diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 12:04:41 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 12:04:41 +0000 |
| commit | 975f66f2eebe9dadba04f275774d4ab83f74cf25 (patch) | |
| tree | 89bd26a93aaae6a25749145b7e4bca4a1e75b2be /ansible_collections/community/mongodb/roles/mongodb_mongos | |
| parent | Initial commit. (diff) | |
| download | ansible-975f66f2eebe9dadba04f275774d4ab83f74cf25.tar.xz ansible-975f66f2eebe9dadba04f275774d4ab83f74cf25.zip | |
Adding upstream version 7.7.0+dfsg.upstream/7.7.0+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ansible_collections/community/mongodb/roles/mongodb_mongos')
21 files changed, 894 insertions, 0 deletions
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/.yamllint b/ansible_collections/community/mongodb/roles/mongodb_mongos/.yamllint new file mode 100644 index 000000000..882767605 --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/.yamllint @@ -0,0 +1,33 @@ +--- +# Based on ansible-lint config +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: + max-spaces-after: -1 + level: error + commas: + max-spaces-after: -1 + level: error + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + max: 3 + level: error + hyphens: + level: error + indentation: disable + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: disable + new-lines: + type: unix + trailing-spaces: disable + truthy: disable diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/README.md b/ansible_collections/community/mongodb/roles/mongodb_mongos/README.md new file mode 100644 index 000000000..414246781 --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/README.md @@ -0,0 +1,60 @@ +mongodb_mongos +============== + +A role to setup a mongos server for a MongoDB sharded cluster. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should +be mentioned here. For instance, if the role uses the EC2 module, it may be a +good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +* `mongos_port`: The port used by the mongos process. Default 27017. +* `mongos_service`: The name of the mongos service. Default mongos. +* `mongodb_user`: The Linux OS user for MongoDB. Default mongod. +* `mongodb_group`: The Linux OS user group for MongoDB. Default mongod. +* `pid_file`: The pid file for mongos. Default /run/mongodb/mongos.pid. +* `bind_ip`: The IP address mongos will bind to. Default 0.0.0.0. +* `bind_ip_all`: Have mongos bind to all IP addresses instead of specifying `bind_ip`. Default false. +* `log_path`: Path of the log file. Default: /var/log/mongodb/mongos.log. +* `mypy`: Python interpretor. Default python +* `mongos_package`: The name of the mongos installation package. Default mongodb-org-mongos. +* `config_repl_set_name`: The name of the config server replicaset. Default cfg. +* `config_servers`: "config1:27019, config2:27019, config3:27019" +* `openssl_keyfile_content`: The kexfile content that MongoDB uses to authenticate within a replicaset. Generate with cmd: openssl rand -base64 756. +* `openssl_keyfile_path`: Put the openssl_keyfile at this path. Default: /etc/keyfile +* `net_compressors`: If this is set, this sets `net.compression.compressors` in mongos.conf. +* `mongos_config_template`: If defined allows to override path to mongod config template with custom configuration. Default "mongos.conf.j2" +* `skip_restart`: If set to `true` will skip restarting mongos service when config file or the keyfile content changes. Default `true`. +* `mongodb_use_tls`: Wether to use tls. Default false. +* `mongodb_certificate_key_file`: Path to the PEM-file containing the certficate and private key. +* `mongodb_certificate_ca_file`: Path to the CA-file. + +Dependencies +------------ + +mongodb_repository + +Example Playbook +---------------- + +```yaml + - hosts: servers + roles: + - mongodb_repository + - mongodb_mongos +``` + +License +------- + +BSD + +Author Information +------------------ + +Rhys Campbell (https://github.com/rhysmeister) diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/defaults/main.yml b/ansible_collections/community/mongodb/roles/mongodb_mongos/defaults/main.yml new file mode 100644 index 000000000..6d91e8814 --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/defaults/main.yml @@ -0,0 +1,33 @@ +--- +# defaults file for mongodb_mongos +pid_file: /run/mongodb/mongos.pid +bind_ip: 0.0.0.0 +bind_ip_all: false +log_path: "/var/log/mongodb/mongos.log" +# mongos_port in vars to facilitate molecule tests +mypy: python +mongos_package: "mongodb-org-mongos" +config_repl_set_name: cfg +config_servers: "config1:27019, config2:27019, config3:27019" +openssl_keyfile_path: /etc/keyfile +openssl_keyfile_content: | + Z2CeA9BMcoY5AUWoegjv/XWL2MA1SQcL4HvmRjYaTjSp/xosJy+LL2X3OQb1xVWC + rO2e6Tu6A3R4muunitI6Vr0IKeU5UbTpR0N4hSU6HDrV9z2PIEWlkQqKh01ZRLEY + V3hR73acj0jA8eWIWeiV039d18jvMb8X2h8409lfcD6PPJJGjyaC8S4LY/TrsK2z + tx+l/vqOOAMhGB5mEMjx1LXUMsRG9ot6vFu9I5LPd1A4q9xw9jddYK5C6YTLccun + ZyCDsv7ImkCprV0+0vhTyxIEnfaNtvOlWypuvmRr/DEyd2NPowd1n6C+rgk8gs1t + SGLCZP93gXza0rIoQzHtuf5pOJK9qyKjuNtuuLa/KFsida8a69JXn7fmS0IIja0m + Ir0OrQ2Ta3n4VbQwQo97BWODWmkgzz0mUd6VmMps5zLsCW1vVqYFQHuAAbLekW0q + 8JRm8OQ6n2hp8j4zYd3/Qw7vqsVj8sHicNB0bCW29b64H4f2J/AcUA/cm0xSUQyb + +myeCB4vWvydh5AfFVnw7sXvzU6egaYRomdmrl59QrTDneJu13hwzIchsFparoWJ + XjpldopGeDaJLU18ga7MSL02ozB+EoJ14DJxQU7E5MQk7fDMPeitXKZ8ymxb7LeA + k0Rtc/JQM8aDLoRklhLZRRARBrv1RLo8DM8CB2q4s+FwVU4QJl7mFyiwk3eTN6sN + PTgFRo3/dHsEA2OwGG+hnGFGnoYf2mkECR5jqai83CXgva9v2rPNjDTJYHpmd3I0 + fNijueXZZdzUA58y8mcoSGVYdRhr0g8jaWQ12PZEgX5Nnlekh5GHG0j8HT4qj/0Y + D3xVuE3WvrhldY5EOsaTt2ZXZx5REmJDIW1KcnvQKiVDJ2QzP5xdXYA0hh3TdTVE + sb4UreMw/WyBpANiICMlJRBgSd0f0VGMlYzLX2BL14YpNnLhmoQqKzfBN6v2XAEG + mJfrCUVuP1nBEklk23lYkNi/ohe+aodNjdN+2DHp42sGZHYP +net_compressors: null +mongos_config_template: "mongos.conf.j2" +skip_restart: true +mongodb_use_tls: false diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/handlers/main.yml b/ansible_collections/community/mongodb/roles/mongodb_mongos/handlers/main.yml new file mode 100644 index 000000000..7ee30f2d0 --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/handlers/main.yml @@ -0,0 +1,14 @@ +--- +- name: Restart mongos + listen: Restart mongos service + service: + name: "{{ mongos_service }}" + state: restarted + when: not skip_restart + +- name: Wait for port to become active + listen: Restart mongos service + wait_for: + host: "{{ bind_ip | split(',') | first }}" + port: "{{ mongos_port }}" + when: not skip_restart diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/meta/main.yml b/ansible_collections/community/mongodb/roles/mongodb_mongos/meta/main.yml new file mode 100644 index 000000000..1f736d9e7 --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/meta/main.yml @@ -0,0 +1,57 @@ +--- +galaxy_info: + author: Rhys Campbell + description: Configure the mongos service (includes populating mongos.conf) which only runs in a sharded MongoDB cluster. + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: GPLv3 + + min_ansible_version: 1.2 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + # github_branch: + + # + # platforms is a list of platforms, and each platform has a name and a list of versions. + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/Dockerfile.j2 b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/Dockerfile.j2 new file mode 100644 index 000000000..77c8a3097 --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/Dockerfile.j2 @@ -0,0 +1,42 @@ +# Molecule managed +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +{% if item.env is defined %} +{% for var, value in item.env.items() %} +{% if value %} +ENV {{ var }} {{ value }} +{% endif %} +{% endfor %} +{% endif %} + +{% if item.name == 'amazonlinux' or item.name == 'fedora' %} +RUN yum -y install systemd sudo python3 python3-setuptools python3-pip procps-ng; \ + cd /lib/systemd/system/sysinit.target.wants/ ; \ + for i in *; do [ $i = systemd-tmpfiles-setup.service ] || rm -f $i ; done ; \ + rm -f /lib/systemd/system/multi-user.target.wants/* ; \ + rm -f /etc/systemd/system/*.wants/* ; \ + rm -f /lib/systemd/system/local-fs.target.wants/* ; \ + rm -f /lib/systemd/system/sockets.target.wants/*udev* ; \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl* ; \ + rm -f /lib/systemd/system/basic.target.wants/* ; \ + rm -f /lib/systemd/system/anaconda.target.wants/* ; +{% elif item.name == 'ubuntu_22' %} +RUN apt-get update && apt-get install -y python3 python3-setuptools python3-pip sudo bash ca-certificates iproute2 systemd-sysv procps netbase && apt-get clean; +{% else %} +# Add systemd-sysv package for Debian to get systemd working (and procps for sysctl) and netbase for firewalld +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python3 python3-setuptools python3-pip sudo bash ca-certificates iproute2 systemd-sysv procps netbase && apt-get clean; \ + elif [ $(command -v dnf) ] && grep -q 'platform:el8' /etc/os-release ; then dnf makecache && dnf update -y && dnf --assumeyes install python3 python3-setuptools python3-pip sudo python3-devel bash procps-ng && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && rm -Rf /usr/share/doc && rm -Rf /usr/share/man && dnf clean all && cp /bin/true /sbin/agetty; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python3 python3-setuptools python3-pip sudo python*-dnf bash iproute procps-ng && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python3 python3-setuptools python3-pip sudo yum-plugin-ovl bash iproute procps-ng && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python3 python3-setuptools python3-pip sudo bash python-xml iproute2 && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python3 python3-setuptools python3-pip sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python3 python3-setuptools python3-pip sudo bash ca-certificates iproute2 && xbps-remove -O; fi +{% endif %} +# TODO - Is this needed? Probably not +{% if item.name == 'debian_bullseye' %} +RUN apt install -y python3 python3-setuptools python3-pip +{% endif %}
\ No newline at end of file diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/molecule.yml new file mode 100644 index 000000000..b361e644c --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/molecule.yml @@ -0,0 +1,78 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-data: + line-length: disable +platforms: + # centos_7 and debian_stretch disabled to reduce test time + #- name: almalinux_8 + # image: almalinux:8 + # command: /sbin/init + # privileged: True + # volumes: + # - /sys/fs/cgroup:/sys/fs/cgroup:ro + # networks: + # - name: "mymongos" + # network_mode: "mymongos" + - name: fedora + image: fedora:37 + command: /sbin/init + privileged: True + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + networks: + - name: "mymongos" + network_mode: "mymongos" + - name: ubuntu_18 + image: ubuntu:18.04 + command: /sbin/init + privileged: True + networks: + - name: "mymongos" + network_mode: "mymongos" + - name: ubuntu_22 + image: ubuntu:22.04 + command: /sbin/init + privileged: True + networks: + - name: "mymongos" + network_mode: "mymongos" + #- name: debian_stretch + # image: debian:stretch + # command: /sbin/init + # privileged: True + # networks: + # - name: "mymongos" + # network_mode: "mymongos" + - name: config1 + image: ubuntu:18.04 + command: /sbin/init + privileged: True + networks: + - name: "mymongos" + network_mode: "mymongos" +provisioner: + name: ansible + lint: + name: ansible-lint + enabled: false + inventory: + host_vars: + fedora: # suitable for fedora 37 + redhat: + yum_baseurl: "https://repo.mongodb.org/yum/redhat/9/mongodb-org/{{ mongodb_version }}/x86_64/" + rpm_key_key: "https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc" + yum_gpgkey: "https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc" + yum_gpgcheck: true + yum_description: "Official MongoDB {{ mongodb_version }} yum repo" +verifier: + name: testinfra + lint: + name: flake8 + options: + ignore: 'E501' diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/playbook.yml b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/playbook.yml new file mode 100644 index 000000000..de0e856ba --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/playbook.yml @@ -0,0 +1,58 @@ +--- +- name: Converge + hosts: all + become: yes + + vars: + admin_user: "admin" + admin_user_password: "admin" + + roles: + - role: mongodb_repository + tags: molecule-idempotence-notest + - role: mongodb_install + when: "'config' in ansible_hostname" + tags: molecule-idempotence-notest + - role: mongodb_config + when: "'config' in ansible_hostname" + tags: molecule-idempotence-notest + - role: mongodb_mongos + when: "'config' not in ansible_hostname" + + tasks: + + - name: Install pymongo + pip: + name: "{{ 'pymongo==3.12.*' if ansible_python_version[0:3] | float < 3.6 else 'pymongo' }}" + when: ansible_hostname == "config1" + + - name: Install MongoDB Shell + package: + name: mongodb-mongosh + + - name: Init config server replicaset + community.mongodb.mongodb_replicaset: + login_host: localhost + login_port: "27019" + replica_set: cfg + validate: no + members: + - config1:27019 + when: ansible_hostname == "config1" + + - name: Restart the mongos service + service: + name: mongos + state: started + when: "'config' not in ansible_hostname" + + - name: Add MongoDB Admin User using localhost exception on the mongos + community.mongodb.mongodb_user: + name: "{{ admin_user }}" + password: "{{ admin_user_password }}" + login_port: "27019" + database: admin + roles: + - "root" + create_for_localhost_exception: /root/mongodb_admin.success + when: ansible_hostname == "config1" diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/prepare.yml b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/prepare.yml new file mode 100644 index 000000000..40efdd033 --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/prepare.yml @@ -0,0 +1,23 @@ +--- +- name: Prepare + hosts: all + become: yes + vars: + redhat_packages: + - net-tools + tasks: + + - name: Ensure epel is available + ansible.builtin.package: + name: epel-release + state: present + when: + - ansible_os_family == "RedHat" + - ansible_distribution != "Amazon" + - ansible_distribution != "Fedora" + + - name: Install redhat packages + ansible.builtin.package: + name: "{{ redhat_packages }}" + state: present + when: ansible_os_family == "RedHat"
\ No newline at end of file diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/tests/test_default.py b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/tests/test_default.py new file mode 100644 index 000000000..b2a7e9cb5 --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/tests/test_default.py @@ -0,0 +1,64 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE'] +).get_hosts('all') + + +def include_vars(host): + if host.system_info.distribution == "debian" \ + or host.system_info.distribution == "ubuntu": + ansible = host.ansible('include_vars', + 'file="../../vars/Debian.yml"', + False, + False) + else: + ansible = host.ansible('include_vars', + 'file="../../vars/RedHat.yml"', + False, + False) + return ansible + + +def test_mongod_cnf_file(host): + if host.ansible.get_variables()['inventory_hostname'] != 'config1': + mongodb_user = include_vars(host)['ansible_facts']['mongodb_user'] + mongodb_group = include_vars(host)['ansible_facts']['mongodb_group'] + f = host.file('/etc/mongos.conf') + + assert f.exists + assert f.user == mongodb_user + assert f.group == mongodb_group + + +def test_mongod_service(host): + + if host.ansible.get_variables()['inventory_hostname'] != 'config1': + mongos_service = include_vars(host)['ansible_facts']['mongos_service'] + s = host.service(mongos_service) + + assert s.is_running + assert s.is_enabled + + +def test_mongod_port(host): + if host.ansible.get_variables()['inventory_hostname'] != 'config1': + port = include_vars(host)['ansible_facts']['mongos_port'] + s = host.socket("tcp://0.0.0.0:{0}".format(port)) + + assert s.is_listening + + +def test_mongos_shell_connectivity(host): + ''' + Tests that we can connect to mongos via the shell annd run a cmd + ''' + if host.ansible.get_variables()['inventory_hostname'] != 'config1': + port = include_vars(host)['ansible_facts']['mongos_port'] + cmd = host.run("mongosh admin --username admin --password admin --port {0} --eval 'db.runCommand({{listDatabases: 1}})'".format(port)) + + assert cmd.rc == 0 + assert "config" in cmd.stdout + assert "admin" in cmd.stdout diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/molecule.yml new file mode 100644 index 000000000..f790062c3 --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/molecule.yml @@ -0,0 +1,60 @@ +--- +dependency: + name: galaxy +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint + options: + config-data: + line-length: disable +platforms: + - name: centos-7 + box: centos/7 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: ubuntu-16 + box: ubuntu/xenial64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: ubuntu-18 + box: ubuntu/bionic64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: debian-buster + box: debian/buster64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: debian-stretch + box: debian/contrib-stretch64 # Standard debian/stretch64 had issues: Unable to locate package linux-headers-4.9.0-9-amd64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - name: config1 + box: debian/contrib-stretch64 # Standard debian/stretch64 had issues: Unable to locate package linux-headers-4.9.0-9-amd64 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true +provisioner: + name: ansible + lint: + name: ansible-lint + enabled: false +verifier: + name: testinfra + lint: + name: flake8 + options: + ignore: 'E501' diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/playbook.yml b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/playbook.yml new file mode 100644 index 000000000..5b1eae029 --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/playbook.yml @@ -0,0 +1,65 @@ +--- +- name: Converge + hosts: all + become: yes + + vars: + admin_user: "admin" + admin_user_password: "admin" + + roles: + - role: mongodb_repository + tags: molecule-idempotence-notest + - role: mongodb_install + when: "'config' in ansible_hostname" + tags: molecule-idempotence-notest + - role: mongodb_config + when: "'config' in ansible_hostname" + tags: molecule-idempotence-notest + - role: mongodb_mongos + when: "'config' not in ansible_hostname" + + tasks: + + - name: Install pymongo + pip: + name: "{{ 'pymongo==3.12.*' if ansible_python_version[0:3] | float < 3.6 else 'pymongo' }}" + when: ansible_hostname == "config1" + + - name: Install MongoDB Shell + package: + name: mongodb-org-shell + + - name: Init config server replicaset + community.mongodb.mongodb_replicaset: + login_host: localhost + login_port: 27019 + replica_set: cfg + validate: no + members: + - config1.local:27019 + when: ansible_hostname == "config1" + + - name: Set add .local prefix to service name + lineinfile: + path: /etc/mongos.conf + regexp: " *configDB: *" + line: ' configDB: "cfg/config1.local:27019"' + when: "'config' not in ansible_hostname" + + - name: Restart the mongos service + service: + name: mongos + state: restarted + when: "'config' not in ansible_hostname" + + - name: Add MongoDB Admin User using localhost exception on the mongos + community.mongodb.mongodb_user: + name: "{{ admin_user }}" + password: "{{ admin_user_password }}" + login_port: "27019" + database: admin + roles: + - "root" + create_for_localhost_exception: /root/mongodb_admin.success + when: ansible_hostname == "config1" diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/prepare.yml b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/prepare.yml new file mode 100644 index 000000000..0b8a81eb7 --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/prepare.yml @@ -0,0 +1,50 @@ +--- +- name: Prepare + hosts: all + become: yes + vars: + avahi_packages_redhat: + - "avahi" + - "nss-mdns" + avahi_packages_debian: + - "avahi-daemon" + - "avahi-discover" + - "libnss-mdns" + + tasks: + + - name: Run apt update + shell: apt update + when: ansible_os_family == "Debian" + + - name: Ensure epel is available + yum: + name: epel-release + state: present + when: + - ansible_os_family == "RedHat" + - ansible_distribution != "Fedora" + + - name: Install avahi packages + package: + name: "{{ avahi_packages_redhat }}" + state: present + when: ansible_os_family == "RedHat" + + - name: Install avahi packages + package: + name: "{{ avahi_packages_debian }}" + state: present + when: ansible_os_family == "Debian" + + # debian-stretch seems to require a reboot for avahi-daemon to run + - name: Reboot host + reboot: + + - name: Ensure services are started + service: + name: "{{ item }}" + state: started + with_items: + #- dbus + - avahi-daemon diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/tests/test_default.py b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/tests/test_default.py new file mode 100644 index 000000000..495464451 --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/virtualbox/tests/test_default.py @@ -0,0 +1,64 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE'] +).get_hosts('all') + + +def include_vars(host): + if host.system_info.distribution == "debian" \ + or host.system_info.distribution == "ubuntu": + ansible = host.ansible('include_vars', + 'file="../../vars/Debian.yml"', + False, + False) + else: + ansible = host.ansible('include_vars', + 'file="../../vars/RedHat.yml"', + False, + False) + return ansible + + +def test_mongod_cnf_file(host): + if host.ansible.get_variables()['inventory_hostname'] != 'config1': + mongodb_user = include_vars(host)['ansible_facts']['mongodb_user'] + mongodb_group = include_vars(host)['ansible_facts']['mongodb_group'] + f = host.file('/etc/mongos.conf') + + assert f.exists + assert f.user == mongodb_user + assert f.group == mongodb_group + + +def test_mongod_service(host): + + if host.ansible.get_variables()['inventory_hostname'] != 'config1': + mongos_service = include_vars(host)['ansible_facts']['mongos_service'] + s = host.service(mongos_service) + + assert s.is_running + assert s.is_enabled + + +def test_mongod_port(host): + if host.ansible.get_variables()['inventory_hostname'] != 'config1': + port = include_vars(host)['ansible_facts']['mongos_port'] + s = host.socket("tcp://0.0.0.0:{0}".format(port)) + + assert s.is_listening + + +def test_mongos_shell_connectivity(host): + ''' + Tests that we can connect to mongos via the shell annd run a cmd + ''' + if host.ansible.get_variables()['inventory_hostname'] != 'config1': + port = include_vars(host)['ansible_facts']['mongos_port'] + cmd = host.run("mongo admin -username admin --password admin --port {0} --eval 'db.runCommand({{listDatabases: 1}})'".format(port)) + + assert cmd.rc == 0 + assert "config" in cmd.stdout + assert "admin" in cmd.stdout diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/tasks/main.yml b/ansible_collections/community/mongodb/roles/mongodb_mongos/tasks/main.yml new file mode 100644 index 000000000..ffe58d138 --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/tasks/main.yml @@ -0,0 +1,123 @@ +--- +# tasks file for mongodb_mongos +- name: Include OS-specific vars + include_vars: + file: "{{ lookup('first_found', params) }}" + vars: + params: + paths: + - "vars" + files: + - "{{ ansible_facts.distribution }}-{{ ansible_facts.distribution_version }}.yml" + - "{{ ansible_facts.os_family }}-{{ ansible_facts.distribution_major_version }}.yml" + - "{{ ansible_facts.distribution }}.yml" + - "{{ ansible_facts.os_family }}.yml" + - default.yml + tags: + - "vars" + +- name: Create mongodb_group + group: + name: "{{ mongodb_group }}" + system: yes + tags: + - "linux" + - "setup" + - "mongodb" + +- name: Create mongodb_user + user: + name: "{{ mongodb_user }}" + group: "{{ mongodb_group }}" + system: yes + createhome: no + tags: + - "linux" + - "setup" + - "mongodb" + +- name: Copy keyfile to host + copy: + content: | + {{ openssl_keyfile_content }} + dest: "{{ openssl_keyfile_path }}" + owner: "{{ mongodb_user }}" + group: "{{ mongodb_group }}" + mode: 0400 + notify: + - Restart mongos service + tags: + - "setup" + - "mongodb" + +- name: Ensure /usr/local/bin/ directory exists + file: + path: /usr/local/bin/ + state: directory + recurse: yes + tags: + - "setup" + - "mongodb" + +- name: Ensure mongos service pre start script exists + template: + src: mongos_pre.sh.j2 + dest: /usr/local/bin/mongos_pre.sh + owner: "{{ mongodb_user }}" + group: "{{ mongodb_group }}" + mode: 0755 + tags: + - "setup" + - "mongodb" + +- name: Ensure mongos.service file exists + template: + src: mongos.service.j2 + dest: /etc/systemd/system/mongos.service + owner: root + group: root + register: sysd + tags: + - "setup" + - "mongodb" + +- name: Run systemctl daemon-reload + systemd: + daemon_reload: yes + when: sysd is changed + tags: + - "setup" + - "service" + +- name: Ensure mongos.conf file exists + template: + src: "{{ mongos_config_template }}" + dest: /etc/mongos.conf + owner: "{{ mongodb_user }}" + group: "{{ mongodb_group }}" + notify: + - Restart mongos service + tags: + - "setup" + - "mongodb" + +- name: Ensure mongos package is installed + package: + name: "{{ mongos_package }}" + register: _pkg + until: _pkg is succeeded + retries: 5 + tags: + - "setup" + - "mongodb" + - "pkg" + +- name: Start mongos service + service: + name: "{{ mongos_service }}" + state: started + enabled: yes + tags: + - "setup" + - "mongodb" + - "service" diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos.conf.j2 b/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos.conf.j2 new file mode 100644 index 000000000..6c61b8716 --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos.conf.j2 @@ -0,0 +1,28 @@ +systemLog: + destination: file + path: {{ log_path }} + logAppend: true + logRotate: reopen +net: +{% if bind_ip_all %} + bindIpAll: true +{% else %} + bindIp: {{ bind_ip }} +{% endif %} + port: {{ mongos_port }} +{% if net_compressors %} + compression: + compressors: {{ net_compressors }} +{% endif %} +{% if mongodb_use_tls %} + tls: + mode: requireTLS + certificateKeyFile: {{ mongodb_certificate_key_file }} + CAFile: {{ mongodb_certificate_ca_file }} +{% endif %} +sharding: + configDB: "{{ config_repl_set_name }}/{{ config_servers }}" +processManagement: + timeZoneInfo: /usr/share/zoneinfo +security: + keyFile: {{ openssl_keyfile_path }} diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos.service.j2 b/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos.service.j2 new file mode 100644 index 000000000..6f1a11bc7 --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos.service.j2 @@ -0,0 +1,22 @@ +[Unit] +Description=mongos +After=syslog.target +After=network.target + +[Service] +User={{ mongodb_user }} +Group={{ mongodb_group }} +PIDFile={{ pid_file }} +PermissionsStartOnly=true +ExecStartPre=/usr/local/bin/mongos_pre.sh +ExecStart=/usr/bin/mongos --quiet \ + --config /etc/mongos.conf +LimitFSIZE=infinity +LimitCPU=infinity +LimitAS=infinity +LimitNOFILE=64000 +LimitNPROC=64000 +TasksAccounting=false + +[Install] +WantedBy=multi-user.target diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos_pre.sh.j2 b/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos_pre.sh.j2 new file mode 100644 index 000000000..ea58c81a2 --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos_pre.sh.j2 @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +if [ ! -d /var/log/mongodb ]; then + mkdir -p /var/log/mongodb && chown {{ mongodb_user }}:{{ mongodb_group }} /var/log/mongodb +fi diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/vars/Debian.yml b/ansible_collections/community/mongodb/roles/mongodb_mongos/vars/Debian.yml new file mode 100644 index 000000000..02e646838 --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/vars/Debian.yml @@ -0,0 +1,5 @@ +--- +mongodb_user: "mongodb" +mongodb_group: "mongodb" +mongos_port: 27017 +mongos_service: "mongos" diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/vars/RedHat.yml b/ansible_collections/community/mongodb/roles/mongodb_mongos/vars/RedHat.yml new file mode 100644 index 000000000..47197a81c --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/vars/RedHat.yml @@ -0,0 +1,5 @@ +--- +mongodb_user: "mongod" +mongodb_group: "mongod" +mongos_port: 27017 +mongos_service: "mongos" diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/vars/default.yml b/ansible_collections/community/mongodb/roles/mongodb_mongos/vars/default.yml new file mode 100644 index 000000000..47197a81c --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/vars/default.yml @@ -0,0 +1,5 @@ +--- +mongodb_user: "mongod" +mongodb_group: "mongod" +mongos_port: 27017 +mongos_service: "mongos" |