diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-18 05:52:22 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-18 05:52:22 +0000 |
| commit | 38b7c80217c4e72b1d8988eb1e60bb6e77334114 (patch) | |
| tree | 356e9fd3762877d07cde52d21e77070aeff7e789 /ansible_collections/community/mongodb/roles/mongodb_config | |
| parent | Adding upstream version 7.7.0+dfsg. (diff) | |
| download | ansible-38b7c80217c4e72b1d8988eb1e60bb6e77334114.tar.xz ansible-38b7c80217c4e72b1d8988eb1e60bb6e77334114.zip | |
Adding upstream version 9.4.0+dfsg.upstream/9.4.0+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ansible_collections/community/mongodb/roles/mongodb_config')
9 files changed, 59 insertions, 27 deletions
diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/README.md b/ansible_collections/community/mongodb/roles/mongodb_config/README.md index 4ab33efcb..b5cd560a5 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_config/README.md +++ b/ansible_collections/community/mongodb/roles/mongodb_config/README.md @@ -6,25 +6,27 @@ A simple role to aid in setting up a CSRS Config Server Replicaset for a MongoDB Role Variables -------------- -* `config_port`: The port used by the mongos process. Default 27019. -* `mongod_service`: The name of the mongod service. Default mongod. -* `mongodb_user`: The Linux OS user for MongoDB. Default mongod. -* `mongodb_group`: The Linux OS user group for MongoDB. Default mongod. -* `pid_file`: The pid file for mongos. Default /run/mongodb/mongos.pid. -* `log_path`: Path of the log file. Default /var/log/mongodb/mongod.log. -* `bind_ip`: The IP address mongod will bind to. Default 0.0.0.0. -* `bind_ip_all`: Have mongod bind to all IP addresses instead of specifying `bind_ip`. Default false. -* `config_repl_set_name`: The replicaset name for the config servers. Default cfg. -* `authorization`: Enable authorization. Default enabled. +* `config_port`: The port used by the mongos process. Default `27019`. +* `mongod_service`: The name of the mongod service. Default `mongod`. +* `mongodb_user`: The Linux OS user for MongoDB. Default `mongod`. +* `mongodb_group`: The Linux OS user group for MongoDB. Default `mongod`. +* `pid_file`: The pid file for mongos. Default `/run/mongodb/mongos.pid`. +* `log_path`: Path of the log file. Default `/var/log/mongodb/mongod.log`. +* `bind_ip`: The IP address mongod will bind to. Default `0.0.0.0`. +* `bind_ip_all`: Have mongod bind to all IP addresses instead of specifying `bind_ip`. Default `false`. +* `config_repl_set_name`: The replicaset name for the config servers. Default `cfg`. +* `authorization`: Enable authorization. Default `enabled`. * `openssl_keyfile_content`: The kexfile content that MongoDB uses to authenticate within a replicaset. Generate with cmd: openssl rand -base64 756. -* `openssl_keyfile_path`: Put the openssl_keyfile at this path. Default: /etc/keyfile -* `mongod_package`: The name of the mongod installation package. Default mongodb-org-server. -replicaset: When enabled add a replication section to the configuration. Default true. +* `openssl_keyfile_path`: Put the openssl_keyfile at this path. Default: `/etc/keyfile`. +* `mongod_package`: The name of the mongod installation package. Default `mongodb-org-server`. +replicaset: When enabled add a replication section to the configuration. Default `true`. * `net_compressors`: If this is set, this sets `net.compression.compressors` in mongod.conf. -* `mongod_config_template`: If defined allows to override path to mongod config template with custom configuration. Default "mongod.conf.j2" +* `mongod_config_template`: If defined allows to override path to mongod config template with custom configuration. Default `mongod.conf.j2`. * `skip_restart`: If set to `true` will skip restarting mongod service when config file or the keyfile content changes. Default `true`. * `db_path`: Path to database data location. Default `/var/lib/mongodb` on Debian based distributions, `/var/lib/mongo` for others. -* `mongodb_use_tls`: Wether to use tls. Default false. +* `mongodb_use_tls`: Whether to use tls. Default `false`. +* `mongodb_disabled_tls_protocols`: The tls protocols to be disabled. Leave blank to let MongoDB decide which protocols to allow according to the ones available on the system; check the [official docs](https://www.mongodb.com/docs/v6.0/reference/configuration-options/#mongodb-setting-net.tls.disabledProtocols) for details. Default "". +* `mongodb_allow_connections_without_certificates`: When enabled allows to bypass the certificate validation for clients that do not present a certificate, if a certificate is provided it _must_ be valid. Default `false`. * `mongodb_certificate_key_file`: Path to the PEM-file containing the certficate and private key. * `mongodb_certificate_ca_file`: Path to the CA-file. diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/defaults/main.yml b/ansible_collections/community/mongodb/roles/mongodb_config/defaults/main.yml index 0460a8bd6..916d06725 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_config/defaults/main.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_config/defaults/main.yml @@ -32,3 +32,5 @@ mongod_config_template: "configsrv.conf.j2" skip_restart: true db_path: "{{ '/var/lib/mongodb' if ansible_os_family == 'Debian' else '/var/lib/mongo' if ansible_os_family == 'RedHat' else '/var/lib/mongo' }}" mongodb_use_tls: false +mongodb_disabled_tls_protocols: "" +mongodb_allow_connections_without_certificates: false diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/molecule.yml index 3dc8132e1..e9d686e54 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/molecule.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/molecule.yml @@ -19,9 +19,9 @@ platforms: networks: - name: "mymongo" network_mode: "mymongo" - - name: ubuntu_18 - hostname: ubuntu_18 - image: ubuntu:18.04 + - name: ubuntu_22_04 + hostname: ubuntu_22_04 + image: ubuntu:22.04 command: /sbin/init privileged: True networks: diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/playbook.yml b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/playbook.yml index eceb73444..bf89e498d 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/playbook.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/playbook.yml @@ -15,9 +15,20 @@ name: "{{ 'pymongo==3.12.*' if ansible_python_version[0:3] | float < 3.6 else 'pymongo' }}" when: ansible_hostname == "fedora" + - name: Determine openssl version + command: openssl version + changed_when: false + register: openssl + + - name: Set mongosh package version + set_fact: + mongosh_package: "{{ 'mongodb-mongosh-shared-openssl3' if openssl.stdout.startswith('OpenSSL 3') else 'mongodb-mongosh-shared-openssl11' }}" + when: mongosh_package is not defined + - name: Install MongoDB Shell package: - name: mongodb-mongosh + name: + - "{{ mongosh_package }}" - name: Init config server replicaset community.mongodb.mongodb_replicaset: @@ -28,7 +39,7 @@ members: - almalinux_8:27019 - fedora:27019 - - ubuntu_18:27019 + - ubuntu_22_04:27019 - debian_bullseye:27019 - ubuntu_22:27019 when: ansible_hostname == "fedora" diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/tests/test_default.py b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/tests/test_default.py index 99a541fd1..823197ea5 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/tests/test_default.py +++ b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/tests/test_default.py @@ -60,7 +60,7 @@ def test_mongod_replicaset(host): assert "cfg" in r.stdout assert "almalinux_8:{0}".format(port) in r.stdout assert "fedora:{0}".format(port) in r.stdout - assert "ubuntu_18:{0}".format(port) in r.stdout + assert "ubuntu_22_04:{0}".format(port) in r.stdout assert "ubuntu_22:{0}".format(port) in r.stdout assert "debian_bullseye:{0}".format(port) in r.stdout diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/molecule.yml index 3dc8132e1..e9d686e54 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/molecule.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/molecule.yml @@ -19,9 +19,9 @@ platforms: networks: - name: "mymongo" network_mode: "mymongo" - - name: ubuntu_18 - hostname: ubuntu_18 - image: ubuntu:18.04 + - name: ubuntu_22_04 + hostname: ubuntu_22_04 + image: ubuntu:22.04 command: /sbin/init privileged: True networks: diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/playbook.yml b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/playbook.yml index 42c89bad2..4f9d6ce29 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/playbook.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/playbook.yml @@ -13,9 +13,20 @@ name: "{{ 'pymongo==3.12.*' if ansible_python_version[0:3] | float < 3.6 else 'pymongo' }}" when: ansible_hostname == "fedora" + - name: Determine openssl version + command: openssl version + changed_when: false + register: openssl + + - name: Set mongosh package version + set_fact: + mongosh_package: "{{ 'mongodb-mongosh-shared-openssl3' if openssl.stdout.startswith('OpenSSL 3') else 'mongodb-mongosh-shared-openssl11' }}" + when: mongosh_package is not defined + - name: Install MongoDB Shell package: - name: mongodb-mongosh + name: + - "{{ mongosh_package }}" - name: Init config server replicaset community.mongodb.mongodb_replicaset: @@ -26,7 +37,7 @@ members: - almalinux_8:27019 - fedora:27019 - - ubuntu_18:27019 + - ubuntu_22_04:27019 - debian_bullseye:27019 - ubuntu_22:27019 when: ansible_hostname == "fedora" diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/tests/test_default.py b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/tests/test_default.py index fe7aecf16..89b86c207 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/tests/test_default.py +++ b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/tests/test_default.py @@ -60,7 +60,7 @@ def test_mongod_replicaset(host): assert "cfg" in r.stdout assert "almalinux_8:{0}".format(port) in r.stdout assert "fedora:{0}".format(port) in r.stdout - assert "ubuntu_18:{0}".format(port) in r.stdout + assert "ubuntu_22_04:{0}".format(port) in r.stdout assert "ubuntu_22:{0}".format(port) in r.stdout assert "debian_bullseye:{0}".format(port) in r.stdout diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/templates/configsrv.conf.j2 b/ansible_collections/community/mongodb/roles/mongodb_config/templates/configsrv.conf.j2 index afb06f641..192b3cbae 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_config/templates/configsrv.conf.j2 +++ b/ansible_collections/community/mongodb/roles/mongodb_config/templates/configsrv.conf.j2 @@ -41,6 +41,12 @@ net: mode: requireTLS certificateKeyFile: {{ mongodb_certificate_key_file }} CAFile: {{ mongodb_certificate_ca_file }} +{% if mongodb_disabled_tls_protocols != "" %} + disabledProtocols: {{ mongodb_disabled_tls_protocols }} +{% endif %} +{% if mongodb_allow_connections_without_certificates %} + allowConnectionsWithoutCertificates: true +{% endif %} {% endif %} {% if authorization == "enabled" %} |