + + name: "{{ mongodb_admin_user }}" + password: "{{ mongodb_admin_pwd }}" + database: admin + roles: "{{ mongodb_admin_roles }}" + + login_host: localhost + login_port: "{{ mongod_port | string }}" # silence implicit int->str conversion warning + create_for_localhost_exception: /root/mongodb_admin.success + module_defaults: + community.mongodb.mongodb_user: {} + +- name: Enable security section in mongod.conf + lineinfile: + path: /etc/mongod.conf + regexp: |- + ^[#'"\s]*security['"]?\s*: + line: 'security:' + validate: | + {{ mongodb_python }} -c ' + import yaml, io + if "security" not in yaml.safe_load(io.open("%s")): + exit(1) + ' + +- name: Enable authentication in mongod.conf + lineinfile: + path: /etc/mongod.conf + insertafter: '^security:' + # two space indentation (the default) assumed + line: ' authorization: {{ authorization }}' + regexp: |- + ^[#'"\s]+authorization['"]?\s*: + validate: | + {{ mongodb_python }} -c ' + import yaml, io + if yaml.safe_load(io.open("%s"))["security"]["authorization"] != "{{ authorization }}": + exit(1) + ' + register: _enable_mongo_auth + +# This is a task instead of a handler so we can add users right away +- name: Restart mongodb to enable auth before adding additional users + # This allows us to safely assume auth is already enabled when adding more users + when: _enable_mongo_auth is changed + service: + name: mongod + state: restarted + +- name: Add additional mongo users + include_tasks: mongodb_auth_user.yml + loop: "{{ mongodb_users }}" + loop_control: + loop_var: _mongodb_user + # using loop_control: label does not obscure the password in output for verbosity > 1 + # So, loop over an include where the task name will include the username + db, but the loop var won't print out. + no_log: yes diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/tasks/mongodb_auth_user.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/tasks/mongodb_auth_user.yml new file mode 100644 index 00000000..285a0dc8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/tasks/mongodb_auth_user.yml @@ -0,0 +1,29 @@ +--- +- name: "Add mongo auth user - {{ _mongodb_user.user }} on {{ _mongodb_user.db }}" + community.mongodb.mongodb_user: + state: present + + # NOTE: on_create is idempotent, always is not. + # With `update_password: on_create`, mongodb_user checks to see if the user + # (a) exists on the db, and (b) has the same roles, + # and then it only adds the user if it's not there or the roles have changed. + # With `update_password: always`, mongodb_user cannot tell if the password + # needs to be changed without attempting a login with those credentials. + # But mongodb_user does not currently implement such a check. + # A comment in mongodb_user points to https://jira.mongodb.org/browse/SERVER-22848 + update_password: "{{ mongodb_force_update_password|ternary('always', 'on_create') }}" + + name: "{{ _mongodb_user.user }}" + password: "{{ _mongodb_user.pwd }}" + database: "{{ _mongodb_user.db }}" + roles: "{{ _mongodb_user.roles|default('readWrite') }}" + + login_host: localhost + login_port: "{{ mongod_port | string }}" # silence implicit int->str conversion warning + login_user: "{{ mongodb_admin_user }}" + login_password: "{{ mongodb_admin_pwd }}" + login_database: admin + # to provide additional auth details (eg for ssl* or auth_mechanism, set module_defaults in playbook) + # module_defaults: + # community.mongodb.mongodb_user: + # auth_mechanism: ... diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/vars/RedHat-7.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/vars/RedHat-7.yml new file mode 100644 index 00000000..190d2622 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/vars/RedHat-7.yml @@ -0,0 +1,2 @@ +--- +pyyaml_package: PyYAML diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/vars/RedHat-8.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/vars/RedHat-8.yml new file mode 100644 index 00000000..ba3964da --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/vars/RedHat-8.yml @@ -0,0 +1,2 @@ +--- +pyyaml_package: python3-pyyaml diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/vars/default.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/vars/default.yml new file mode 100644 index 00000000..af98d755 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/vars/default.yml @@ -0,0 +1,2 @@ +--- +pyyaml_package: "python{% if ansible_facts.python.version.major == 3 %}3{% endif %}-yaml" diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/vars/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/vars/main.yml new file mode 100644 index 00000000..458cdc63 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_auth/vars/main.yml @@ -0,0 +1,2 @@ +--- +mongodb_python: "{{ ansible_python_interpreter | default( (ansible_python|default({})).get('executable', 'python') ) }}" diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/.yamllint b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/.yamllint new file mode 100644 index 00000000..88276760 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/.yamllint @@ -0,0 +1,33 @@ +--- +# Based on ansible-lint config +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: + max-spaces-after: -1 + level: error + commas: + max-spaces-after: -1 + level: error + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + max: 3 + level: error + hyphens: + level: error + indentation: disable + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: disable + new-lines: + type: unix + trailing-spaces: disable + truthy: disable diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/README.md b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/README.md new file mode 100644 index 00000000..4c177d38 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/README.md @@ -0,0 +1,50 @@ +mongodb_config +============== + +A simple role to aid in setting up a CSRS Config Server Replicaset for a MongoDB sharded cluster. + +Role Variables +-------------- + +* `config_port`: The port used by the mongos process. Default 27019. +* `mongod_service`: The name of the mongod service. Default mongod. +* `mongodb_user`: The Linux OS user for MongoDB. Default mongod. +* `mongodb_group`: The Linux OS user group for MongoDB. Default mongod. +* `pid_file`: The pid file for mongos. Default /run/mongodb/mongos.pid. +* `bind_ip`: The IP address mongos will bind to. Default 0.0.0.0. +* `config_repl_set_name`: The replicaset name for the config servers. Default cfg. +* `authorization`: Enable authorization. Default enabled. +* `openssl_keyfile_content`: The kexfile content that MongoDB uses to authenticate within a replicaset. Generate with cmd: openssl rand -base64 756. +* `mongod_package`: The name of the mongod installation package. Default mongodb-org-server. +replicaset: When enabled add a replication section to the configuration. Default true. +* `mongod_config_template`: If defined allows to override path to mongod config template with custom configuration. Default "mongod.conf.j2" +* `skip_restart`: If set to `true` will skip restarting mongod service when config file or the keyfile content changes. Default `true`. + +Dependencies +------------ + +mongodb_repository + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables +passed in as parameters) is always nice for users too: + + +```yaml + - hosts: servers + roles: + - { role: mongodb_repository } + - { role: mongodb_config, config_repl_set_name: "mycustomrs" } +``` + +License +------- + +BSD + +Author Information +------------------ + +Rhys Campbell (https://github.com/rhysmeister) diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/defaults/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/defaults/main.yml new file mode 100644 index 00000000..5bf772a2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/defaults/main.yml @@ -0,0 +1,28 @@ +--- +# defaults file for mongodb_config +pid_file: /var/run/mongodb/mongod.pid +bind_ip: 0.0.0.0 +# config_port is in vars to facilitate molecule tests +config_repl_set_name: cfg +authorization: enabled +openssl_keyfile_content: | + Z2CeA9BMcoY5AUWoegjv/XWL2MA1SQcL4HvmRjYaTjSp/xosJy+LL2X3OQb1xVWC + rO2e6Tu6A3R4muunitI6Vr0IKeU5UbTpR0N4hSU6HDrV9z2PIEWlkQqKh01ZRLEY + V3hR73acj0jA8eWIWeiV039d18jvMb8X2h8409lfcD6PPJJGjyaC8S4LY/TrsK2z + tx+l/vqOOAMhGB5mEMjx1LXUMsRG9ot6vFu9I5LPd1A4q9xw9jddYK5C6YTLccun + ZyCDsv7ImkCprV0+0vhTyxIEnfaNtvOlWypuvmRr/DEyd2NPowd1n6C+rgk8gs1t + SGLCZP93gXza0rIoQzHtuf5pOJK9qyKjuNtuuLa/KFsida8a69JXn7fmS0IIja0m + Ir0OrQ2Ta3n4VbQwQo97BWODWmkgzz0mUd6VmMps5zLsCW1vVqYFQHuAAbLekW0q + 8JRm8OQ6n2hp8j4zYd3/Qw7vqsVj8sHicNB0bCW29b64H4f2J/AcUA/cm0xSUQyb + +myeCB4vWvydh5AfFVnw7sXvzU6egaYRomdmrl59QrTDneJu13hwzIchsFparoWJ + XjpldopGeDaJLU18ga7MSL02ozB+EoJ14DJxQU7E5MQk7fDMPeitXKZ8ymxb7LeA + k0Rtc/JQM8aDLoRklhLZRRARBrv1RLo8DM8CB2q4s+FwVU4QJl7mFyiwk3eTN6sN + PTgFRo3/dHsEA2OwGG+hnGFGnoYf2mkECR5jqai83CXgva9v2rPNjDTJYHpmd3I0 + fNijueXZZdzUA58y8mcoSGVYdRhr0g8jaWQ12PZEgX5Nnlekh5GHG0j8HT4qj/0Y + D3xVuE3WvrhldY5EOsaTt2ZXZx5REmJDIW1KcnvQKiVDJ2QzP5xdXYA0hh3TdTVE + sb4UreMw/WyBpANiICMlJRBgSd0f0VGMlYzLX2BL14YpNnLhmoQqKzfBN6v2XAEG + mJfrCUVuP1nBEklk23lYkNi/ohe+aodNjdN+2DHp42sGZHYP +mongod_package: "mongodb-org-server" +replicaset: true +mongod_config_template: "configsrv.conf.j2" +skip_restart: true diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/handlers/handlers.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/handlers/handlers.yml new file mode 100644 index 00000000..8b654cea --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/handlers/handlers.yml @@ -0,0 +1,10 @@ +--- + +- name: Restart mongod service + service: + name: "{{ mongod_service }}" + state: restarted + +- name: Wait for port to become active + wait_for: + port: "{{ config_port }}" diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/handlers/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/handlers/main.yml new file mode 100644 index 00000000..d1a7a569 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/handlers/main.yml @@ -0,0 +1,5 @@ +--- + +- name: Restart mongod service + import_tasks: handlers.yml + when: not skip_restart diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/meta/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/meta/main.yml new file mode 100644 index 00000000..1d46e31c --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/meta/main.yml @@ -0,0 +1,58 @@ +--- +galaxy_info: + author: Rhys Campbell + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 1.2 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + # github_branch: + + # + # platforms is a list of platforms, and each platform has a name and a list of versions. + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/Dockerfile.j2 b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/Dockerfile.j2 new file mode 100644 index 00000000..935dd3d7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/Dockerfile.j2 @@ -0,0 +1,39 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +{% if item.env is defined %} +{% for var, value in item.env.items() %} +{% if value %} +ENV {{ var }} {{ value }} +{% endif %} +{% endfor %} +{% endif %} +# Add systemd-sysv package for Debian to get systemd working (and procps for sysctl) and netbase for firewalld +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates iproute2 systemd-sysv procps netbase && apt-get clean; \ + elif [ $(command -v dnf) ] && grep -q 'platform:el8' /etc/os-release ; then dnf makecache && dnf update -y && dnf --assumeyes install python3 sudo python3-devel bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && rm -Rf /usr/share/doc && rm -Rf /usr/share/man && dnf clean all && cp /bin/true /sbin/agetty; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash iproute && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash iproute && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi + +{% if item.image == 'centos:8' %} +# Stuff for systemd https://hub.docker.com/_/centos +RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \ + systemd-tmpfiles-setup.service ] || rm -f $i; done); \ + rm -f /lib/systemd/system/multi-user.target.wants/*;\ + rm -f /etc/systemd/system/*.wants/*;\ + rm -f /lib/systemd/system/local-fs.target.wants/*; \ + rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ + rm -f /lib/systemd/system/basic.target.wants/*;\ + rm -f /lib/systemd/system/anaconda.target.wants/*; + +VOLUME [ "/sys/fs/cgroup" ] +CMD ["/sbin/init"] +{% endif %} diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/molecule.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/molecule.yml new file mode 100644 index 00000000..528c2be0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/molecule.yml @@ -0,0 +1,74 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-data: + line-length: disable +platforms: + - name: centos_7 + hostname: centos_7 + image: centos:7 + command: /sbin/init + privileged: True + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + networks: + - name: "mymongo" + network_mode: "mymongo" + - name: centos_8 + hostname: centos_8 + image: centos:8 + command: /sbin/init + privileged: True + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + networks: + - name: "mymongo" + network_mode: "mymongo" + - name: ubuntu_16 + hostname: ubuntu_16 + image: ubuntu:16.04 + command: /sbin/init + privileged: True + networks: + - name: "mymongo" + network_mode: "mymongo" + - name: ubuntu_18 + hostname: ubuntu_18 + image: ubuntu:18.04 + command: /sbin/init + privileged: True + networks: + - name: "mymongo" + network_mode: "mymongo" + - name: debian_buster + hostname: debian_buster + image: debian:buster + command: /sbin/init + privileged: True + networks: + - name: "mymongo" + network_mode: "mymongo" + - name: debian_stretch + hostname: debian_stretch + image: debian:stretch + command: /sbin/init + privileged: True + networks: + - name: "mymongo" + network_mode: "mymongo" +provisioner: + name: ansible + lint: + name: ansible-lint + enabled: false +verifier: + name: testinfra + lint: + name: flake8 + options: + ignore: 'E501' diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/playbook.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/playbook.yml new file mode 100644 index 00000000..ba4749b7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/playbook.yml @@ -0,0 +1,38 @@ +--- +- name: Converge + hosts: all + roles: + - role: mongodb_repository + tags: molecule-idempotence-notest + - role: mongodb_config + + tasks: + + - name: Install python stuff + package: + name: ["python-setuptools", "python-pip"] + when: ansible_hostname == "ubuntu_16" + + - name: Install pymongo + pip: + name: pymongo + when: ansible_hostname == "ubuntu_16" + + - name: Install MongoDB Shell + package: + name: mongodb-org-shell + + - name: Init config server replicaset + community.mongodb.mongodb_replicaset: + login_host: localhost + login_port: 27019 + replica_set: cfg + validate: no + members: + - centos_7:27019 + - centos_8:27019 + - ubuntu_16:27019 + - ubuntu_18:27019 + #- debian_stretch:27019 # need odd number, so drop stretch + - debian_buster:27019 + when: ansible_hostname == "ubuntu_16" diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/prepare.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/prepare.yml new file mode 100644 index 00000000..abdf26a2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/prepare.yml @@ -0,0 +1,10 @@ +--- +- name: Prepare + hosts: all + + tasks: + + - name: Create is_docker.txt file + file: + path: is_docker.txt + state: touch diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/tests/test_default.py b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/tests/test_default.py new file mode 100644 index 00000000..25db94ea --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/tests/test_default.py @@ -0,0 +1,67 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE'] +).get_hosts('all') + + +def include_vars(host): + if host.system_info.distribution == "redhat" \ + or host.system_info.distribution == "centos": + ansible = host.ansible('include_vars', + 'file="../../vars/RedHat.yml"', + False, + False) + if host.system_info.distribution == "debian" \ + or host.system_info.distribution == "ubuntu": + ansible = host.ansible('include_vars', + 'file="../../vars/Debian.yml"', + False, + False) + return ansible + + +def test_mongod_cnf_file(host): + mongodb_user = include_vars(host)['ansible_facts']['mongodb_user'] + mongodb_group = include_vars(host)['ansible_facts']['mongodb_group'] + f = host.file('/etc/mongod.conf') + + assert f.exists + assert f.user == mongodb_user + assert f.group == mongodb_group + + +def test_mongod_service(host): + mongod_service = include_vars(host)['ansible_facts']['mongod_service'] + s = host.service(mongod_service) + + assert s.is_running + assert s.is_enabled + + +def test_mongod_port(host): + port = include_vars(host)['ansible_facts']['config_port'] + s = host.socket("tcp://0.0.0.0:{0}".format(port)) + + assert s.is_listening + + +def test_mongod_replicaset(host): + ''' + Ensure that the MongoDB config replicaset has been created successfully + ''' + port = include_vars(host)['ansible_facts']['config_port'] + cmd = "mongo --port {0} --eval 'rs.status()'".format(port) + # We only want to run this once + if host.ansible.get_variables()['inventory_hostname'] == "ubuntu_16": + r = host.run(cmd) + + assert "cfg" in r.stdout + assert "centos_7:{0}".format(port) in r.stdout + assert "centos_8:{0}".format(port) in r.stdout + assert "ubuntu_16:{0}".format(port) in r.stdout + assert "ubuntu_18:{0}".format(port) in r.stdout + assert "debian_buster:{0}".format(port) in r.stdout + # assert "debian_stretch:{0}".format(port) in r.stdout diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/virtualbox/molecule.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/virtualbox/molecule.yml new file mode 100644 index 00000000..14d29680 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/virtualbox/molecule.yml @@ -0,0 +1,54 @@ +--- +dependency: + name: galaxy +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint + options: + config-data: + line-length: disable +platforms: + - name: centos-7 + box: centos/7 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: ubuntu-16 + box: ubuntu/xenial64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: ubuntu-18 + box: ubuntu/bionic64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: debian-buster + box: debian/buster64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: debian-stretch + box: debian/contrib-stretch64 # Standard debian/stretch64 had issues: Unable to locate package linux-headers-4.9.0-9-amd64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true +provisioner: + name: ansible + lint: + name: ansible-lint + enabled: false +verifier: + name: testinfra + lint: + name: flake8 + options: + ignore: 'E501' diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/virtualbox/playbook.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/virtualbox/playbook.yml new file mode 100644 index 00000000..92cefb0c --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/virtualbox/playbook.yml @@ -0,0 +1,38 @@ +--- +- name: Converge + hosts: all + become: yes + + roles: + - role: mongodb_repository + tags: molecule-idempotence-notest + - role: mongodb_config + + tasks: + + - name: Install python stuff + package: + name: ["python-setuptools", "python-pip"] + when: ansible_hostname == "ubuntu-16" + + - name: Install pymongo + pip: + name: pymongo + when: ansible_hostname == "ubuntu-16" + + - name: Install MongoDB Shell + package: + name: mongodb-org-shell + + - name: Init config server replicaset + community.mongodb.mongodb_replicaset: + login_host: localhost + login_port: 27019 + replica_set: cfg + members: + - ubuntu-16.local:27019 + - ubuntu-18.local:27019 + - debian-stretch.local:27019 + - debian-buster.local:27019 + - centos-7.local:27019 + when: ansible_hostname == "ubuntu-16" diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/virtualbox/prepare.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/virtualbox/prepare.yml new file mode 100644 index 00000000..acf089f2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/virtualbox/prepare.yml @@ -0,0 +1,39 @@ +--- +- name: Prepare + hosts: all + become: yes + vars: + avahi_packages_redhat: + - "avahi" + - "nss-mdns" + avahi_packages_debian: + - "avahi-daemon" + - "avahi-discover" + - "libnss-mdns" + tasks: + + - name: Ensure epel is available + yum: + name: epel-release + state: present + when: ansible_os_family == "RedHat" + + - name: Install avahi packages + package: + name: "{{ avahi_packages_redhat }}" + state: present + when: ansible_os_family == "RedHat" + + - name: Install avahi packages + package: + name: "{{ avahi_packages_debian }}" + state: present + when: ansible_os_family == "Debian" + + - name: Reboot host for avahi-daemon + reboot: + + - name: Ensure avahi-daemon is started + service: + name: avahi-daemon + state: started diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/virtualbox/tests/test_default.py b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/virtualbox/tests/test_default.py new file mode 100644 index 00000000..944004d2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/molecule/virtualbox/tests/test_default.py @@ -0,0 +1,66 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE'] +).get_hosts('all') + + +def include_vars(host): + if host.system_info.distribution == "redhat" \ + or host.system_info.distribution == "centos": + ansible = host.ansible('include_vars', + 'file="../../vars/RedHat.yml"', + False, + False) + if host.system_info.distribution == "debian" \ + or host.system_info.distribution == "ubuntu": + ansible = host.ansible('include_vars', + 'file="../../vars/Debian.yml"', + False, + False) + return ansible + + +def test_mongod_cnf_file(host): + mongodb_user = include_vars(host)['ansible_facts']['mongodb_user'] + mongodb_group = include_vars(host)['ansible_facts']['mongodb_group'] + f = host.file('/etc/mongod.conf') + + assert f.exists + assert f.user == mongodb_user + assert f.group == mongodb_group + + +def test_mongod_service(host): + mongod_service = include_vars(host)['ansible_facts']['mongod_service'] + s = host.service(mongod_service) + + assert s.is_running + assert s.is_enabled + + +def test_mongod_port(host): + port = include_vars(host)['ansible_facts']['config_port'] + s = host.socket("tcp://0.0.0.0:{0}".format(port)) + + assert s.is_listening + + +def test_mongod_cfg_replicaset(host): + ''' + Ensure that the MongoDB config replicaset has been created successfully + ''' + port = include_vars(host)['ansible_facts']['config_port'] + cmd = "mongo --port {0} --eval 'rs.status()'".format(port) + # We only want to run this once + if host.ansible.get_variables()['inventory_hostname'] == "ubuntu_16": + r = host.run(cmd) + + assert "cfg" in r.stdout + assert "ubuntu-16.local:{0}".format(port) in r.stdout + assert "ubuntu-18.local:{0}".format(port) in r.stdout + assert "debian-buster.local:{0}".format(port) in r.stdout + assert "debian-stretch.local:{0}".format(port) in r.stdout + assert "centos-7.local:{0}".format(port) in r.stdout diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/tasks/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/tasks/main.yml new file mode 100644 index 00000000..03d72f86 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/tasks/main.yml @@ -0,0 +1,74 @@ +--- +# tasks file for mongodb_config +- name: Include OS-specific vars + include_vars: + file: "{{ lookup('first_found', params) }}" + vars: + params: + paths: + - "vars" + files: + - "{{ ansible_facts.distribution }}-{{ ansible_facts.distribution_version }}.yml" + - "{{ ansible_facts.os_family }}-{{ ansible_facts.distribution_major_version }}.yml" + - "{{ ansible_facts.distribution }}.yml" + - "{{ ansible_facts.os_family }}.yml" + - default.yml + +- name: Check if we are in docker + stat: + path: is_docker.txt + register: is_docker + +- name: Ensure mongod package is installed + package: + name: "{{ mongod_package }}" + register: _pkg + until: _pkg is succeeded + retries: 5 + +- name: Ensure db_path dir exists + file: + path: "{{ db_path }}" + state: directory + owner: "{{ mongodb_user }}" + group: "{{ mongodb_group }}" + +- name: Copy config file + template: + src: "{{ mongod_config_template }}" + dest: /etc/mongod.conf + owner: "{{ mongodb_user }}" + group: "{{ mongodb_group }}" + notify: + - Restart mongod service + +- name: Copy keyfile to host + copy: + content: | + {{ openssl_keyfile_content }} + dest: /etc/keyfile + owner: "{{ mongodb_user }}" + group: "{{ mongodb_group }}" + mode: 0400 + notify: + - Restart mongod service + +- name: Check for github override + set_fact: + x_github_override: "{{ lookup('env', 'X_GITHUB_OVERRIDE') | default('0', True) }}" + +- name: Start mongod service + service: + name: "{{ mongod_service }}" + state: started + enabled: yes + when: not (ansible_facts.os_family == 'RedHat' + and ansible_facts.distribution_major_version|int == 8 + and is_docker.stat.exists) + +- name: Include tasks for RedHat 8 docker issue + import_tasks: redhat_docker.yml + when: + - ansible_facts.os_family == 'RedHat' + - ansible_facts.distribution_major_version|int == 8 + - is_docker.stat.exists diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/tasks/redhat_docker.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/tasks/redhat_docker.yml new file mode 100644 index 00000000..d08c66a1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/tasks/redhat_docker.yml @@ -0,0 +1,18 @@ +--- +- name: Comment out PIDFile in systemd file + lineinfile: + path: /etc/systemd/system/multi-user.target.wants/mongod.service + regexp: '^PIDFile.*' + state: absent + register: systemd + +- name: Reload systemd + systemd: + daemon_reload: yes + when: systemd is changed + +- name: Start mongod service + service: + name: "{{ mongod_service }}" + state: started + enabled: yes diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/templates/configsrv.conf.j2 b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/templates/configsrv.conf.j2 new file mode 100644 index 00000000..8b6c7b35 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/templates/configsrv.conf.j2 @@ -0,0 +1,46 @@ +# mongod.conf + +# for documentation of all options, see: +# http://docs.mongodb.org/manual/reference/configuration-options/ + +# where to write logging data. +systemLog: + destination: file + logAppend: true + path: /var/log/mongodb/mongod.log + +# Where and how to store data. +storage: + dbPath: {{ db_path }} + journal: + enabled: true + engine: "wiredTiger" + +# how the process runs +processManagement: +{% if ansible_facts.os_family == "RedHat" %} # Breaks Ubuntu / Debian + fork: true + pidFilePath: /var/run/mongodb/mongod.pid +{% endif %} + timeZoneInfo: /usr/share/zoneinfo + +# network interfaces +net: + port: {{ config_port }} + bindIp: {{ bind_ip }} + +{% if authorization == "enabled" %} +security: + authorization: {{ authorization }} + keyFile: /etc/keyfile +{% endif %} + +#operationProfiling: + +{% if replicaset %} +replication: + replSetName: {{ config_repl_set_name }} +{% endif %} + +sharding: + clusterRole: configsvr diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/vars/Debian.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/vars/Debian.yml new file mode 100644 index 00000000..a71c483b --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/vars/Debian.yml @@ -0,0 +1,6 @@ +--- +config_port: 27019 +mongodb_user: "mongodb" +mongodb_group: "mongodb" +mongod_service: "mongod" +db_path: /var/lib/mongodb diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/vars/RedHat.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/vars/RedHat.yml new file mode 100644 index 00000000..a0426a95 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/vars/RedHat.yml @@ -0,0 +1,6 @@ +--- +config_port: 27019 +mongodb_user: "mongod" +mongodb_group: "mongod" +mongod_service: "mongod" +db_path: /var/lib/mongo diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/vars/default.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/vars/default.yml new file mode 100644 index 00000000..a0426a95 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/vars/default.yml @@ -0,0 +1,6 @@ +--- +config_port: 27019 +mongodb_user: "mongod" +mongodb_group: "mongod" +mongod_service: "mongod" +db_path: /var/lib/mongo diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/vars/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/vars/main.yml new file mode 100644 index 00000000..28ce3d22 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_config/vars/main.yml @@ -0,0 +1,2 @@ +--- +is_redhat_8_in_docker: "{{ ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version|int == 8 and ansible_facts.virtualization_type == 'docker' }}" diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/.yamllint b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/.yamllint new file mode 100644 index 00000000..88276760 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/.yamllint @@ -0,0 +1,33 @@ +--- +# Based on ansible-lint config +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: + max-spaces-after: -1 + level: error + commas: + max-spaces-after: -1 + level: error + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + max: 3 + level: error + hyphens: + level: error + indentation: disable + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: disable + new-lines: + type: unix + trailing-spaces: disable + truthy: disable diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/README.md b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/README.md new file mode 100644 index 00000000..a3d149f5 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/README.md @@ -0,0 +1,33 @@ +mongodb_install +=============== + +Install MongoDB packages on Debian and RedHat based platforms. Installs the mongodb-org meta-package which then installs the following packages: mongodb-org-server, mongodb-org-shell, mongodb-org-mongos, mongodb-org-tools. + +Role Variables +-------------- + +specific_mongodb_version - Install a specific version of mongodb i.e. 4.4.1. The specified version must be available in the system repositories. By default this variable is undefined. + +Dependencies +------------ +mongodb_repository + +Example Playbook +---------------- + +```yaml + - hosts: servers + roles: + - mongodb_repository + - mongodb_install +``` + +License +------- + +BSD + +Author Information +------------------ + +Rhys Campbell (https://github.com/rhysmeister) diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/meta/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/meta/main.yml new file mode 100644 index 00000000..ba43fdd2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/meta/main.yml @@ -0,0 +1,58 @@ +--- +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 1.2 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + # github_branch: + + # + # platforms is a list of platforms, and each platform has a name and a list of versions. + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/Dockerfile.j2 b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/Dockerfile.j2 new file mode 100644 index 00000000..935dd3d7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/Dockerfile.j2 @@ -0,0 +1,39 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +{% if item.env is defined %} +{% for var, value in item.env.items() %} +{% if value %} +ENV {{ var }} {{ value }} +{% endif %} +{% endfor %} +{% endif %} +# Add systemd-sysv package for Debian to get systemd working (and procps for sysctl) and netbase for firewalld +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates iproute2 systemd-sysv procps netbase && apt-get clean; \ + elif [ $(command -v dnf) ] && grep -q 'platform:el8' /etc/os-release ; then dnf makecache && dnf update -y && dnf --assumeyes install python3 sudo python3-devel bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && rm -Rf /usr/share/doc && rm -Rf /usr/share/man && dnf clean all && cp /bin/true /sbin/agetty; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash iproute && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash iproute && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi + +{% if item.image == 'centos:8' %} +# Stuff for systemd https://hub.docker.com/_/centos +RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \ + systemd-tmpfiles-setup.service ] || rm -f $i; done); \ + rm -f /lib/systemd/system/multi-user.target.wants/*;\ + rm -f /etc/systemd/system/*.wants/*;\ + rm -f /lib/systemd/system/local-fs.target.wants/*; \ + rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ + rm -f /lib/systemd/system/basic.target.wants/*;\ + rm -f /lib/systemd/system/anaconda.target.wants/*; + +VOLUME [ "/sys/fs/cgroup" ] +CMD ["/sbin/init"] +{% endif %} diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/molecule.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/molecule.yml new file mode 100644 index 00000000..65d86499 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/molecule.yml @@ -0,0 +1,42 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-data: + line-length: disable +platforms: + - name: centos_7 + image: centos:7 + - name: centos_8 + image: centos:8 + - name: ubuntu_16 + image: ubuntu:16.04 + privileged: yes + command: "/sbin/init" + - name: ubuntu_18 + image: ubuntu:18.04 + privileged: yes + command: "/sbin/init" + - name: debian_buster + image: debian:buster + privileged: yes + command: "/sbin/init" + - name: debian_stretch + image: debian:stretch + privileged: yes + command: "/sbin/init" +provisioner: + name: ansible + lint: + name: ansible-lint + enabled: false +verifier: + name: testinfra + lint: + name: flake8 + options: + ignore: 'E501' diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/playbook.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/playbook.yml new file mode 100644 index 00000000..cfcf732b --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/playbook.yml @@ -0,0 +1,7 @@ +--- +- name: Converge + hosts: all + roles: + - role: mongodb_repository + tags: molecule-idempotence-notest + - role: mongodb_install diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/tests/test_default.py b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/tests/test_default.py new file mode 100644 index 00000000..b8a23ad4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/tests/test_default.py @@ -0,0 +1,31 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE'] +).get_hosts('all') + + +def test_mongod_available(host): + cmd = host.run("mongod --version") + assert cmd.rc == 0 + assert "db version" in cmd.stdout + + +def test_mongo_available(host): + cmd = host.run("mongo --version") + assert cmd.rc == 0 + assert "MongoDB shell version" in cmd.stdout + + +def test_mongos_available(host): + cmd = host.run("mongos --version") + assert cmd.rc == 0 + assert "mongos version" in cmd.stdout + + +def test_mongodump_available(host): + cmd = host.run("mongodump --version") + assert cmd.rc == 0 + assert "mongodump version" in cmd.stdout diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/Dockerfile.j2 b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/Dockerfile.j2 new file mode 100644 index 00000000..0de39e63 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/Dockerfile.j2 @@ -0,0 +1,22 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +{% if item.env is defined %} +{% for var, value in item.env.items() %} +{% if value %} +ENV {{ var }} {{ value }} +{% endif %} +{% endfor %} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates iproute2 && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash iproute && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash iproute && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/molecule.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/molecule.yml new file mode 100644 index 00000000..6fe3b428 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/molecule.yml @@ -0,0 +1,32 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-data: + line-length: disable +platforms: + - name: centos_7 + image: centos:7 + - name: ubuntu_16 + image: ubuntu:16.04 + - name: ubuntu_18 + image: ubuntu:18.04 + - name: debian_buster + image: debian:buster + - name: debian_stretch + image: debian:stretch +provisioner: + name: ansible + lint: + name: ansible-lint + enabled: false +verifier: + name: testinfra + lint: + name: flake8 + options: + ignore: 'E501' diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/playbook.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/playbook.yml new file mode 100644 index 00000000..f3386712 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/playbook.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + vars: + specific_mongodb_version: "4.2.2" + roles: + - role: mongodb_repository + - role: mongodb_install diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/tests/test_default.py b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/tests/test_default.py new file mode 100644 index 00000000..1b369fbf --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/tests/test_default.py @@ -0,0 +1,37 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE'] +).get_hosts('all') + + +def test_mongod_available(host): + cmd = host.run("mongod --version") + assert cmd.rc == 0 + assert "db version" in cmd.stdout + + +def test_mongo_available(host): + cmd = host.run("mongo --version") + assert cmd.rc == 0 + assert "MongoDB shell version" in cmd.stdout + + +def test_mongos_available(host): + cmd = host.run("mongos --version") + assert cmd.rc == 0 + assert "mongos version" in cmd.stdout + + +def test_mongodump_available(host): + cmd = host.run("mongodump --version") + assert cmd.rc == 0 + assert "mongodump version" in cmd.stdout + + +def test_specific_mongodb_version(host): + cmd = host.run("mongod --version") + assert cmd.rc == 0 + assert "4.2.2" in cmd.stdout diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/virtualbox/molecule.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/virtualbox/molecule.yml new file mode 100644 index 00000000..14d29680 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/virtualbox/molecule.yml @@ -0,0 +1,54 @@ +--- +dependency: + name: galaxy +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint + options: + config-data: + line-length: disable +platforms: + - name: centos-7 + box: centos/7 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: ubuntu-16 + box: ubuntu/xenial64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: ubuntu-18 + box: ubuntu/bionic64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: debian-buster + box: debian/buster64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: debian-stretch + box: debian/contrib-stretch64 # Standard debian/stretch64 had issues: Unable to locate package linux-headers-4.9.0-9-amd64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true +provisioner: + name: ansible + lint: + name: ansible-lint + enabled: false +verifier: + name: testinfra + lint: + name: flake8 + options: + ignore: 'E501' diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/virtualbox/playbook.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/virtualbox/playbook.yml new file mode 100644 index 00000000..1b64ffc5 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/virtualbox/playbook.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + become: yes + roles: + - role: mongodb_repository + tags: molecule-idempotence-notest + - role: mongodb_install diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/virtualbox/prepare.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/virtualbox/prepare.yml new file mode 100644 index 00000000..98711356 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/virtualbox/prepare.yml @@ -0,0 +1,43 @@ +--- +- name: Prepare + hosts: all + become: yes + vars: + avahi_packages_redhat: + - "avahi" + - "nss-mdns" + avahi_packages_debian: + - "avahi-daemon" + - "avahi-discover" + - "libnss-mdns" + tasks: + + - name: Ensure epel is available + yum: + name: epel-release + state: present + when: ansible_os_family == "RedHat" + + - name: Install avahi packages + package: + name: "{{ avahi_packages_redhat }}" + state: present + when: ansible_os_family == "RedHat" + + - name: Install avahi packages + package: + name: "{{ avahi_packages_debian }}" + state: present + when: ansible_os_family == "Debian" + + # debian-stretch seems to require a reboot for avahi-daemon to run + - name: Reboot host + reboot: + + - name: Ensure services are started + service: + name: "{{ item }}" + state: started + with_items: + #- dbus + - avahi-daemon diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/virtualbox/tests/test_default.py b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/virtualbox/tests/test_default.py new file mode 100644 index 00000000..b8a23ad4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/molecule/virtualbox/tests/test_default.py @@ -0,0 +1,31 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE'] +).get_hosts('all') + + +def test_mongod_available(host): + cmd = host.run("mongod --version") + assert cmd.rc == 0 + assert "db version" in cmd.stdout + + +def test_mongo_available(host): + cmd = host.run("mongo --version") + assert cmd.rc == 0 + assert "MongoDB shell version" in cmd.stdout + + +def test_mongos_available(host): + cmd = host.run("mongos --version") + assert cmd.rc == 0 + assert "mongos version" in cmd.stdout + + +def test_mongodump_available(host): + cmd = host.run("mongodump --version") + assert cmd.rc == 0 + assert "mongodump version" in cmd.stdout diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/tasks/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/tasks/main.yml new file mode 100644 index 00000000..59d5cdc6 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_install/tasks/main.yml @@ -0,0 +1,41 @@ +--- +# tasks file for mongodb_install +- name: Install MongoDB Packages + package: + name: mongodb-org + state: present + when: specific_mongodb_version is not defined + register: _pkg + until: _pkg is succeeded + retries: 5 + +- name: Install MongoDB Packages (Specific version) + package: + name: "mongodb-org-{{ specific_mongodb_version }}" + state: present + when: + - specific_mongodb_version is defined + - ansible_facts.os_family == "RedHat" + register: _pkg + until: _pkg is succeeded + retries: 5 + +# apt silliness: +# In order to upgrade/downgrade to a specific version of mongodb-org, +# we must also specifiy version of mongodb-org deps. +# https://dba.stackexchange.com/questions/197336/how-to-install-specific-mongo-version-from-the-ppa +- name: Install MongoDB Packages (Specific version) + package: + name: + - "mongodb-org={{ specific_mongodb_version }}" + - "mongodb-org-server={{ specific_mongodb_version }}" + - "mongodb-org-shell={{ specific_mongodb_version }}" + - "mongodb-org-mongos={{ specific_mongodb_version }}" + - "mongodb-org-tools={{ specific_mongodb_version }}" + state: present + when: + - specific_mongodb_version is defined + - ansible_facts.os_family == "Debian" + register: _pkg + until: _pkg is succeeded + retries: 5 diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/README.md b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/README.md new file mode 100644 index 00000000..7cc37be4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/README.md @@ -0,0 +1,42 @@ +mongodb_linux +============= + +A simple role to configure Linux Operating System settings, for Debian and RedHat systems, as advised in the [MongoDB Production Notes](https://docs.mongodb.com/manual/administration/production-notes/). + +A brief description of what we do in this role: + +* Set swappiness. +* Ensure NTP (or equivalent) service is installed and running. +* Ensure GNU C Library is the latest available. +* Disable NUMA reclaim zone. +* Add script to disable transparent-huge-pages and setup as a service. +* Set pam limits. +* Set various sysctl values. + +Role Variables +-------------- + +swappiness: OS swappiness value. Default "1". +ntp_package: Name of ntp package. Default ntp. +ntp_service: Name of ntp service. Default ntpd. + +* On RedHat 8 and higher systems ntp_package and ntp_service are set to chrony and chronyd respectively. + +Example Playbook +---------------- + +```yaml + - hosts: servers + roles: + - mongodb_linux +``` + +License +------- + +BSD + +Author Information +------------------ + +Rhys Campbell (https://github.com/rhysmeister) diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/defaults/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/defaults/main.yml new file mode 100644 index 00000000..7b2a0a68 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/defaults/main.yml @@ -0,0 +1,10 @@ +--- +# defaults file for mongodb_linux + +# swappiness is 0-100; 60 is the default on many distros. +# 0=disable swapping; 1=swap only to avoid OOM; 60=swap often; 100=swap aggressively +swappiness: "1" + +nproc_and_nofile_limit: 64000 +# TODO: mongo suggests infinity here +memlock_limit: 1024 diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/files/thp-disable.service b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/files/thp-disable.service new file mode 100644 index 00000000..3602ed7b --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/files/thp-disable.service @@ -0,0 +1,9 @@ +[Unit] +Description=Disable Transparent Huge Pages + +[Service] +Type=oneshot +ExecStart=/usr/bin/env sh -c "echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled && echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag" + +[Install] +WantedBy=multi-user.target diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/meta/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/meta/main.yml new file mode 100644 index 00000000..ba43fdd2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/meta/main.yml @@ -0,0 +1,58 @@ +--- +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 1.2 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + # github_branch: + + # + # platforms is a list of platforms, and each platform has a name and a list of versions. + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/Dockerfile.j2 b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/Dockerfile.j2 new file mode 100644 index 00000000..935dd3d7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/Dockerfile.j2 @@ -0,0 +1,39 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +{% if item.env is defined %} +{% for var, value in item.env.items() %} +{% if value %} +ENV {{ var }} {{ value }} +{% endif %} +{% endfor %} +{% endif %} +# Add systemd-sysv package for Debian to get systemd working (and procps for sysctl) and netbase for firewalld +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates iproute2 systemd-sysv procps netbase && apt-get clean; \ + elif [ $(command -v dnf) ] && grep -q 'platform:el8' /etc/os-release ; then dnf makecache && dnf update -y && dnf --assumeyes install python3 sudo python3-devel bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && rm -Rf /usr/share/doc && rm -Rf /usr/share/man && dnf clean all && cp /bin/true /sbin/agetty; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash iproute && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash iproute && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi + +{% if item.image == 'centos:8' %} +# Stuff for systemd https://hub.docker.com/_/centos +RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \ + systemd-tmpfiles-setup.service ] || rm -f $i; done); \ + rm -f /lib/systemd/system/multi-user.target.wants/*;\ + rm -f /etc/systemd/system/*.wants/*;\ + rm -f /lib/systemd/system/local-fs.target.wants/*; \ + rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ + rm -f /lib/systemd/system/basic.target.wants/*;\ + rm -f /lib/systemd/system/anaconda.target.wants/*; + +VOLUME [ "/sys/fs/cgroup" ] +CMD ["/sbin/init"] +{% endif %} diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/molecule.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/molecule.yml new file mode 100644 index 00000000..d8b69358 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/molecule.yml @@ -0,0 +1,68 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-data: + line-length: disable +platforms: + - name: centos_7 + image: centos:7 + command: /sbin/init + privileged: True + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + networks: + - name: "mongodb_linux" + network_mode: "mongodb_linux" + - name: centos_8 + image: centos:8 + command: /sbin/init + privileged: True + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + networks: + - name: "mongodb_linux" + network_mode: "mongodb_linux" + - name: ubuntu_16 + image: ubuntu:16.04 + command: /sbin/init + privileged: True + networks: + - name: "mongodb_linux" + network_mode: "mongodb_linux" + - name: ubuntu_18 + image: ubuntu:18.04 + command: /sbin/init + privileged: True + networks: + - name: "mongodb_linux" + network_mode: "mongodb_linux" + - name: debian_buster + image: debian:buster + command: /sbin/init + privileged: True + networks: + - name: "mongodb_linux" + network_mode: "mongodb_linux" + - name: debian_stretch + image: debian:stretch + command: /sbin/init + privileged: True + networks: + - name: "mongodb_linux" + network_mode: "mongodb_linux" +provisioner: + name: ansible + lint: + name: ansible-lint + enabled: false +verifier: + name: testinfra + lint: + name: flake8 + options: + ignore: 'E501' diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/playbook.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/playbook.yml new file mode 100644 index 00000000..89bccd5e --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: mongodb_linux diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/prepare.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/prepare.yml new file mode 100644 index 00000000..cdadcdbe --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/prepare.yml @@ -0,0 +1,11 @@ +--- +- name: Prepare + hosts: all + become: yes + + tasks: + + - name: Create is_docker.txt file + file: + path: is_docker.txt + state: touch diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/tests/test_default.py b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/tests/test_default.py new file mode 100644 index 00000000..9b80de32 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/tests/test_default.py @@ -0,0 +1,75 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE'] +).get_hosts('all') + + +def test_ntp_package(host): + ntp = host.package("ntp") + chrony = host.package("chrony") + assert ntp.is_installed or chrony.is_installed + + +def test_ntpd_service(host): + ntpd = host.service("ntpd") + + if ntpd.is_running: + assert ntpd.is_enabled + else: + ntp = host.service("ntp") + if ntp.is_running: + assert ntp.is_enabled + else: + chronyd = host.service("chronyd") + assert chronyd.is_running + assert chronyd.is_enabled + + +def test_swappiness_value(host): + cmd = host.run("cat /proc/sys/vm/swappiness") + + assert cmd.rc == 0 + assert cmd.stdout.strip() == "1" + + +def test_thp_service_file(host): + f = host.file("/etc/systemd/system/disable-transparent-huge-pages.service") + + assert f.exists + assert f.user == "root" + assert f.group == "root" + + +def test_thp_service(host): + ''' + Validates the service actually works + ''' + switches = ["/sys/kernel/mm/transparent_hugepage/enabled", + "/sys/kernel/mm/transparent_hugepage/defrag"] + + f = host.file("is_docker.txt") + + if not f.exists: + for d in switches: + cmd = host.run("cat {0}".format(d)) + + assert cmd.rc == 0 + assert "[never]" in cmd.stdout + + +def test_limit_file(host): + f = host.file("/etc/security/limits.conf") + + assert f.exists + assert f.user == "root" + assert f.group == "root" + + assert f.contains("mongodb hard nproc 64000") + assert f.contains("mongodb hard nofile 64000") + assert f.contains("mongodb soft nproc 64000") + assert f.contains("mongodb soft nofile 64000") + assert f.contains("mongodb hard memlock 1024") + assert f.contains("mongodb soft memlock 1024") diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/virtualbox/molecule.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/virtualbox/molecule.yml new file mode 100644 index 00000000..bcaaf4c4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/virtualbox/molecule.yml @@ -0,0 +1,36 @@ +--- +dependency: + name: galaxy +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint + options: + config-data: + line-length: disable +platforms: + - name: centos-7 + box: centos/7 + - name: centos-8 + box: generic/centos8 + - name: ubuntu-16 + box: ubuntu/xenial64 + - name: ubuntu-18 + box: ubuntu/bionic64 + - name: debian-buster + box: debian/buster64 + - name: debian-stretch + box: debian/contrib-stretch64 # Standard debian/stretch64 had issues: Unable to locate package linux-headers-4.9.0-9-amd64 +provisioner: + name: ansible + lint: + name: ansible-lint + enabled: false +verifier: + name: testinfra + lint: + name: flake8 + options: + ignore: 'E501' diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/virtualbox/playbook.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/virtualbox/playbook.yml new file mode 100644 index 00000000..8e9d4e75 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/virtualbox/playbook.yml @@ -0,0 +1,7 @@ +--- +- name: Converge + hosts: all + become: yes + + roles: + - role: mongodb_linux diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/virtualbox/prepare.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/virtualbox/prepare.yml new file mode 100644 index 00000000..58b16460 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/virtualbox/prepare.yml @@ -0,0 +1,12 @@ +--- +- name: Prepare + hosts: all + become: yes + + tasks: + + - name: Ensure epel-release is installed + package: + name: epel-release + state: present + when: ansible_os_family == "RedHat" diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/virtualbox/tests/test_default.py b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/virtualbox/tests/test_default.py new file mode 100644 index 00000000..b16522ff --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/virtualbox/tests/test_default.py @@ -0,0 +1,73 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE'] +).get_hosts('all') + + +def test_ntp_package(host): + ntp = host.package("ntp") + chrony = host.package("chrony") + assert ntp.is_installed or chrony.is_installed + + +def test_ntpd_service(host): + ntpd = host.service("ntpd") + + if ntpd.is_running: + assert ntpd.is_enabled + else: + ntp = host.service("ntp") + if ntp.is_running: + assert ntp.is_enabled + else: + chronyd = host.service("chronyd") + assert chronyd.is_running + assert chronyd.is_enabled + + +def test_swappiness_value(host): + cmd = host.run("cat /proc/sys/vm/swappiness") + + assert cmd.rc == 0 + assert cmd.stdout.strip() == "1" + + +def test_thp_service_file(host): + f = host.file("/etc/systemd/system/disable-transparent-huge-pages.service") + + assert f.exists + assert f.user == "root" + assert f.group == "root" + + +def test_thp_service(host): + ''' + Validates the service actually works + ''' + switches = ["/sys/kernel/mm/transparent_hugepage/enabled", + "/sys/kernel/mm/transparent_hugepage/defrag"] + + if host.ansible("setup")["ansible_facts"]["ansible_virtualization_type"] not in ['docker', 'container']: + for d in switches: + cmd = host.run("cat {0}".format(d)) + + assert cmd.rc == 0 + assert "[never]" in cmd.stdout + + +def test_limit_file(host): + f = host.file("/etc/security/limits.conf") + + assert f.exists + assert f.user == "root" + assert f.group == "root" + + assert f.contains("mongodb hard nproc 64000") + assert f.contains("mongodb hard nofile 64000") + assert f.contains("mongodb soft nproc 64000") + assert f.contains("mongodb soft nofile 64000") + assert f.contains("mongodb hard memlock 1024") + assert f.contains("mongodb soft memlock 1024") diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/tasks/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/tasks/main.yml new file mode 100644 index 00000000..7d5beeb7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/tasks/main.yml @@ -0,0 +1,139 @@ +--- +# tasks file for mongodb_linux + +- name: Include OS-specific vars + include_vars: + file: "{{ lookup('first_found', params) }}" + vars: + params: + paths: + - "vars" + files: + - "{{ ansible_facts.distribution }}-{{ ansible_facts.distribution_version }}.yml" + - "{{ ansible_facts.os_family }}-{{ ansible_facts.distribution_major_version }}.yml" + - "{{ ansible_facts.distribution }}.yml" + - "{{ ansible_facts.os_family }}.yml" + - default.yml + +- name: Check if we are in docker + stat: + path: is_docker.txt + register: is_docker + +# Tasks based on: https://docs.mongodb.com/manual/administration/production-notes/ + +- name: Set swappiness + sysctl: + name: vm.swappiness + value: "{{ swappiness }}" + state: present + +- name: Ensure ntp service is installed + package: + name: "{{ ntp_package }}" + state: present + register: _pkg + until: _pkg is succeeded + retries: 5 + +- name: Update perms on chrony pid dir on RedHat 8 + file: + path: /run/chrony/ + owner: root + group: root + state: directory + when: + - ansible_facts.os_family == "RedHat" + - ansible_facts.distribution_major_version|int >= 8 + +- name: Ensure ntp service is configured + service: + name: "{{ ntp_service }}" + state: started + enabled: yes + +- name: Ensure GNU C Library is the latest + package: + name: "{{ gnu_c_lib }}" + state: latest + register: _pkg + until: _pkg is succeeded + retries: 5 + +- name: Ensure NUMA zone reclaim is disabled + sysctl: + name: vm.zone_reclaim_mode + value: 0 + state: present + reload: yes + when: not is_docker.stat.exists + +# https://docs.mongodb.com/manual/tutorial/transparent-huge-pages/ +- name: Ensure thp-disable service exists + copy: + src: thp-disable.service + dest: /etc/systemd/system/disable-transparent-huge-pages.service + owner: root + group: root + register: thp + +- name: Reload systemd + systemd: + daemon_reexec: yes + when: thp is changed + +- name: Check if disable-transparent-huge-pages service is already run + shell: cat /sys/kernel/mm/transparent_hugepage/enabled | grep -o "never" + register: _huge_page_status + ignore_errors: yes + changed_when: _huge_page_status.stdout == "" + +- name: Enable disable-transparent-huge-pages service + service: + name: disable-transparent-huge-pages + state: started + enabled: yes + when: (not is_docker.stat.exists) and (_huge_page_status.stdout == "") + +# Tasks based on: https://docs.mongodb.com/manual/reference/ulimit/ + +- name: Set pam limits (nproc and nofile) + pam_limits: + domain: "{{ item[0] }}" + limit_type: "{{ item[1] }}" + limit_item: "{{ item[2] }}" + value: "{{ item[3] }}" + with_nested: + - ["root", "mongodb"] + - ["hard", "soft"] + - ["nproc", "nofile"] + - ["{{ nproc_and_nofile_limit }}"] + +- name: Set pam limits (memlock) + pam_limits: + domain: "{{ item[0] }}" + limit_type: "{{ item[1] }}" + limit_item: "{{ item[2] }}" + value: "{{ item[3] }}" + with_nested: + - ["root", "mongodb"] + - ["hard", "soft"] + - ["memlock"] + - ["{{ memlock_limit }}"] + +# Other tuning settings + +- name: Set sysctl values + sysctl: + name: "{{ item['name'] }}" + value: "{{ item['value'] }}" + state: present + loop: + # TODO: These may need to be configurable for different usage patterns. + - { "name": "vm.dirty_ratio", "value": "15" } + - { "name": "vm.dirty_background_ratio", "value": "5" } + - { "name": "net.core.somaxconn ", "value": "4096" } + - { "name": "net.ipv4.tcp_fin_timeout", "value": "30" } + - { "name": "net.ipv4.tcp_keepalive_intvl", "value": "30" } + - { "name": "net.ipv4.tcp_keepalive_time", "value": "120" } + - { "name": "net.ipv4.tcp_max_syn_backlog ", "value": "4096" } diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/vars/Debian.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/vars/Debian.yml new file mode 100644 index 00000000..375c7983 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/vars/Debian.yml @@ -0,0 +1,5 @@ +--- +# Packages for Debian distros +ntp_package: ntp +ntp_service: ntp +gnu_c_lib: libc6 diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/vars/RedHat-8.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/vars/RedHat-8.yml new file mode 100644 index 00000000..bc70604b --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/vars/RedHat-8.yml @@ -0,0 +1,5 @@ +--- +# Packages for RedHat-8 distros +ntp_package: chrony +ntp_service: chronyd +gnu_c_lib: glibc diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/vars/RedHat.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/vars/RedHat.yml new file mode 100644 index 00000000..57ebecc8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/vars/RedHat.yml @@ -0,0 +1,5 @@ +--- +# Packages for RedHat distros +ntp_package: ntp +ntp_service: ntpd +gnu_c_lib: glibc diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/vars/default.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/vars/default.yml new file mode 100644 index 00000000..0f0db5a7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_linux/vars/default.yml @@ -0,0 +1,5 @@ +--- +# Packages (default fallthrough) +ntp_package: ntp +ntp_service: ntpd +gnu_c_lib: libc6 diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/.yamllint b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/.yamllint new file mode 100644 index 00000000..88276760 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/.yamllint @@ -0,0 +1,33 @@ +--- +# Based on ansible-lint config +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: + max-spaces-after: -1 + level: error + commas: + max-spaces-after: -1 + level: error + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + max: 3 + level: error + hyphens: + level: error + indentation: disable + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: disable + new-lines: + type: unix + trailing-spaces: disable + truthy: disable diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/README.md b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/README.md new file mode 100644 index 00000000..ae8dea5b --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/README.md @@ -0,0 +1,52 @@ +mongodb_mongod +============== + +A simple role to aid in the setup of a MongoDB replicaset. + +Role Variables +-------------- + +* `mongod_port`: The port used by the mongod process. Default 27017. +* `mongod_service`: The name of the mongod service. Default mongod. +* `mongodb_user`: The Linux OS user for MongoDB. Default mongod. +* `mongodb_group`: The Linux OS user group for MongoDB. Default mongod. +* `bind_ip`: The IP address mongos will bind to. Default 0.0.0.0. +* `repl_set_name`: The name of the replicaset the member will participate in. Default rs0. +* `authorization`: Enable authorization. Default enabled. +* `openssl_keyfile_content`: The keyfile content that MongoDB uses to authenticate within a replicaset. Generate with cmd: openssl rand -base64 756. +* `mongodb_admin_user`: MongoDB admin username. Default admin. +* `mongodb_admin_pwd`: MongoDB admin password. Default admin. +* `mongod_package`: The mongod package to install. Default mongodb-org-server. +* `replicaset`: When enabled add a replication section to the configuration. Default true. +* `sharding`: If this replicaset member will form part of a sharded cluster. Default false. +* `mongod_config_template`: If defined allows to override path to mongod config template with custom configuration. Default "mongod.conf.j2" +* `skip_restart`: If set to `true` will skip restarting mongod service when config file or the keyfile content changes. Default `true`. + +IMPORTANT NOTE: It is expected that `mongodb_admin_user` & `mongodb_admin_pwd` values be overridden in your own file protected by Ansible Vault. These values are primary included here for Molecule/Travis CI integration. Any production environments should protect these values. For more information see [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html) + +Dependencies +------------ + +mongodb_repository + +Example Playbook +---------------- + +Install MongoDB preparing hosts for a Sharded Cluster. + +```yaml + - hosts: servers + roles: + - { role: mongodb_repository } + - { role: mongodb_mongod, mongod_port: 27018, sharding: true } +``` + +License +------- + +BSD + +Author Information +------------------ + +Rhys Campbell (https://github.com/rhysmeister) diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/defaults/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/defaults/main.yml new file mode 100644 index 00000000..c15d6f4a --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/defaults/main.yml @@ -0,0 +1,30 @@ +--- +# defaults file for mongodb_mongod +mongod_port: 27017 +bind_ip: 0.0.0.0 +repl_set_name: rs0 +authorization: "enabled" +openssl_keyfile_content: | + Z2CeA9BMcoY5AUWoegjv/XWL2MA1SQcL4HvmRjYaTjSp/xosJy+LL2X3OQb1xVWC + rO2e6Tu6A3R4muunitI6Vr0IKeU5UbTpR0N4hSU6HDrV9z2PIEWlkQqKh01ZRLEY + V3hR73acj0jA8eWIWeiV039d18jvMb8X2h8409lfcD6PPJJGjyaC8S4LY/TrsK2z + tx+l/vqOOAMhGB5mEMjx1LXUMsRG9ot6vFu9I5LPd1A4q9xw9jddYK5C6YTLccun + ZyCDsv7ImkCprV0+0vhTyxIEnfaNtvOlWypuvmRr/DEyd2NPowd1n6C+rgk8gs1t + SGLCZP93gXza0rIoQzHtuf5pOJK9qyKjuNtuuLa/KFsida8a69JXn7fmS0IIja0m + Ir0OrQ2Ta3n4VbQwQo97BWODWmkgzz0mUd6VmMps5zLsCW1vVqYFQHuAAbLekW0q + 8JRm8OQ6n2hp8j4zYd3/Qw7vqsVj8sHicNB0bCW29b64H4f2J/AcUA/cm0xSUQyb + +myeCB4vWvydh5AfFVnw7sXvzU6egaYRomdmrl59QrTDneJu13hwzIchsFparoWJ + XjpldopGeDaJLU18ga7MSL02ozB+EoJ14DJxQU7E5MQk7fDMPeitXKZ8ymxb7LeA + k0Rtc/JQM8aDLoRklhLZRRARBrv1RLo8DM8CB2q4s+FwVU4QJl7mFyiwk3eTN6sN + PTgFRo3/dHsEA2OwGG+hnGFGnoYf2mkECR5jqai83CXgva9v2rPNjDTJYHpmd3I0 + fNijueXZZdzUA58y8mcoSGVYdRhr0g8jaWQ12PZEgX5Nnlekh5GHG0j8HT4qj/0Y + D3xVuE3WvrhldY5EOsaTt2ZXZx5REmJDIW1KcnvQKiVDJ2QzP5xdXYA0hh3TdTVE + sb4UreMw/WyBpANiICMlJRBgSd0f0VGMlYzLX2BL14YpNnLhmoQqKzfBN6v2XAEG + mJfrCUVuP1nBEklk23lYkNi/ohe+aodNjdN+2DHp42sGZHYP +mongodb_admin_user: admin +mongodb_admin_pwd: admin +mongod_package: "mongodb-org-server" +replicaset: true +sharding: false +mongod_config_template: "mongod.conf.j2" +skip_restart: true diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/handlers/handlers.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/handlers/handlers.yml new file mode 100644 index 00000000..1bbd837c --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/handlers/handlers.yml @@ -0,0 +1,10 @@ +--- + +- name: Restart mongod service + service: + name: "{{ mongod_service }}" + state: restarted + +- name: Wait for port to become active + wait_for: + port: "{{ mongod_port }}" diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/handlers/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/handlers/main.yml new file mode 100644 index 00000000..d1a7a569 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/handlers/main.yml @@ -0,0 +1,5 @@ +--- + +- name: Restart mongod service + import_tasks: handlers.yml + when: not skip_restart diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/meta/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/meta/main.yml new file mode 100644 index 00000000..1d46e31c --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/meta/main.yml @@ -0,0 +1,58 @@ +--- +galaxy_info: + author: Rhys Campbell + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 1.2 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + # github_branch: + + # + # platforms is a list of platforms, and each platform has a name and a list of versions. + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/Dockerfile.j2 b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/Dockerfile.j2 new file mode 100644 index 00000000..935dd3d7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/Dockerfile.j2 @@ -0,0 +1,39 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +{% if item.env is defined %} +{% for var, value in item.env.items() %} +{% if value %} +ENV {{ var }} {{ value }} +{% endif %} +{% endfor %} +{% endif %} +# Add systemd-sysv package for Debian to get systemd working (and procps for sysctl) and netbase for firewalld +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates iproute2 systemd-sysv procps netbase && apt-get clean; \ + elif [ $(command -v dnf) ] && grep -q 'platform:el8' /etc/os-release ; then dnf makecache && dnf update -y && dnf --assumeyes install python3 sudo python3-devel bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && rm -Rf /usr/share/doc && rm -Rf /usr/share/man && dnf clean all && cp /bin/true /sbin/agetty; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash iproute && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash iproute && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi + +{% if item.image == 'centos:8' %} +# Stuff for systemd https://hub.docker.com/_/centos +RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \ + systemd-tmpfiles-setup.service ] || rm -f $i; done); \ + rm -f /lib/systemd/system/multi-user.target.wants/*;\ + rm -f /etc/systemd/system/*.wants/*;\ + rm -f /lib/systemd/system/local-fs.target.wants/*; \ + rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ + rm -f /lib/systemd/system/basic.target.wants/*;\ + rm -f /lib/systemd/system/anaconda.target.wants/*; + +VOLUME [ "/sys/fs/cgroup" ] +CMD ["/sbin/init"] +{% endif %} diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/molecule.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/molecule.yml new file mode 100644 index 00000000..2f0e4ac8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/molecule.yml @@ -0,0 +1,68 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-data: + line-length: disable +platforms: + - name: centos_7 + image: centos:7 + command: /sbin/init + privileged: True + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + networks: + - name: "mongod" + network_mode: "mongod" + - name: centos_8 + image: centos:8 + command: /sbin/init + privileged: True + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + networks: + - name: "mongod" + network_mode: "mongod" + - name: ubuntu_16 + image: ubuntu:16.04 + command: /sbin/init + privileged: True + networks: + - name: "mongod" + network_mode: "mongod" + - name: ubuntu_18 + image: ubuntu:18.04 + command: /sbin/init + privileged: True + networks: + - name: "mongod" + network_mode: "mongod" + - name: debian_buster + image: debian:buster + command: /sbin/init + privileged: True + networks: + - name: "mongod" + network_mode: "mongod" + - name: debian_stretch + image: debian:stretch + command: /sbin/init + privileged: True + networks: + - name: "mongod" + network_mode: "mongod" +provisioner: + name: ansible + lint: + name: ansible-lint + enabled: false +verifier: + name: testinfra + lint: + name: flake8 + options: + ignore: 'E501' diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/playbook.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/playbook.yml new file mode 100644 index 00000000..038632a4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/playbook.yml @@ -0,0 +1,37 @@ +--- +- name: Converge + hosts: all + roles: + - role: mongodb_repository + tags: molecule-idempotence-notest + - role: mongodb_mongod + + tasks: + + - name: Install python stuff + package: + name: ["python-setuptools", "python-pip"] + when: ansible_hostname == "ubuntu_16" + + - name: Install pymongo + pip: + name: pymongo + when: ansible_hostname == "ubuntu_16" + + - name: Install MongoDB Shell + package: + name: mongodb-org-shell + + - name: Initialise replicaset + community.mongodb.mongodb_replicaset: + login_host: localhost + replica_set: rs0 + validate: yes + members: + - centos_7:27017 + - centos_8:27017 + - ubuntu_16:27017 + - ubuntu_18:27017 + #- debian_stretch:27017 # need odd number, so drop stretch + - debian_buster:27017 + when: ansible_hostname == "ubuntu_16" diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/prepare.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/prepare.yml new file mode 100644 index 00000000..abdf26a2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/prepare.yml @@ -0,0 +1,10 @@ +--- +- name: Prepare + hosts: all + + tasks: + + - name: Create is_docker.txt file + file: + path: is_docker.txt + state: touch diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/tests/test_default.py b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/tests/test_default.py new file mode 100644 index 00000000..9eb482bd --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/tests/test_default.py @@ -0,0 +1,71 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE'] +).get_hosts('all') + + +def include_vars(host): + if host.system_info.distribution == "redhat" \ + or host.system_info.distribution == "centos": + ansible = host.ansible('include_vars', + 'file="../../vars/RedHat.yml"', + False, + False) + if host.system_info.distribution == "debian" \ + or host.system_info.distribution == "ubuntu": + ansible = host.ansible('include_vars', + 'file="../../vars/Debian.yml"', + False, + False) + return ansible + + +def test_mongod_cnf_file(host): + mongodb_user = include_vars(host)['ansible_facts']['mongodb_user'] + mongodb_group = include_vars(host)['ansible_facts']['mongodb_group'] + f = host.file('/etc/mongod.conf') + + assert f.exists + assert f.user == mongodb_user + assert f.group == mongodb_group + + +def test_mongod_service(host): + mongod_service = include_vars(host)['ansible_facts']['mongod_service'] + s = host.service(mongod_service) + + assert s.is_running + assert s.is_enabled + + +def test_mongod_port(host): + try: + port = include_vars(host)['ansible_facts']['mongod_port'] + except KeyError: + port = 27017 + s = host.socket("tcp://0.0.0.0:{0}".format(port)) + assert s.is_listening + + +def test_mongod_replicaset(host): + ''' + Ensure that the MongoDB replicaset has been created successfully + ''' + try: + port = include_vars(host)['ansible_facts']['mongod_port'] + except KeyError: + port = 27017 + cmd = "mongo --port {0} --eval 'rs.status()'".format(port) + # We only want to run this once + if host.ansible.get_variables()['inventory_hostname'] == "ubuntu_16": + r = host.run(cmd) + assert "rs0" in r.stdout + assert "centos_7:{0}".format(port) in r.stdout + assert "centos_8:{0}".format(port) in r.stdout + assert "ubuntu_16:{0}".format(port) in r.stdout + assert "ubuntu_18:{0}".format(port) in r.stdout + assert "debian_buster:{0}".format(port) in r.stdout + # assert "debian_stretch:{0}".format(port) in r.stdout diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/virtualbox/molecule.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/virtualbox/molecule.yml new file mode 100644 index 00000000..14d29680 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/virtualbox/molecule.yml @@ -0,0 +1,54 @@ +--- +dependency: + name: galaxy +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint + options: + config-data: + line-length: disable +platforms: + - name: centos-7 + box: centos/7 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: ubuntu-16 + box: ubuntu/xenial64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: ubuntu-18 + box: ubuntu/bionic64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: debian-buster + box: debian/buster64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: debian-stretch + box: debian/contrib-stretch64 # Standard debian/stretch64 had issues: Unable to locate package linux-headers-4.9.0-9-amd64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true +provisioner: + name: ansible + lint: + name: ansible-lint + enabled: false +verifier: + name: testinfra + lint: + name: flake8 + options: + ignore: 'E501' diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/virtualbox/playbook.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/virtualbox/playbook.yml new file mode 100644 index 00000000..6a31e1fc --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/virtualbox/playbook.yml @@ -0,0 +1,34 @@ +--- +- name: Converge + hosts: all + become: yes + + roles: + - role: mongodb_repository + tags: molecule-idempotence-notest + - role: mongodb_mongod + + tasks: + + - name: Install python stuff + package: + name: ["python-setuptools", "python-pip"] + when: ansible_hostname == "ubuntu-16" + + - name: Install pymongo + pip: + name: pymongo + when: ansible_hostname == "ubuntu-16" + + - name: Initialise replicaset + community.mongodb.mongodb_replicaset: + login_host: localhost + replica_set: rs0 + validate: yes + members: + - ubuntu-16.local:27017 + - ubuntu-18.local:27017 + - debian-stretch.local:27017 + - debian-buster.local:27017 + - centos-7.local:27017 + when: ansible_hostname == "ubuntu-16" diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/virtualbox/prepare.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/virtualbox/prepare.yml new file mode 100644 index 00000000..0f186973 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/virtualbox/prepare.yml @@ -0,0 +1,40 @@ +--- +- name: Prepare + hosts: all + become: yes + vars: + avahi_packages_redhat: + - "avahi" + - "nss-mdns" + avahi_packages_debian: + - "avahi-daemon" + - "avahi-discover" + - "libnss-mdns" + tasks: + + - name: Ensure epel is available + yum: + name: epel-release + state: present + when: ansible_os_family == "RedHat" + + - name: Install avahi packages + package: + name: "{{ avahi_packages_redhat }}" + state: present + when: ansible_os_family == "RedHat" + + - name: Install avahi packages + package: + name: "{{ avahi_packages_debian }}" + state: present + when: ansible_os_family == "Debian" + + # debian-stretch seems to require a reboot for avahi-daemon to run + - name: Reboot host + reboot: + + - name: Ensure avahi-daemon is started + service: + name: avahi-daemon + state: started diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/virtualbox/tests/test_default.py b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/virtualbox/tests/test_default.py new file mode 100644 index 00000000..d7e79cfc --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/virtualbox/tests/test_default.py @@ -0,0 +1,72 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE'] +).get_hosts('all') + + +def include_vars(host): + if host.system_info.distribution == "redhat" \ + or host.system_info.distribution == "centos": + ansible = host.ansible('include_vars', + 'file="../../vars/RedHat.yml"', + False, + False) + if host.system_info.distribution == "debian" \ + or host.system_info.distribution == "ubuntu": + ansible = host.ansible('include_vars', + 'file="../../vars/Debian.yml"', + False, + False) + return ansible + + +def test_mongod_cnf_file(host): + mongodb_user = include_vars(host)['ansible_facts']['mongodb_user'] + mongodb_group = include_vars(host)['ansible_facts']['mongodb_group'] + f = host.file('/etc/mongod.conf') + + assert f.exists + assert f.user == mongodb_user + assert f.group == mongodb_group + + +def test_mongod_service(host): + mongod_service = include_vars(host)['ansible_facts']['mongod_service'] + s = host.service(mongod_service) + + assert s.is_running + assert s.is_enabled + + +def test_mongod_port(host): + try: + port = include_vars(host)['ansible_facts']['mongod_port'] + except KeyError: + port = 27017 + s = host.socket("tcp://0.0.0.0:{0}".format(port)) + + assert s.is_listening + + +def test_mongod_replicaset(host): + ''' + Ensure that the MongoDB replicaset has been created successfully + ''' + try: + port = include_vars(host)['ansible_facts']['mongod_port'] + except KeyError: + port = 27017 + cmd = "mongo --port {0} --eval 'rs.status()'".format(port) + # We only want to run this once + if host.ansible.get_variables()['inventory_hostname'] == "ubuntu_16": + r = host.run(cmd) + + assert "rs0" in r.stdout + assert "ubuntu-16:{0}".format(port) in r.stdout + assert "ubuntu-18:{0}".format(port) in r.stdout + assert "debian-stretch:{0}".format(port) in r.stdout + assert "debian-buster:{0}".format(port) in r.stdout + assert "centos-7:{0}".format(port) in r.stdout diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/tasks/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/tasks/main.yml new file mode 100644 index 00000000..881a1491 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/tasks/main.yml @@ -0,0 +1,75 @@ +--- +# tasks file for mongodb_mongod +- name: Include OS-specific vars + include_vars: + file: "{{ lookup('first_found', params) }}" + vars: + params: + paths: + - "vars" + files: + - "{{ ansible_facts.distribution }}-{{ ansible_facts.distribution_version }}.yml" + - "{{ ansible_facts.os_family }}-{{ ansible_facts.distribution_major_version }}.yml" + - "{{ ansible_facts.distribution }}.yml" + - "{{ ansible_facts.os_family }}.yml" + - default.yml + +- name: Check if we are in docker + stat: + path: is_docker.txt + register: is_docker + +- name: Ensure mongod package is installed + package: + name: "{{ mongod_package }}" + register: _pkg + until: _pkg is succeeded + retries: 5 + +- name: Ensure db_path dir exists + file: + path: "{{ db_path }}" + state: directory + owner: "{{ mongodb_user }}" + group: "{{ mongodb_group }}" + +- name: Copy config file + template: + src: "{{ mongod_config_template }}" + dest: /etc/mongod.conf + owner: "{{ mongodb_user }}" + group: "{{ mongodb_group }}" + notify: + - Restart mongod service + +- name: Copy keyfile to host + copy: + content: | + {{ openssl_keyfile_content }} + dest: /etc/keyfile + owner: "{{ mongodb_user }}" + group: "{{ mongodb_group }}" + mode: 0400 + when: authorization == "enabled" + notify: + - Restart mongod service + +- name: Check for github override + set_fact: + x_github_override: "{{ lookup('env', 'X_GITHUB_OVERRIDE') | default('0', True) }}" + +- name: Start mongod service + service: + name: "{{ mongod_service }}" + state: started + enabled: yes + when: not (ansible_facts.os_family == 'RedHat' + and ansible_facts.distribution_major_version|int == 8 + and is_docker.stat.exists) + +- name: Include tasks for RedHat 8 docker issue + import_tasks: redhat_docker.yml + when: + - ansible_facts.os_family == 'RedHat' + - ansible_facts.distribution_major_version|int == 8 + - is_docker.stat.exists diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/tasks/redhat_docker.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/tasks/redhat_docker.yml new file mode 100644 index 00000000..d08c66a1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/tasks/redhat_docker.yml @@ -0,0 +1,18 @@ +--- +- name: Comment out PIDFile in systemd file + lineinfile: + path: /etc/systemd/system/multi-user.target.wants/mongod.service + regexp: '^PIDFile.*' + state: absent + register: systemd + +- name: Reload systemd + systemd: + daemon_reload: yes + when: systemd is changed + +- name: Start mongod service + service: + name: "{{ mongod_service }}" + state: started + enabled: yes diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/templates/mongod.conf.j2 b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/templates/mongod.conf.j2 new file mode 100644 index 00000000..a4300e5e --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/templates/mongod.conf.j2 @@ -0,0 +1,53 @@ +# mongod.conf + +# for documentation of all options, see: +# http://docs.mongodb.org/manual/reference/configuration-options/ + +# where to write logging data. +systemLog: + destination: file + logAppend: true + path: /var/log/mongodb/mongod.log + +# Where and how to store data. +storage: + dbPath: {{ db_path }} + journal: + enabled: true + engine: "wiredTiger" + + +# how the process runs +processManagement: +{% if ansible_facts.os_family == "RedHat" %} # Breaks Ubuntu / Debian + fork: true +{% if not is_redhat_8_in_docker %} + pidFilePath: /var/run/mongodb/mongod.pid +{% endif %} +{% endif %} + timeZoneInfo: /usr/share/zoneinfo + +# network interfaces +net: + port: {{ mongod_port }} + bindIp: {{ bind_ip }} + +{% if authorization == "enabled" %} +security: + authorization: {{ authorization }} +{% if replicaset or sharding %} + keyFile: /etc/keyfile +{% endif %} +{% endif %} + +#operationProfiling: + +{% if replicaset %} +replication: + replSetName: {{ repl_set_name }} +{% endif %} + +{% if sharding %} +sharding: + clusterRole: shardsvr +{% endif %} diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/vars/Debian.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/vars/Debian.yml new file mode 100644 index 00000000..6b8eaa66 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/vars/Debian.yml @@ -0,0 +1,5 @@ +--- +mongodb_user: "mongodb" +mongodb_group: "mongodb" +mongod_service: "mongod" +db_path: /var/lib/mongodb diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/vars/RedHat.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/vars/RedHat.yml new file mode 100644 index 00000000..a48bb4c2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/vars/RedHat.yml @@ -0,0 +1,5 @@ +--- +mongodb_user: "mongod" +mongodb_group: "mongod" +mongod_service: "mongod" +db_path: /var/lib/mongo diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/vars/default.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/vars/default.yml new file mode 100644 index 00000000..a48bb4c2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/vars/default.yml @@ -0,0 +1,5 @@ +--- +mongodb_user: "mongod" +mongodb_group: "mongod" +mongod_service: "mongod" +db_path: /var/lib/mongo diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/vars/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/vars/main.yml new file mode 100644 index 00000000..28ce3d22 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongod/vars/main.yml @@ -0,0 +1,2 @@ +--- +is_redhat_8_in_docker: "{{ ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version|int == 8 and ansible_facts.virtualization_type == 'docker' }}" diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/.yamllint b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/.yamllint new file mode 100644 index 00000000..88276760 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/.yamllint @@ -0,0 +1,33 @@ +--- +# Based on ansible-lint config +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: + max-spaces-after: -1 + level: error + commas: + max-spaces-after: -1 + level: error + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + max: 3 + level: error + hyphens: + level: error + indentation: disable + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: disable + new-lines: + type: unix + trailing-spaces: disable + truthy: disable diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/README.md b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/README.md new file mode 100644 index 00000000..b2a9aaf2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/README.md @@ -0,0 +1,53 @@ +mongodb_mongos +============== + +A role to setup a mongos server for a MongoDB sharded cluster. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should +be mentioned here. For instance, if the role uses the EC2 module, it may be a +good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +* `mongos_port`: The port used by the mongos process. Default 27017. +* `mongos_service`: The name of the mongos service. Default mongos. +* `mongodb_user`: The Linux OS user for MongoDB. Default mongod. +* `mongodb_group`: The Linux OS user group for MongoDB. Default mongod. +* `pid_file`: The pid file for mongos. Default /run/mongodb/mongos.pid. +* `bind_ip`: The IP address mongos will bind to. Default 0.0.0.0. +* `mypy`: Python interpretor. Default python +* `mongos_package`: The name of the mongos installation package. Default mongodb-org-mongos. +* `config_repl_set_name`: The name of the config server replicaset. Default cfg. +* `config_servers`: "config1:27019, config2:27019, config3:27019" +* `openssl_keyfile_content`: The kexfile content that MongoDB uses to authenticate within a replicaset. Generate with cmd: openssl rand -base64 756. +* `mongos_config_template`: If defined allows to override path to mongod config template with custom configuration. Default "mongos.conf.j2" +* `skip_restart`: If set to `true` will skip restarting mongos service when config file or the keyfile content changes. Default `true`. + +Dependencies +------------ + +mongodb_repository + +Example Playbook +---------------- + +```yaml + - hosts: servers + roles: + - mongodb_repository + - mongodb_mongos +``` + +License +------- + +BSD + +Author Information +------------------ + +Rhys Campbell (https://github.com/rhysmeister) diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/defaults/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/defaults/main.yml new file mode 100644 index 00000000..abed36e3 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/defaults/main.yml @@ -0,0 +1,28 @@ +--- +# defaults file for mongodb_mongos +pid_file: /run/mongodb/mongos.pid +bind_ip: 0.0.0.0 +# mongos_port in vars to facilitate molecule tests +mypy: python +mongos_package: "mongodb-org-mongos" +config_repl_set_name: cfg +config_servers: "config1:27019, config2:27019, config3:27019" +openssl_keyfile_content: | + Z2CeA9BMcoY5AUWoegjv/XWL2MA1SQcL4HvmRjYaTjSp/xosJy+LL2X3OQb1xVWC + rO2e6Tu6A3R4muunitI6Vr0IKeU5UbTpR0N4hSU6HDrV9z2PIEWlkQqKh01ZRLEY + V3hR73acj0jA8eWIWeiV039d18jvMb8X2h8409lfcD6PPJJGjyaC8S4LY/TrsK2z + tx+l/vqOOAMhGB5mEMjx1LXUMsRG9ot6vFu9I5LPd1A4q9xw9jddYK5C6YTLccun + ZyCDsv7ImkCprV0+0vhTyxIEnfaNtvOlWypuvmRr/DEyd2NPowd1n6C+rgk8gs1t + SGLCZP93gXza0rIoQzHtuf5pOJK9qyKjuNtuuLa/KFsida8a69JXn7fmS0IIja0m + Ir0OrQ2Ta3n4VbQwQo97BWODWmkgzz0mUd6VmMps5zLsCW1vVqYFQHuAAbLekW0q + 8JRm8OQ6n2hp8j4zYd3/Qw7vqsVj8sHicNB0bCW29b64H4f2J/AcUA/cm0xSUQyb + +myeCB4vWvydh5AfFVnw7sXvzU6egaYRomdmrl59QrTDneJu13hwzIchsFparoWJ + XjpldopGeDaJLU18ga7MSL02ozB+EoJ14DJxQU7E5MQk7fDMPeitXKZ8ymxb7LeA + k0Rtc/JQM8aDLoRklhLZRRARBrv1RLo8DM8CB2q4s+FwVU4QJl7mFyiwk3eTN6sN + PTgFRo3/dHsEA2OwGG+hnGFGnoYf2mkECR5jqai83CXgva9v2rPNjDTJYHpmd3I0 + fNijueXZZdzUA58y8mcoSGVYdRhr0g8jaWQ12PZEgX5Nnlekh5GHG0j8HT4qj/0Y + D3xVuE3WvrhldY5EOsaTt2ZXZx5REmJDIW1KcnvQKiVDJ2QzP5xdXYA0hh3TdTVE + sb4UreMw/WyBpANiICMlJRBgSd0f0VGMlYzLX2BL14YpNnLhmoQqKzfBN6v2XAEG + mJfrCUVuP1nBEklk23lYkNi/ohe+aodNjdN+2DHp42sGZHYP +mongos_config_template: "mongos.conf.j2" +skip_restart: true diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/handlers/handlers.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/handlers/handlers.yml new file mode 100644 index 00000000..7d74ce9d --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/handlers/handlers.yml @@ -0,0 +1,10 @@ +--- + +- name: Restart mongos service + service: + name: "{{ mongos_service }}" + state: restarted + +- name: Wait for port to become active + wait_for: + port: "{{ mongos_port }}" diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/handlers/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/handlers/main.yml new file mode 100644 index 00000000..00c4f25c --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/handlers/main.yml @@ -0,0 +1,4 @@ +--- +- name: Restart mongos service + import_tasks: handlers.yml + when: not skip_restart diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/meta/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/meta/main.yml new file mode 100644 index 00000000..ba43fdd2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/meta/main.yml @@ -0,0 +1,58 @@ +--- +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 1.2 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + # github_branch: + + # + # platforms is a list of platforms, and each platform has a name and a list of versions. + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/Dockerfile.j2 b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/Dockerfile.j2 new file mode 100644 index 00000000..935dd3d7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/Dockerfile.j2 @@ -0,0 +1,39 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +{% if item.env is defined %} +{% for var, value in item.env.items() %} +{% if value %} +ENV {{ var }} {{ value }} +{% endif %} +{% endfor %} +{% endif %} +# Add systemd-sysv package for Debian to get systemd working (and procps for sysctl) and netbase for firewalld +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates iproute2 systemd-sysv procps netbase && apt-get clean; \ + elif [ $(command -v dnf) ] && grep -q 'platform:el8' /etc/os-release ; then dnf makecache && dnf update -y && dnf --assumeyes install python3 sudo python3-devel bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && rm -Rf /usr/share/doc && rm -Rf /usr/share/man && dnf clean all && cp /bin/true /sbin/agetty; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash iproute && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash iproute && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi + +{% if item.image == 'centos:8' %} +# Stuff for systemd https://hub.docker.com/_/centos +RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \ + systemd-tmpfiles-setup.service ] || rm -f $i; done); \ + rm -f /lib/systemd/system/multi-user.target.wants/*;\ + rm -f /etc/systemd/system/*.wants/*;\ + rm -f /lib/systemd/system/local-fs.target.wants/*; \ + rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ + rm -f /lib/systemd/system/basic.target.wants/*;\ + rm -f /lib/systemd/system/anaconda.target.wants/*; + +VOLUME [ "/sys/fs/cgroup" ] +CMD ["/sbin/init"] +{% endif %} diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/molecule.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/molecule.yml new file mode 100644 index 00000000..2f7b7d39 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/molecule.yml @@ -0,0 +1,76 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-data: + line-length: disable +platforms: + # centos_7 and debian_stretch disabled to reduce test time + #- name: centos_7 + # image: centos:7 + # command: /sbin/init + # privileged: True + # volumes: + # - /sys/fs/cgroup:/sys/fs/cgroup:ro + # networks: + # - name: "mymongos" + # network_mode: "mymongos" + - name: centos_8 + image: centos:8 + command: /sbin/init + privileged: True + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + networks: + - name: "mymongos" + network_mode: "mymongos" + - name: ubuntu_16 + image: ubuntu:16.04 + command: /sbin/init + privileged: True + networks: + - name: "mymongos" + network_mode: "mymongos" + - name: ubuntu_18 + image: ubuntu:18.04 + command: /sbin/init + privileged: True + networks: + - name: "mymongos" + network_mode: "mymongos" + - name: debian_buster + image: debian:buster + command: /sbin/init + privileged: True + networks: + - name: "mymongos" + network_mode: "mymongos" + #- name: debian_stretch + # image: debian:stretch + # command: /sbin/init + # privileged: True + # networks: + # - name: "mymongos" + # network_mode: "mymongos" + - name: config1 + image: ubuntu:16.04 + command: /sbin/init + privileged: True + networks: + - name: "mymongos" + network_mode: "mymongos" +provisioner: + name: ansible + lint: + name: ansible-lint + enabled: false +verifier: + name: testinfra + lint: + name: flake8 + options: + ignore: 'E501' diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/playbook.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/playbook.yml new file mode 100644 index 00000000..12706d4f --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/playbook.yml @@ -0,0 +1,63 @@ +--- +- name: Converge + hosts: all + become: yes + + vars: + admin_user: "admin" + admin_user_password: "admin" + + roles: + - role: mongodb_repository + tags: molecule-idempotence-notest + - role: mongodb_install + when: "'config' in ansible_hostname" + tags: molecule-idempotence-notest + - role: mongodb_config + when: "'config' in ansible_hostname" + tags: molecule-idempotence-notest + - role: mongodb_mongos + when: "'config' not in ansible_hostname" + + tasks: + + - name: Install python stuff + package: + name: ["python-setuptools", "python-pip"] + when: ansible_hostname == "config1" + + - name: Install pymongo + pip: + name: pymongo + when: ansible_hostname == "config1" + + - name: Install MongoDB Shell + package: + name: mongodb-org-shell + + - name: Init config server replicaset + community.mongodb.mongodb_replicaset: + login_host: localhost + login_port: "27019" + replica_set: cfg + validate: no + members: + - config1:27019 + when: ansible_hostname == "config1" + + - name: Restart the mongos service + service: + name: mongos + state: started + when: "'config' not in ansible_hostname" + + - name: Add MongoDB Admin User using localhost exception on the mongos + community.mongodb.mongodb_user: + name: "{{ admin_user }}" + password: "{{ admin_user_password }}" + login_port: "27019" + database: admin + roles: + - "root" + create_for_localhost_exception: /root/mongodb_admin.success + when: ansible_hostname == "config1" diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/tests/test_default.py b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/tests/test_default.py new file mode 100644 index 00000000..0a421179 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/tests/test_default.py @@ -0,0 +1,65 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE'] +).get_hosts('all') + + +def include_vars(host): + if host.system_info.distribution == "redhat" \ + or host.system_info.distribution == "centos": + ansible = host.ansible('include_vars', + 'file="../../vars/RedHat.yml"', + False, + False) + if host.system_info.distribution == "debian" \ + or host.system_info.distribution == "ubuntu": + ansible = host.ansible('include_vars', + 'file="../../vars/Debian.yml"', + False, + False) + return ansible + + +def test_mongod_cnf_file(host): + if host.ansible.get_variables()['inventory_hostname'] != 'config1': + mongodb_user = include_vars(host)['ansible_facts']['mongodb_user'] + mongodb_group = include_vars(host)['ansible_facts']['mongodb_group'] + f = host.file('/etc/mongos.conf') + + assert f.exists + assert f.user == mongodb_user + assert f.group == mongodb_group + + +def test_mongod_service(host): + + if host.ansible.get_variables()['inventory_hostname'] != 'config1': + mongos_service = include_vars(host)['ansible_facts']['mongos_service'] + s = host.service(mongos_service) + + assert s.is_running + assert s.is_enabled + + +def test_mongod_port(host): + if host.ansible.get_variables()['inventory_hostname'] != 'config1': + port = include_vars(host)['ansible_facts']['mongos_port'] + s = host.socket("tcp://0.0.0.0:{0}".format(port)) + + assert s.is_listening + + +def test_mongos_shell_connectivity(host): + ''' + Tests that we can connect to mongos via the shell annd run a cmd + ''' + if host.ansible.get_variables()['inventory_hostname'] != 'config1': + port = include_vars(host)['ansible_facts']['mongos_port'] + cmd = host.run("mongo admin --username admin --password admin --port {0} --eval 'db.runCommand({{listDatabases: 1}})'".format(port)) + + assert cmd.rc == 0 + assert "config" in cmd.stdout + assert "admin" in cmd.stdout diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/molecule.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/molecule.yml new file mode 100644 index 00000000..f790062c --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/molecule.yml @@ -0,0 +1,60 @@ +--- +dependency: + name: galaxy +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint + options: + config-data: + line-length: disable +platforms: + - name: centos-7 + box: centos/7 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: ubuntu-16 + box: ubuntu/xenial64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: ubuntu-18 + box: ubuntu/bionic64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: debian-buster + box: debian/buster64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: debian-stretch + box: debian/contrib-stretch64 # Standard debian/stretch64 had issues: Unable to locate package linux-headers-4.9.0-9-amd64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: config1 + box: debian/contrib-stretch64 # Standard debian/stretch64 had issues: Unable to locate package linux-headers-4.9.0-9-amd64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true +provisioner: + name: ansible + lint: + name: ansible-lint + enabled: false +verifier: + name: testinfra + lint: + name: flake8 + options: + ignore: 'E501' diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/playbook.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/playbook.yml new file mode 100644 index 00000000..4b097947 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/playbook.yml @@ -0,0 +1,70 @@ +--- +- name: Converge + hosts: all + become: yes + + vars: + admin_user: "admin" + admin_user_password: "admin" + + roles: + - role: mongodb_repository + tags: molecule-idempotence-notest + - role: mongodb_install + when: "'config' in ansible_hostname" + tags: molecule-idempotence-notest + - role: mongodb_config + when: "'config' in ansible_hostname" + tags: molecule-idempotence-notest + - role: mongodb_mongos + when: "'config' not in ansible_hostname" + + tasks: + + - name: Install python stuff + package: + name: ["python-setuptools", "python-pip"] + when: ansible_hostname == "config1" + + - name: Install pymongo + pip: + name: pymongo + when: ansible_hostname == "config1" + + - name: Install MongoDB Shell + package: + name: mongodb-org-shell + + - name: Init config server replicaset + community.mongodb.mongodb_replicaset: + login_host: localhost + login_port: 27019 + replica_set: cfg + validate: no + members: + - config1.local:27019 + when: ansible_hostname == "config1" + + - name: Set add .local prefix to service name + lineinfile: + path: /etc/mongos.conf + regexp: " *configDB: *" + line: ' configDB: "cfg/config1.local:27019"' + when: "'config' not in ansible_hostname" + + - name: Restart the mongos service + service: + name: mongos + state: restarted + when: "'config' not in ansible_hostname" + + - name: Add MongoDB Admin User using localhost exception on the mongos + community.mongodb.mongodb_user: + name: "{{ admin_user }}" + password: "{{ admin_user_password }}" + login_port: "27019" + database: admin + roles: + - "root" + create_for_localhost_exception: /root/mongodb_admin.success + when: ansible_hostname == "config1" diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/prepare.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/prepare.yml new file mode 100644 index 00000000..d56f58bb --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/prepare.yml @@ -0,0 +1,48 @@ +--- +- name: Prepare + hosts: all + become: yes + vars: + avahi_packages_redhat: + - "avahi" + - "nss-mdns" + avahi_packages_debian: + - "avahi-daemon" + - "avahi-discover" + - "libnss-mdns" + + tasks: + + - name: Run apt update + shell: apt update + when: ansible_os_family == "Debian" + + - name: Ensure epel is available + yum: + name: epel-release + state: present + when: ansible_os_family == "RedHat" + + - name: Install avahi packages + package: + name: "{{ avahi_packages_redhat }}" + state: present + when: ansible_os_family == "RedHat" + + - name: Install avahi packages + package: + name: "{{ avahi_packages_debian }}" + state: present + when: ansible_os_family == "Debian" + + # debian-stretch seems to require a reboot for avahi-daemon to run + - name: Reboot host + reboot: + + - name: Ensure services are started + service: + name: "{{ item }}" + state: started + with_items: + #- dbus + - avahi-daemon diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/tests/test_default.py b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/tests/test_default.py new file mode 100644 index 00000000..9f50a354 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/tests/test_default.py @@ -0,0 +1,65 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE'] +).get_hosts('all') + + +def include_vars(host): + if host.system_info.distribution == "redhat" \ + or host.system_info.distribution == "centos": + ansible = host.ansible('include_vars', + 'file="../../vars/RedHat.yml"', + False, + False) + if host.system_info.distribution == "debian" \ + or host.system_info.distribution == "ubuntu": + ansible = host.ansible('include_vars', + 'file="../../vars/Debian.yml"', + False, + False) + return ansible + + +def test_mongod_cnf_file(host): + if host.ansible.get_variables()['inventory_hostname'] != 'config1': + mongodb_user = include_vars(host)['ansible_facts']['mongodb_user'] + mongodb_group = include_vars(host)['ansible_facts']['mongodb_group'] + f = host.file('/etc/mongos.conf') + + assert f.exists + assert f.user == mongodb_user + assert f.group == mongodb_group + + +def test_mongod_service(host): + + if host.ansible.get_variables()['inventory_hostname'] != 'config1': + mongos_service = include_vars(host)['ansible_facts']['mongos_service'] + s = host.service(mongos_service) + + assert s.is_running + assert s.is_enabled + + +def test_mongod_port(host): + if host.ansible.get_variables()['inventory_hostname'] != 'config1': + port = include_vars(host)['ansible_facts']['mongos_port'] + s = host.socket("tcp://0.0.0.0:{0}".format(port)) + + assert s.is_listening + + +def test_mongos_shell_connectivity(host): + ''' + Tests that we can connect to mongos via the shell annd run a cmd + ''' + if host.ansible.get_variables()['inventory_hostname'] != 'config1': + port = include_vars(host)['ansible_facts']['mongos_port'] + cmd = host.run("mongo admin -username admin --password admin --port {0} --eval 'db.runCommand({{listDatabases: 1}})'".format(port)) + + assert cmd.rc == 0 + assert "config" in cmd.stdout + assert "admin" in cmd.stdout diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/tasks/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/tasks/main.yml new file mode 100644 index 00000000..cabc76df --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/tasks/main.yml @@ -0,0 +1,87 @@ +--- +# tasks file for mongodb_mongos +- name: Include OS-specific vars + include_vars: + file: "{{ lookup('first_found', params) }}" + vars: + params: + paths: + - "vars" + files: + - "{{ ansible_facts.distribution }}-{{ ansible_facts.distribution_version }}.yml" + - "{{ ansible_facts.os_family }}-{{ ansible_facts.distribution_major_version }}.yml" + - "{{ ansible_facts.distribution }}.yml" + - "{{ ansible_facts.os_family }}.yml" + - default.yml + +- name: Create mongodb_group + group: + name: "{{ mongodb_group }}" + system: yes + +- name: Create mongodb_user + user: + name: "{{ mongodb_user }}" + group: "{{ mongodb_group }}" + system: yes + createhome: no + +- name: Copy keyfile to host + copy: + content: | + {{ openssl_keyfile_content }} + dest: /etc/keyfile + owner: "{{ mongodb_user }}" + group: "{{ mongodb_group }}" + mode: 0400 + notify: + - Restart mongos service + +- name: Ensure /usr/local/bin/ directory exists + file: + path: /usr/local/bin/ + state: directory + recurse: yes + +- name: Ensure mongos service pre start script exists + template: + src: mongos_pre.sh.j2 + dest: /usr/local/bin/mongos_pre.sh + owner: "{{ mongodb_user }}" + group: "{{ mongodb_group }}" + mode: 0755 + +- name: Ensure mongos.service file exists + template: + src: mongos.service.j2 + dest: /etc/systemd/system/mongos.service + owner: root + group: root + register: sysd + +- name: Run systemctl daemon-reload + systemd: + daemon_reload: yes + when: sysd is changed + +- name: Ensure mongos.conf file exists + template: + src: "{{ mongos_config_template }}" + dest: /etc/mongos.conf + owner: "{{ mongodb_user }}" + group: "{{ mongodb_group }}" + notify: + - Restart mongos service + +- name: Ensure mongos package is installed + package: + name: "{{ mongos_package }}" + register: _pkg + until: _pkg is succeeded + retries: 5 + +- name: Start mongos service + service: + name: "{{ mongos_service }}" + state: started + enabled: yes diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos.conf.j2 b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos.conf.j2 new file mode 100644 index 00000000..2b1d0112 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos.conf.j2 @@ -0,0 +1,14 @@ +systemLog: + destination: file + path: /var/log/mongodb/mongos.log + logAppend: true + logRotate: reopen +net: + bindIp: {{ bind_ip }} + port: {{ mongos_port }} +sharding: + configDB: "{{ config_repl_set_name }}/{{ config_servers }}" +processManagement: + timeZoneInfo: /usr/share/zoneinfo +security: + keyFile: /etc/keyfile diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos.service.j2 b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos.service.j2 new file mode 100644 index 00000000..6f1a11bc --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos.service.j2 @@ -0,0 +1,22 @@ +[Unit] +Description=mongos +After=syslog.target +After=network.target + +[Service] +User={{ mongodb_user }} +Group={{ mongodb_group }} +PIDFile={{ pid_file }} +PermissionsStartOnly=true +ExecStartPre=/usr/local/bin/mongos_pre.sh +ExecStart=/usr/bin/mongos --quiet \ + --config /etc/mongos.conf +LimitFSIZE=infinity +LimitCPU=infinity +LimitAS=infinity +LimitNOFILE=64000 +LimitNPROC=64000 +TasksAccounting=false + +[Install] +WantedBy=multi-user.target diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos_pre.sh.j2 b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos_pre.sh.j2 new file mode 100644 index 00000000..ea58c81a --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos_pre.sh.j2 @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +if [ ! -d /var/log/mongodb ]; then + mkdir -p /var/log/mongodb && chown {{ mongodb_user }}:{{ mongodb_group }} /var/log/mongodb +fi diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/vars/Debian.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/vars/Debian.yml new file mode 100644 index 00000000..02e64683 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/vars/Debian.yml @@ -0,0 +1,5 @@ +--- +mongodb_user: "mongodb" +mongodb_group: "mongodb" +mongos_port: 27017 +mongos_service: "mongos" diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/vars/RedHat.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/vars/RedHat.yml new file mode 100644 index 00000000..47197a81 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/vars/RedHat.yml @@ -0,0 +1,5 @@ +--- +mongodb_user: "mongod" +mongodb_group: "mongod" +mongos_port: 27017 +mongos_service: "mongos" diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/vars/default.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/vars/default.yml new file mode 100644 index 00000000..47197a81 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_mongos/vars/default.yml @@ -0,0 +1,5 @@ +--- +mongodb_user: "mongod" +mongodb_group: "mongod" +mongos_port: 27017 +mongos_service: "mongos" diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/.yamllint b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/.yamllint new file mode 100644 index 00000000..88276760 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/.yamllint @@ -0,0 +1,33 @@ +--- +# Based on ansible-lint config +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: + max-spaces-after: -1 + level: error + commas: + max-spaces-after: -1 + level: error + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + max: 3 + level: error + hyphens: + level: error + indentation: disable + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: disable + new-lines: + type: unix + trailing-spaces: disable + truthy: disable diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/README.md b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/README.md new file mode 100644 index 00000000..27af13ad --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/README.md @@ -0,0 +1,31 @@ +mongodb_repository +================== + +Configures a repository for MongoDB on Debian and RedHat based platforms. + +Role Variables +-------------- + +mongodb_version: Version of MongoDB. Default "4.2". +debian_packages: Packages needs on Debian systems for this role. + +Example Playbook +---------------- + +Set mongodb_version to 4.0. + +```yaml + - hosts: servers + roles: + - { role: mongodb_repository, mongodb_version: "4.0" } +``` + +License +------- + +BSD + +Author Information +------------------ + +Rhys Campbell (https://github.com/rhysmeister) diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/defaults/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/defaults/main.yml new file mode 100644 index 00000000..5534901f --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/defaults/main.yml @@ -0,0 +1,6 @@ +--- +mongodb_version: "4.2" +debian_packages: + - apt-transport-https + - curl + - gnupg diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/meta/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/meta/main.yml new file mode 100644 index 00000000..ba43fdd2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/meta/main.yml @@ -0,0 +1,58 @@ +--- +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 1.2 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + # github_branch: + + # + # platforms is a list of platforms, and each platform has a name and a list of versions. + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/default/Dockerfile.j2 b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/default/Dockerfile.j2 new file mode 100644 index 00000000..935dd3d7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/default/Dockerfile.j2 @@ -0,0 +1,39 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +{% if item.env is defined %} +{% for var, value in item.env.items() %} +{% if value %} +ENV {{ var }} {{ value }} +{% endif %} +{% endfor %} +{% endif %} +# Add systemd-sysv package for Debian to get systemd working (and procps for sysctl) and netbase for firewalld +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates iproute2 systemd-sysv procps netbase && apt-get clean; \ + elif [ $(command -v dnf) ] && grep -q 'platform:el8' /etc/os-release ; then dnf makecache && dnf update -y && dnf --assumeyes install python3 sudo python3-devel bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && rm -Rf /usr/share/doc && rm -Rf /usr/share/man && dnf clean all && cp /bin/true /sbin/agetty; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash iproute && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash iproute && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi + +{% if item.image == 'centos:8' %} +# Stuff for systemd https://hub.docker.com/_/centos +RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \ + systemd-tmpfiles-setup.service ] || rm -f $i; done); \ + rm -f /lib/systemd/system/multi-user.target.wants/*;\ + rm -f /etc/systemd/system/*.wants/*;\ + rm -f /lib/systemd/system/local-fs.target.wants/*; \ + rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ + rm -f /lib/systemd/system/basic.target.wants/*;\ + rm -f /lib/systemd/system/anaconda.target.wants/*; + +VOLUME [ "/sys/fs/cgroup" ] +CMD ["/sbin/init"] +{% endif %} diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/default/molecule.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/default/molecule.yml new file mode 100644 index 00000000..403ff875 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/default/molecule.yml @@ -0,0 +1,34 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-data: + line-length: disable +platforms: + - name: centos_7 + image: centos:7 + - name: centos_8 + image: centos:8 + - name: ubuntu_16 + image: ubuntu:16.04 + - name: ubuntu_18 + image: ubuntu:18.04 + - name: debian_buster + image: debian:buster + - name: debian_stretch + image: debian:stretch +provisioner: + name: ansible + lint: + name: ansible-lint + enabled: false +verifier: + name: testinfra + lint: + name: flake8 + options: + ignore: 'E501' diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/default/playbook.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/default/playbook.yml new file mode 100644 index 00000000..75a509d1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/default/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: mongodb_repository diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/default/tests/test_default.py b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/default/tests/test_default.py new file mode 100644 index 00000000..bfe613a4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/default/tests/test_default.py @@ -0,0 +1,67 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE'] +).get_hosts('all') + + +def include_vars(host): + ansible = host.ansible('include_vars', + 'file="../../defaults/main.yml"', + False, + False) + return ansible + + +def get_mongodb_version(host): + return include_vars(host)['ansible_facts']['mongodb_version'] + + +def test_redhat_mongodb_repository_file(host): + # with capsys.disabled(): #Disable autocapture of output and send to stdout N.B capsys must be passed into function + # print(include_vars(host)['ansible_facts']) + mongodb_version = get_mongodb_version(host) + if host.system_info.distribution == "redhat" \ + or host.system_info.distribution == "centos": + f = host.file("/etc/yum.repos.d/mongodb-{0}.repo".format(mongodb_version)) + assert f.exists + assert f.user == 'root' + assert f.group == 'root' + assert f.mode == 0o644 + assert f.md5sum == "71c3a725d5aad794793a4b599f7564c0" + + +def test_redhat_yum_search(host): + mongodb_version = get_mongodb_version(host) + if host.system_info.distribution == "redhat" \ + or host.system_info.distribution == "centos": + cmd = host.run("yum search mongodb --disablerepo='*' \ + --enablerepo='mongodb-{0}'".format(mongodb_version)) + + assert cmd.rc == 0 + assert "MongoDB database server" in cmd.stdout + + +def test_debian_cassandra_repository_file(host): + mongodb_version = get_mongodb_version(host) + if host.system_info.distribution == "debian" \ + or host.system_info.distribution == "ubuntu": + f = host.file("/etc/apt/sources.list.d/mongodb-{0}.list".format(mongodb_version)) + + assert f.exists + assert f.user == 'root' + assert f.group == 'root' + assert f.mode == 0o644 + assert "repo.mongodb.org" in f.content_string + assert mongodb_version in f.content_string + + +def test_debian_apt_search(host): + if host.system_info.distribution == "debian" \ + or host.system_info.distribution == "ubuntu": + cmd = host.run("apt search mongodb") + + assert cmd.rc == 0 + assert "mongodb-org-server" in cmd.stdout diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/virtualbox/molecule.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/virtualbox/molecule.yml new file mode 100644 index 00000000..14d29680 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/virtualbox/molecule.yml @@ -0,0 +1,54 @@ +--- +dependency: + name: galaxy +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint + options: + config-data: + line-length: disable +platforms: + - name: centos-7 + box: centos/7 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: ubuntu-16 + box: ubuntu/xenial64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: ubuntu-18 + box: ubuntu/bionic64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: debian-buster + box: debian/buster64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: debian-stretch + box: debian/contrib-stretch64 # Standard debian/stretch64 had issues: Unable to locate package linux-headers-4.9.0-9-amd64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true +provisioner: + name: ansible + lint: + name: ansible-lint + enabled: false +verifier: + name: testinfra + lint: + name: flake8 + options: + ignore: 'E501' diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/virtualbox/playbook.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/virtualbox/playbook.yml new file mode 100644 index 00000000..d49d9e23 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/virtualbox/playbook.yml @@ -0,0 +1,6 @@ +--- +- name: Converge + hosts: all + become: yes + roles: + - role: mongodb_repository diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/virtualbox/tests/test_default.py b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/virtualbox/tests/test_default.py new file mode 100644 index 00000000..bfe613a4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/virtualbox/tests/test_default.py @@ -0,0 +1,67 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE'] +).get_hosts('all') + + +def include_vars(host): + ansible = host.ansible('include_vars', + 'file="../../defaults/main.yml"', + False, + False) + return ansible + + +def get_mongodb_version(host): + return include_vars(host)['ansible_facts']['mongodb_version'] + + +def test_redhat_mongodb_repository_file(host): + # with capsys.disabled(): #Disable autocapture of output and send to stdout N.B capsys must be passed into function + # print(include_vars(host)['ansible_facts']) + mongodb_version = get_mongodb_version(host) + if host.system_info.distribution == "redhat" \ + or host.system_info.distribution == "centos": + f = host.file("/etc/yum.repos.d/mongodb-{0}.repo".format(mongodb_version)) + assert f.exists + assert f.user == 'root' + assert f.group == 'root' + assert f.mode == 0o644 + assert f.md5sum == "71c3a725d5aad794793a4b599f7564c0" + + +def test_redhat_yum_search(host): + mongodb_version = get_mongodb_version(host) + if host.system_info.distribution == "redhat" \ + or host.system_info.distribution == "centos": + cmd = host.run("yum search mongodb --disablerepo='*' \ + --enablerepo='mongodb-{0}'".format(mongodb_version)) + + assert cmd.rc == 0 + assert "MongoDB database server" in cmd.stdout + + +def test_debian_cassandra_repository_file(host): + mongodb_version = get_mongodb_version(host) + if host.system_info.distribution == "debian" \ + or host.system_info.distribution == "ubuntu": + f = host.file("/etc/apt/sources.list.d/mongodb-{0}.list".format(mongodb_version)) + + assert f.exists + assert f.user == 'root' + assert f.group == 'root' + assert f.mode == 0o644 + assert "repo.mongodb.org" in f.content_string + assert mongodb_version in f.content_string + + +def test_debian_apt_search(host): + if host.system_info.distribution == "debian" \ + or host.system_info.distribution == "ubuntu": + cmd = host.run("apt search mongodb") + + assert cmd.rc == 0 + assert "mongodb-org-server" in cmd.stdout diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/tasks/Debian.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/tasks/Debian.yml new file mode 100644 index 00000000..e6b8159d --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/tasks/Debian.yml @@ -0,0 +1,30 @@ +--- +# tasks file for mongodb_repository (Debian os_family) +- name: Install debian packages + apt: + name: "{{ debian_packages }}" + state: present + register: _apt + until: _apt is succeeded + retries: 5 + +- name: Add apt key for MongoDB repository + apt_key: + url: "https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc" + state: present + register: _apt + until: _apt is succeeded + retries: 5 + +- name: Ensure MongoDB apt repository exists + apt_repository: + repo: "deb{{ repo_opts }} https://repo.mongodb.org/apt/{{ ansible_facts.distribution|lower }} {{ ansible_facts.distribution_release }}/mongodb-org/{{ mongodb_version }} {{ component }}" + state: present + filename: "mongodb-{{ mongodb_version }}" + vars: + # include initial space in repo_opts + repo_opts: "{% if ansible_facts.distribution == 'Ubuntu' %} [ arch=amd64,arm64 ]{% endif %}" + component: "{% if ansible_facts.distribution == 'Ubuntu' %}multiverse{% else %}main{% endif %}" + register: _apt + until: _apt is succeeded + retries: 5 diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/tasks/RedHat.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/tasks/RedHat.yml new file mode 100644 index 00000000..6a110e97 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/tasks/RedHat.yml @@ -0,0 +1,20 @@ +--- +# tasks file for mongodb_repository (RedHat os_family) +- name: Add mongodb.org gpgkey + rpm_key: + key: https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc + state: present + register: _yum + until: _yum is succeeded + retries: 5 + +- name: Ensure MongoDB yum repository exists + yum_repository: + name: "mongodb-{{ mongodb_version }}" + description: "Official MongoDB {{ mongodb_version }} yum repo" + baseurl: "https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/{{ mongodb_version }}/x86_64/" + gpgcheck: true + gpgkey: "https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc" + register: _yum + until: _yum is succeeded + retries: 5 diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/tasks/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/tasks/main.yml new file mode 100644 index 00000000..bf77da35 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_repository/tasks/main.yml @@ -0,0 +1,4 @@ +--- +# tasks file for mongodb_repository +- name: Include OS-specific tasks + include_tasks: "{{ ansible_facts.os_family }}.yml" diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/.yamllint b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/.yamllint new file mode 100644 index 00000000..88276760 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/.yamllint @@ -0,0 +1,33 @@ +--- +# Based on ansible-lint config +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: + max-spaces-after: -1 + level: error + commas: + max-spaces-after: -1 + level: error + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + max: 3 + level: error + hyphens: + level: error + indentation: disable + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: disable + new-lines: + type: unix + trailing-spaces: disable + truthy: disable diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/README.md b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/README.md new file mode 100644 index 00000000..5f5b9f45 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/README.md @@ -0,0 +1,29 @@ +mongodb_linux +============= + +Configures SeLinux as per the instructions located at https://docs.mongodb.com/manual/tutorial/install-mongodb-on-red-hat/ + + +Role Variables +-------------- + +required_packages: Package required for this role. Currently checkpolicy & policycoreutils-python. + +Example Playbook +---------------- + +```yaml + - hosts: servers + roles: + - "mongodb_selinux" +``` + +License +------- + +BSD + +Author Information +------------------ + +Rhys Campbell (https://github.com/rhysmeister) diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/files/compile_mongodb_selinux.sh b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/files/compile_mongodb_selinux.sh new file mode 100644 index 00000000..c403b584 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/files/compile_mongodb_selinux.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +set -e; +set -u; + +checkmodule -M -m -o /root/mongodb_cgroup_memory.mod /root/mongodb_cgroup_memory.te +semodule_package -o /root/mongodb_cgroup_memory.pp -m /root/mongodb_cgroup_memory.mod +semodule -i /root/mongodb_cgroup_memory.pp +touch /root/mongodb_selinux.success; diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/meta/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/meta/main.yml new file mode 100644 index 00000000..ba43fdd2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/meta/main.yml @@ -0,0 +1,58 @@ +--- +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 1.2 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + # github_branch: + + # + # platforms is a list of platforms, and each platform has a name and a list of versions. + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/default/Dockerfile.j2 b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/default/Dockerfile.j2 new file mode 100644 index 00000000..935dd3d7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/default/Dockerfile.j2 @@ -0,0 +1,39 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +{% if item.env is defined %} +{% for var, value in item.env.items() %} +{% if value %} +ENV {{ var }} {{ value }} +{% endif %} +{% endfor %} +{% endif %} +# Add systemd-sysv package for Debian to get systemd working (and procps for sysctl) and netbase for firewalld +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates iproute2 systemd-sysv procps netbase && apt-get clean; \ + elif [ $(command -v dnf) ] && grep -q 'platform:el8' /etc/os-release ; then dnf makecache && dnf update -y && dnf --assumeyes install python3 sudo python3-devel bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && rm -Rf /usr/share/doc && rm -Rf /usr/share/man && dnf clean all && cp /bin/true /sbin/agetty; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash iproute && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash iproute && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi + +{% if item.image == 'centos:8' %} +# Stuff for systemd https://hub.docker.com/_/centos +RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \ + systemd-tmpfiles-setup.service ] || rm -f $i; done); \ + rm -f /lib/systemd/system/multi-user.target.wants/*;\ + rm -f /etc/systemd/system/*.wants/*;\ + rm -f /lib/systemd/system/local-fs.target.wants/*; \ + rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ + rm -f /lib/systemd/system/basic.target.wants/*;\ + rm -f /lib/systemd/system/anaconda.target.wants/*; + +VOLUME [ "/sys/fs/cgroup" ] +CMD ["/sbin/init"] +{% endif %} diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/default/molecule.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/default/molecule.yml new file mode 100644 index 00000000..403ff875 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/default/molecule.yml @@ -0,0 +1,34 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-data: + line-length: disable +platforms: + - name: centos_7 + image: centos:7 + - name: centos_8 + image: centos:8 + - name: ubuntu_16 + image: ubuntu:16.04 + - name: ubuntu_18 + image: ubuntu:18.04 + - name: debian_buster + image: debian:buster + - name: debian_stretch + image: debian:stretch +provisioner: + name: ansible + lint: + name: ansible-lint + enabled: false +verifier: + name: testinfra + lint: + name: flake8 + options: + ignore: 'E501' diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/default/playbook.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/default/playbook.yml new file mode 100644 index 00000000..94943c2a --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/default/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: mongodb_selinux diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/default/tests/test_default.py b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/default/tests/test_default.py new file mode 100644 index 00000000..70c02eb6 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/default/tests/test_default.py @@ -0,0 +1,13 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE'] +).get_hosts('all') + + +def test_mongodb_cgroup_module_installed(host): + cmd = host.run("semodule --list-modules | grep mongodb_cgroup_memory") + + assert cmd.rc == 0 diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/virtualbox/molecule.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/virtualbox/molecule.yml new file mode 100644 index 00000000..bcaaf4c4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/virtualbox/molecule.yml @@ -0,0 +1,36 @@ +--- +dependency: + name: galaxy +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint + options: + config-data: + line-length: disable +platforms: + - name: centos-7 + box: centos/7 + - name: centos-8 + box: generic/centos8 + - name: ubuntu-16 + box: ubuntu/xenial64 + - name: ubuntu-18 + box: ubuntu/bionic64 + - name: debian-buster + box: debian/buster64 + - name: debian-stretch + box: debian/contrib-stretch64 # Standard debian/stretch64 had issues: Unable to locate package linux-headers-4.9.0-9-amd64 +provisioner: + name: ansible + lint: + name: ansible-lint + enabled: false +verifier: + name: testinfra + lint: + name: flake8 + options: + ignore: 'E501' diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/virtualbox/playbook.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/virtualbox/playbook.yml new file mode 100644 index 00000000..929837d5 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/virtualbox/playbook.yml @@ -0,0 +1,6 @@ +--- +- name: Converge + hosts: all + become: yes + roles: + - role: mongodb_selinux diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/virtualbox/tests/test_default.py b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/virtualbox/tests/test_default.py new file mode 100644 index 00000000..1cee4af9 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/virtualbox/tests/test_default.py @@ -0,0 +1,14 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE'] +).get_hosts('all') + + +def test_mongodb_cgroup_module_installed(host): + with host.sudo(): + cmd = host.run("semodule --list-modules | grep mongodb_cgroup_memory") + + assert cmd.rc == 0 diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/tasks/main.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/tasks/main.yml new file mode 100644 index 00000000..981e8ba8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/tasks/main.yml @@ -0,0 +1,44 @@ +--- +# tasks file for mongodb_selinux +- name: Include OS-specific vars + include_vars: + file: "{{ lookup('first_found', params) }}" + vars: + params: + paths: + - "vars" + files: + - "{{ ansible_facts.distribution }}-{{ ansible_facts.distribution_version }}.yml" + - "{{ ansible_facts.os_family }}-{{ ansible_facts.distribution_major_version }}.yml" + - "{{ ansible_facts.distribution }}.yml" + - "{{ ansible_facts.os_family }}.yml" + - default.yml + +- name: Install required packages + package: + name: "{{ required_packages }}" + register: _pkg + until: _pkg is succeeded + retries: 5 + +- name: Copy custom MongoDB SeLinux Policy to Host + copy: + content: | + module mongodb_cgroup_memory 1.0; + + require { + type cgroup_t; + type mongod_t; + class dir search; + class file { getattr open read }; + } + + #============= mongod_t ============== + allow mongod_t cgroup_t:dir search; + allow mongod_t cgroup_t:file { getattr open read }; + dest: /root/mongodb_cgroup_memory.te + +- name: Compile & Install MongoDB Policy + script: files/compile_mongodb_selinux.sh + args: + creates: /root/mongodb_selinux.success diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/vars/Debian.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/vars/Debian.yml new file mode 100644 index 00000000..838b5143 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/vars/Debian.yml @@ -0,0 +1,9 @@ +--- +# defaults file for mongodb_selinux +required_packages: + - "checkpolicy" + - "policycoreutils-python-utils" + - "selinux-policy-mls" + - "selinux-policy-default" + - "selinux-policy-src" + - "selinux-policy-doc" diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/vars/RedHat-7.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/vars/RedHat-7.yml new file mode 100644 index 00000000..2b36fa9e --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/vars/RedHat-7.yml @@ -0,0 +1,9 @@ +--- +# defaults file for mongodb_selinux +required_packages: + - "checkpolicy" + - "policycoreutils-python" + - "selinux-policy-mls" + - "selinux-policy" + - "selinux-policy-doc" + - "selinux-policy-targeted" diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/vars/RedHat-8.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/vars/RedHat-8.yml new file mode 100644 index 00000000..71aaccb1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/vars/RedHat-8.yml @@ -0,0 +1,9 @@ +--- +# defaults file for mongodb_selinux +required_packages: + - "checkpolicy" + - "policycoreutils-python-utils" + - "selinux-policy-mls" + - "selinux-policy" + - "selinux-policy-doc" + - "selinux-policy-targeted" diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/vars/Ubuntu-16.04.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/vars/Ubuntu-16.04.yml new file mode 100644 index 00000000..281472a8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/vars/Ubuntu-16.04.yml @@ -0,0 +1,9 @@ +--- +# defaults file for mongodb_selinux +required_packages: + - "checkpolicy" + - "policycoreutils" + - "selinux-policy-mls" + - "selinux-policy-default" + - "selinux-policy-src" + - "selinux-policy-doc" diff --git a/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/vars/default.yml b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/vars/default.yml new file mode 100644 index 00000000..bb5fce4a --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/mongodb/roles/mongodb_selinux/vars/default.yml @@ -0,0 +1,5 @@ +--- +# defaults file for mongodb_selinux +required_packages: + - "checkpolicy" + - "policycoreutils-python" |