diff options
Diffstat (limited to '')
80 files changed, 1804 insertions, 507 deletions
diff --git a/ansible_collections/community/mongodb/.github/workflows/ansible-test.yml b/ansible_collections/community/mongodb/.github/workflows/ansible-test.yml index 6a8d52bd1..f64d5881c 100644 --- a/ansible_collections/community/mongodb/.github/workflows/ansible-test.yml +++ b/ansible_collections/community/mongodb/.github/workflows/ansible-test.yml @@ -18,20 +18,23 @@ jobs: ansible_version: - devel - stable-2.13 + - stable-2.14 + - stable-2.15 + - stable-2.16 steps: - name: Check out code - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: path: ansible_collections/community/mongodb - - name: Set up Python 3.9 - uses: actions/setup-python@v4 + - name: Set up Python 3.10 + uses: actions/setup-python@v5 with: - python-version: 3.9 + python-version: "3.10" - name: Install ansible-base (${{ matrix.ansible_version }}) - uses: nick-invision/retry@v2 + uses: nick-invision/retry@v3 with: timeout_minutes: 3 max_attempts: 3 @@ -50,40 +53,43 @@ jobs: ansible_version: - devel - stable-2.13 + - stable-2.14 + - stable-2.15 + - stable-2.16 steps: - name: Check out code - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: path: ansible_collections/community/mongodb - - name: Set up Python 3.9 - uses: actions/setup-python@v4 + - name: Set up Python 3.10 + uses: actions/setup-python@v5 with: - python-version: 3.9 + python-version: "3.10" - name: Install ansible-base (${{ matrix.ansible_version }}) - uses: nick-invision/retry@v2 + uses: nick-invision/retry@v3 with: timeout_minutes: 3 max_attempts: 3 command: pip install https://github.com/ansible/ansible/archive/${{ matrix.ansible_version }}.tar.gz --disable-pip-version-check - name: Install mongodb - uses: nick-invision/retry@v2 + uses: nick-invision/retry@v3 with: timeout_minutes: 3 max_attempts: 3 command: sudo apt-get install -y mongodb-org - name: Install dateutil - uses: nick-invision/retry@v2 + uses: nick-invision/retry@v3 with: timeout_minutes: 3 max_attempts: 3 command: pip install python-dateutil - name: Install python libs - uses: nick-invision/retry@v2 + uses: nick-invision/retry@v3 with: timeout_minutes: 3 max_attempts: 3 @@ -97,12 +103,12 @@ jobs: run: mlaunch --single --port 27999 - name: Run unit tests - run: ansible-test units -v --color --python 3.9 --coverage + run: ansible-test units -v --color --python 3.10 --coverage - name: Generate coverage report. run: ansible-test coverage xml -v --requirements --group-by command --group-by version - - uses: codecov/codecov-action@v1 + - uses: codecov/codecov-action@v3 with: fail_ci_if_error: false @@ -120,7 +126,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: path: ansible_collections/community/mongodb @@ -144,64 +150,53 @@ jobs: strategy: matrix: mongodb_version: - - "5.0" - "6.0" + - "7.0" mongodb_module: ${{ fromJson(needs.integration_matrix.outputs.matrix) }} versions: - #- python_version: "2.7" - # ansible_version: "stable-2.10" - # docker_image: "centos7" - #- python_version: "2.7" - # ansible_version: "stable-2.11" - # docker_image: "centos7" - - python_version: "3.6" - ansible_version: "stable-2.10" - docker_image: "ubuntu1804" - - python_version: "3.6" - ansible_version: "stable-2.11" - docker_image: "ubuntu1804" - - python_version: "3.8" - ansible_version: "stable-2.12" - docker_image: "default" - python_version: "3.8" ansible_version: "stable-2.13" docker_image: "default" - python_version: "3.9" ansible_version: "stable-2.14" docker_image: "default" - # Fedora 33 should be possible after this is fixed - # https://jira.mongodb.org/browse/MONGOSH-941 - #- python_version: "3.9" - # ansible_version: "devel" - # docker_image: "fedora33" + - python_version: "3.10" + ansible_version: "stable-2.15" + docker_image: "default" + - python_version: "3.10" + ansible_version: "stable-2.16" + docker_image: "default" + - python_version: "3.10" + ansible_version: "devel" + docker_image: "default" steps: - name: Check out code - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: path: ansible_collections/community/mongodb - name: Set up Python ${{ matrix.versions.python_version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.versions.python_version }} - name: Install ansible-base (${{ matrix.versions.ansible_version }}) - uses: nick-invision/retry@v2 + uses: nick-invision/retry@v3 with: timeout_minutes: 3 max_attempts: 3 command: pip install https://github.com/ansible/ansible/archive/${{ matrix.versions.ansible_version }}.tar.gz --disable-pip-version-check - name: Install community.general - uses: nick-invision/retry@v2 + uses: nick-invision/retry@v3 with: timeout_minutes: 3 max_attempts: 3 command: ansible-galaxy collection install 'community.general' -p ansible_collections/ - name: Install community.crypto - uses: nick-invision/retry@v2 + uses: nick-invision/retry@v3 with: timeout_minutes: 3 max_attempts: 3 @@ -214,4 +209,4 @@ jobs: run: ansible-test integration --docker ${{ matrix.versions.docker_image }} -v --color --retry-on-error --python ${{ matrix.versions.python_version }} --continue-on-error --diff --coverage ${{ matrix.mongodb_module }} - name: Upload Coverage data - run: tests/coverage.sh
\ No newline at end of file + run: tests/coverage.sh diff --git a/ansible_collections/community/mongodb/.github/workflows/mongodb-cache.yml b/ansible_collections/community/mongodb/.github/workflows/mongodb-cache.yml index 992646c28..757b72256 100644 --- a/ansible_collections/community/mongodb/.github/workflows/mongodb-cache.yml +++ b/ansible_collections/community/mongodb/.github/workflows/mongodb-cache.yml @@ -17,33 +17,31 @@ jobs: strategy: matrix: versions: - - ansible_version: "stable-2.10" - python_version: "3.6" - - ansible_version: "stable-2.11" - python_version: "3.6" - - ansible_version: "stable-2.12" - python_version: "3.9" - ansible_version: "stable-2.13" - python_version: "3.8" - - ansible_version: "stable-2.14" python_version: "3.9" + - ansible_version: "stable-2.14" + python_version: "3.10" + - ansible_version: "stable-2.15" + python_version: "3.11" + - ansible_version: "stable-2.16" + python_version: "3.11" - ansible_version: "devel" - python_version: "3.9" + python_version: "3.11" steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: ansible_collections/community/mongodb - name: Set up Python ${{ matrix.versions.python_version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.versions.python_version }} - name: Install ansible-base (${{ matrix.versions.ansible_version }}) - uses: nick-invision/retry@v2 + uses: nick-invision/retry@v3 with: timeout_minutes: 3 max_attempts: 3 @@ -68,7 +66,7 @@ jobs: -v mongocache:/data/db mongo:latest - name: Install mongodb-org-shell - uses: nick-invision/retry@v2 + uses: nick-invision/retry@v3 with: timeout_minutes: 3 max_attempts: 3 @@ -86,18 +84,18 @@ jobs: echo "nopymongo=$output" >> $GITHUB_OUTPUT - name: Test cache handling of missing pymongo - uses: nick-invision/assert-action@v1 + uses: nick-invision/assert-action@v2 with: expected: "The 'pymongo' python module is required for the mongodb fact cache" actual: ${{ steps.no-pymongo.outputs.nopymongo }} comparison: contains - name: Install pymongo - uses: nick-invision/retry@v2 + uses: nick-invision/retry@v3 with: timeout_minutes: 3 max_attempts: 3 - command: pip install pymongo==3.12.2 + command: pip install pymongo - name: Run ansible to generate the mongodb cache run: ansible localhost -m setup @@ -113,7 +111,7 @@ jobs: echo "mongo=$output" >> $GITHUB_OUTPUT - name: Test that we have something that looks like a cache record - uses: nick-invision/assert-action@v1 + uses: nick-invision/assert-action@v2 with: expected: ansible_processor_count actual: ${{ steps.mongo1.outputs.mongo }} @@ -130,14 +128,14 @@ jobs: echo "mongo=$output" >> $GITHUB_OUTPUT - name: Test that we don't have an index called ttl - uses: nick-invision/assert-action@v1 + uses: nick-invision/assert-action@v2 with: expected: ttl actual: ${{ steps.mongo2.outputs.mongo }} comparison: notContains - name: Test that we have good output from getindexes - uses: nick-invision/assert-action@v1 + uses: nick-invision/assert-action@v2 with: expected: "_id_" actual: ${{ steps.mongo2.outputs.mongo }} @@ -157,7 +155,7 @@ jobs: echo "mongo=$output" >> $GITHUB_OUTPUT - name: Test that we have something that looks like a cache record - uses: nick-invision/assert-action@v1 + uses: nick-invision/assert-action@v2 with: expected: ansible_processor_count actual: ${{ steps.mongo3.outputs.mongo }} @@ -174,14 +172,14 @@ jobs: echo "mongo=$output" >> $GITHUB_OUTPUT - name: Test that we don't have an index called ttl - uses: nick-invision/assert-action@v1 + uses: nick-invision/assert-action@v2 with: expected: ttl actual: ${{ steps.mongo4.outputs.mongo }} comparison: notContains - name: Test that we have good output from getindexes - uses: nick-invision/assert-action@v1 + uses: nick-invision/assert-action@v2 with: expected: "_id_" actual: ${{ steps.mongo4.outputs.mongo }} @@ -203,7 +201,7 @@ jobs: echo "mongo=$output" >> $GITHUB_OUTPUT - name: Test that we have something that looks like a cache record - uses: nick-invision/assert-action@v1 + uses: nick-invision/assert-action@v2 with: expected: ansible_processor_count actual: ${{ steps.mongo5.outputs.mongo }} @@ -220,7 +218,7 @@ jobs: echo "mongo=$output" >> $GITHUB_OUTPUT - name: Test that we do have an index called ttl - uses: nick-invision/assert-action@v1 + uses: nick-invision/assert-action@v2 with: expected: ttl actual: ${{ steps.mongo6.outputs.mongo }} @@ -242,7 +240,7 @@ jobs: echo "mongo=$output" >> $GITHUB_OUTPUT - name: Test that we have something that looks like a cache record - uses: nick-invision/assert-action@v1 + uses: nick-invision/assert-action@v2 with: expected: ansible_processor_count actual: ${{ steps.mongo7.outputs.mongo }} @@ -259,7 +257,7 @@ jobs: echo "mongo=$output" >> $GITHUB_OUTPUT - name: Test that we do have an index called ttl - uses: nick-invision/assert-action@v1 + uses: nick-invision/assert-action@v2 with: expected: ttl actual: ${{ steps.mongo8.outputs.mongo }} @@ -281,7 +279,7 @@ jobs: echo "mongo=$output" >> $GITHUB_OUTPUT - name: Test that we have something that looks like a cache record - uses: nick-invision/assert-action@v1 + uses: nick-invision/assert-action@v2 with: expected: ansible_processor_count actual: ${{ steps.mongo9.outputs.mongo }} @@ -298,14 +296,14 @@ jobs: echo "mongo=$output" >> $GITHUB_OUTPUT - name: Test that we don't have an index called ttl - uses: nick-invision/assert-action@v1 + uses: nick-invision/assert-action@v2 with: expected: ttl actual: ${{ steps.mongo10.outputs.mongo }} comparison: notContains - name: Test that we have good output from getindexes - uses: nick-invision/assert-action@v1 + uses: nick-invision/assert-action@v2 with: expected: "_id_" actual: ${{ steps.mongo10.outputs.mongo }} diff --git a/ansible_collections/community/mongodb/.github/workflows/publish_collection.yml b/ansible_collections/community/mongodb/.github/workflows/publish_collection.yml index a16dcd55d..c928a4809 100644 --- a/ansible_collections/community/mongodb/.github/workflows/publish_collection.yml +++ b/ansible_collections/community/mongodb/.github/workflows/publish_collection.yml @@ -14,14 +14,14 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: ansible_collections/community/mongodb - - name: Set up Python 3.9 - uses: actions/setup-python@v4 + - name: Set up Python 3.10 + uses: actions/setup-python@v5 with: - python-version: 3.9 + python-version: "3.10" - name: Install ansible-base (devel) run: pip install https://github.com/ansible/ansible/archive/devel.tar.gz --disable-pip-version-check @@ -40,7 +40,7 @@ jobs: # Moving the tag leaves an orphan artifact. Just changing the artifact doesn't move the tag. - name: Delete latest tag and release - uses: dev-drprasad/delete-tag-and-release@v0.2.1 + uses: dev-drprasad/delete-tag-and-release@v1.0.1 with: delete_release: true tag_name: latest diff --git a/ansible_collections/community/mongodb/.github/workflows/test-roles.yml b/ansible_collections/community/mongodb/.github/workflows/test-roles.yml index 2529bfc10..5aa01e2cc 100644 --- a/ansible_collections/community/mongodb/.github/workflows/test-roles.yml +++ b/ansible_collections/community/mongodb/.github/workflows/test-roles.yml @@ -17,7 +17,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: ansible_collections/community/mongodb @@ -42,17 +42,17 @@ jobs: strategy: matrix: python_version: - - "3.6" + - "3.10" mongodb_role: ${{ fromJson(needs.roles_matrix.outputs.matrix) }} steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: ansible_collections/community/mongodb - name: Set up Python ${{ matrix.test_scenario.python_version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.test_scenario.python_version }} diff --git a/ansible_collections/community/mongodb/.github/workflows/x509.yml b/ansible_collections/community/mongodb/.github/workflows/x509.yml index bd6fd561c..59070b07f 100644 --- a/ansible_collections/community/mongodb/.github/workflows/x509.yml +++ b/ansible_collections/community/mongodb/.github/workflows/x509.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: ansible_collections/community/mongodb @@ -104,13 +104,13 @@ jobs: --authenticationDatabase '$external' \ --eval "db.adminCommand('listDatabases')" - - name: Set up Python 3.9 - uses: actions/setup-python@v4 + - name: Set up Python 3.10 + uses: actions/setup-python@v5 with: - python-version: "3.9" + python-version: "3.10" - name: Install ansible-base devel - uses: nick-invision/retry@v2 + uses: nick-invision/retry@v3 with: timeout_minutes: 3 max_attempts: 3 @@ -129,7 +129,7 @@ jobs: working-directory: ansible_collections/community/mongodb - name: Install pymongo - uses: nick-invision/retry@v2.8.2 + uses: nick-invision/retry@v3 with: timeout_minutes: 3 max_attempts: 3 diff --git a/ansible_collections/community/mongodb/CHANGELOG.rst b/ansible_collections/community/mongodb/CHANGELOG.rst index 2c898bd5d..88b4b7fe4 100644 --- a/ansible_collections/community/mongodb/CHANGELOG.rst +++ b/ansible_collections/community/mongodb/CHANGELOG.rst @@ -4,6 +4,108 @@ Community.MongoDB Release Notes .. contents:: Topics +v1.7.2: +========= + +Release Summary +---------------- + +This release is a maintenance release. + +Bug Fixes +---------- + +- 638 - mongodb_replicaset - Allow module to update replicaset horizons. + +v1.7.1: +========= + +Release Summary +---------------- + +This release is a maintenance release. + +Bug Fixes +---------- + +- 631 - cache/mongodb.py - Support pymongo 4.0+. This plugin no longer support pymongo 3.12.*. + +v1.7.0: +========= + +Release Summary +---------------- + +This release is a maintenance release. + +Minor Changes +-------------- + +- 622 - mongodb_mongod - Allow systemd configuration override. +- 620 - mongodb_common - Use SSL constants in shared connection code. +- 609 - mongodb_mongod, mongodb_mongos, mongodb_config - support for allowConnectionsWithoutCertificates. +- 605 - mongodb_mongod, mongodb_mongos, mongodb_config - support for security.disabledProtocols. + +Bug Fixes +---------- + +- 614 - mongodb_replicaset - Count voting members based on the sum of "votes" and using a comprehension list. +- 611 - mongodb_role - lambda function changed to support non-existing keys. + +Modules +--------- + +- 612 - mongodb_atlas_cluster - Manage database clusters in Atlas (#612). +- 612 - mongodb_atlas_ldap_user - Manage ldap users in Atlas (#612). +- 612 - mongodb_atlas_user - Manage database users in Atlas (#612). +- 612 - mongodb_atlas_whitelist - Manage IP whitelists in Atlas (#612). + +v1.6.3: +======== + +Release Summary +--------------- + +This release is a maintenance release. + +Minor Changes +-------------- + +- 600 - Remove delete module from README.md. +- 601 - mongodb_install - Fix issue with specific_mongodb_version on RedHat OS family. + +v1.6.2: +======== + +Release Summary +--------------- + +This release is a maintenance release. + +Minor Changes +-------------- + +- 583 - mongodb_linux - Add vars for RedHat 9 to role. +- 586 - mongodb_auth - Add ssl vars to role. +- 589 - mongodb_linux - Adds vars to better handle ntp package installation and handling. +- 588 - mongodb_linux - Default ntp system to systemd-timesyncd for Debian12. +- 593 - mongodb_linux - Add vm.max_map_count = 128000 sysctl config. +- 597 - mongodb_monitoring - Module has been deleted as Free Monitoring service has been stopped. +- 595 - mongodb_linux - Improvements to transparent_hugepage handling. + +v1.6.1: +======== + +Release Summary +--------------- + +This release is a maintenance release. + +Minor Changes +-------------- + +- 578 - mongodb_role - More robust comparison of user roles. + v1.6.0: ======== @@ -16,7 +118,7 @@ Minor Changes -------------- - 569 - All pymongo modules - Better support for MongoDB Atlas. -- 568 - Minor documentation updates. +- 568 - Minor documentation updates. v1.5.2 ======= @@ -131,7 +233,7 @@ Major Changes --------------- - 470 - Removes depreciated distutils package and require Pymongo 3.12+ and MongoDB 4+ - Adds a new parameter strict_compatibility (default true). + Adds a new parameter strict_compatibility (default true). Set to false to disable Pymongo and MongoDB requirements. v1.3.4 @@ -165,8 +267,8 @@ Bug Fixes Minor Changes --------------- -- 450 - mongodb_replicaset. Introduce cluster_cmd parameter. Can be set to isMaster or hello. - Hello is the default. isMaster is useful for older versions of MongoDB. +- 450 - mongodb_replicaset. Introduce cluster_cmd parameter. Can be set to isMaster or hello. + Hello is the default. isMaster is useful for older versions of MongoDB. See [db.hello()](https://www.mongodb.com/docs/manual/reference/method/db.hello/) for more. v1.3.2 diff --git a/ansible_collections/community/mongodb/FILES.json b/ansible_collections/community/mongodb/FILES.json index 3350b5fe3..ff9223131 100644 --- a/ansible_collections/community/mongodb/FILES.json +++ b/ansible_collections/community/mongodb/FILES.json @@ -25,21 +25,21 @@ "name": ".github/workflows/ansible-test.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "893b57c4cbb866c079d790a6018f660ee8f178ee105a8e46b2d93f1e5106bb1f", + "chksum_sha256": "73b933669a573ce6fa027dff9223cbbed48d4d31e0b61cf54c503f3eec46816a", "format": 1 }, { "name": ".github/workflows/mongodb-cache.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "3b6e9e5c1b98e1db58c3c3327bb10ce1c59cd24dbc716d253f2d75bd30ab06d4", + "chksum_sha256": "a501aa0916837a4abfbd5f910662f525be0833be53d3d46a0c98973659ba21f2", "format": 1 }, { "name": ".github/workflows/publish_collection.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "5dc1ef6a5c6cdf0ce4d49e520df15cefc0b8f9732f9cde850c8f82d674a247b2", + "chksum_sha256": "e938fc2ffec98aa434184ee4f7f7a293def84daaadf116289b38226e0a00426a", "format": 1 }, { @@ -53,14 +53,14 @@ "name": ".github/workflows/test-roles.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "d3b655c70d9d1d8f93a6e18a36c04735ef41c9cf67c5db5c82fa5a8d51a5ac3a", + "chksum_sha256": "fcb80d477c82b079fbf7fc1bb3b099bb913d4961c699026bc2b78e8064cb58e6", "format": 1 }, { "name": ".github/workflows/x509.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "e0f9df03ae321bb23feeec7ee9b0de71d915fa27667aa3f88cb52a82d1ea07a8", + "chksum_sha256": "da22d7aa6893fdf4134f886f828344437bbdab96808ad7617f36775f619d480f", "format": 1 }, { @@ -95,7 +95,7 @@ "name": "changelogs/changelog.yaml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "a2b8248a625db8ee7b0564011caa76e5cca57d319a6465f327b2151bfac26a47", + "chksum_sha256": "62026cfdee0d726808baf3b46212cb3b1d0668bf8f156898c11b3017f45c67e4", "format": 1 }, { @@ -151,7 +151,7 @@ "name": "plugins/cache/mongodb.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "dd0e0964cdbeb66487c9dd39feeee0f408221f0060988df7afc8ee9b5c17b9bd", + "chksum_sha256": "aedbdc6afc85b4d5ed39ce822c4573b7a7de0742ea6ec43e5e7e1f6bcfb12905", "format": 1 }, { @@ -162,6 +162,13 @@ "format": 1 }, { + "name": "plugins/doc_fragments/atlas_options.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c28b5eaeb1b089c9b66a2ad64ba7467f7836f86d6948ca9e5aed684304873b2a", + "format": 1 + }, + { "name": "plugins/doc_fragments/login_options.py", "ftype": "file", "chksum_type": "sha256", @@ -211,10 +218,17 @@ "format": 1 }, { + "name": "plugins/module_utils/mongodb_atlas.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e63bf87e1f6f35859e306fbd7070c70c1d5406ab3a30c51923cc6fe0d338779a", + "format": 1 + }, + { "name": "plugins/module_utils/mongodb_common.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "31ee1df028aaf5f6807866807dd9bbb584318af5bd640c924daf3b4ad76dfc48", + "chksum_sha256": "a46ecf4ee936b461cabe289496e425a9fd2d454df7c083580e7e65c96c45092d", "format": 1 }, { @@ -239,10 +253,38 @@ "format": 1 }, { + "name": "plugins/modules/mongodb_atlas_cluster.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "41da55ac3e6fbeeb8ad3c056e37e1bf3116b6b75b82dbbcd279af10f9228d247", + "format": 1 + }, + { + "name": "plugins/modules/mongodb_atlas_ldap_user.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2c424fd746b2a531c811fc9d4ba6126e42b6433db87998beae2ac725392cf3c9", + "format": 1 + }, + { + "name": "plugins/modules/mongodb_atlas_user.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "fc1f272d0d97322664633458de27c9fcbc0011696052421bc2bb58d7fb06744b", + "format": 1 + }, + { + "name": "plugins/modules/mongodb_atlas_whitelist.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "066c44e0ed09fb61e4a0b66416a644121eb7eb5556c9a1895ae8305f49f4ffcf", + "format": 1 + }, + { "name": "plugins/modules/mongodb_balancer.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "a634f2ab69e027cd9876a36937c808b1ab551707739aa4bf87c88f5bbeffc635", + "chksum_sha256": "dd4263c776a24763b3811a2a343dcb555a53f135e452216417b8018d970e26c7", "format": 1 }, { @@ -267,13 +309,6 @@ "format": 1 }, { - "name": "plugins/modules/mongodb_monitoring.py", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "928eca8ce08b54251c708fb88749f1f5a75aa26e7f1c84fbe31983f43ab4fe4e", - "format": 1 - }, - { "name": "plugins/modules/mongodb_oplog.py", "ftype": "file", "chksum_type": "sha256", @@ -291,14 +326,14 @@ "name": "plugins/modules/mongodb_replicaset.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "044d8ef48ba89fd5809b673990776acfa573c9b2a27890d7d6cddd17f2afc50f", + "chksum_sha256": "c26ca9213dc53361cf320db30d7e478d4107da0ca89b2b2a72c5e50d17352db0", "format": 1 }, { "name": "plugins/modules/mongodb_role.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "53bf6881a8d8dae4abf3d94cd238b24eb13c4ae39420495e57f25c799ba1fba6", + "chksum_sha256": "2fd82f46ba80720492007a2505e4aca8a5053a71dba2b27a9f1cead7cc33d57d", "format": 1 }, { @@ -361,7 +396,7 @@ "name": "plugins/modules/mongodb_user.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "dc53094a237fcc6941306d9bc48d30097c8f3e8b50cbb122d841e2140f16af4d", + "chksum_sha256": "3d4cd46206b60f69ed168e84ec54e151a32c1c4a18c1c2989d19a6e9e98924a7", "format": 1 }, { @@ -389,7 +424,7 @@ "name": "roles/mongodb_auth/defaults/main.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "770aaa7a7e1aa715295ce515ebcc381e0ddf088bb88df068626d5f023e577b9a", + "chksum_sha256": "b6135635aa61d2f294bf69a1b7308495d1b82be79bc7ce2f514ae9e0c4f693f5", "format": 1 }, { @@ -445,14 +480,14 @@ "name": "roles/mongodb_auth/molecule/default/molecule.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "189c4239601a31224b5b0e5c2555d3824f8db7faa50bd5b3286db59f9762a919", + "chksum_sha256": "7277bbdc4e39e8b2fea6947c097402c58b19ddf3c55362b9de63eee36c6d94e2", "format": 1 }, { "name": "roles/mongodb_auth/molecule/default/playbook.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "90376e78d3e52f87ea244a0da77ce40456dac6455a49eeb1e3f6b6edfc8c47bd", + "chksum_sha256": "52ca66d02d0aa4bbed51e46564a5be8f3a973a5efa1fb58adaf76c636ac209cc", "format": 1 }, { @@ -515,14 +550,14 @@ "name": "roles/mongodb_auth/tasks/main.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "4dfaf85065ad9d25d59e58ff7aca52d1f7a02caac905e434921eecb6387c2bb4", + "chksum_sha256": "d053cc9984165bbdfab92bcbb59e988d5766b2f9fbc9acc3df95a403f398abdb", "format": 1 }, { "name": "roles/mongodb_auth/tasks/mongodb_auth_user.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "327d37e2ce96949fa0401129c3609fe8f8c93fa7075cad4115f2465117a7e947", + "chksum_sha256": "d27869371e43dceadffe0295ab9ee06e3161dc94fa598ed8776e559d9f916c82", "format": 1 }, { @@ -599,7 +634,7 @@ "name": "roles/mongodb_config/defaults/main.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "b02f09d1c97cb479f785d03f12474d9fc599049d74ae1374063960250ab94948", + "chksum_sha256": "75bcad9b2efe940df6365fe5051866d218383c609fdb60ebfcc95b7de083220a", "format": 1 }, { @@ -662,21 +697,21 @@ "name": "roles/mongodb_config/molecule/custom_db_path/tests/test_default.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "6785ea2c0ef42b1c74098c66a58e79496172b9150c3a6f840da39becf1e65f92", + "chksum_sha256": "9043f00bfad88d3f198692b80b762ca41af5db6d2f57f72915a2d74c3d4f853c", "format": 1 }, { "name": "roles/mongodb_config/molecule/custom_db_path/molecule.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "7a81696b0bba4ff65dc6d7f89d16d2c7daa6368b5e84ff4772fbf31210bb1c3c", + "chksum_sha256": "7ed5994c9bef0b2e46cf6bae21af9a82a7366b3a8dc85605c217f6941166c3c5", "format": 1 }, { "name": "roles/mongodb_config/molecule/custom_db_path/playbook.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "ab3364344b36e00fcad9d5e00be1aa6c15ea629d619a8e87308d38416045891c", + "chksum_sha256": "96f0c0737e5155e74c3221fe8140e6fed8829c88b8e7f67e53bd64d4bc8b5efe", "format": 1 }, { @@ -711,21 +746,21 @@ "name": "roles/mongodb_config/molecule/default/tests/test_default.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "76c4a4583bbd511453521974072f30d98268c9061ac35d85edf3846d4544da69", + "chksum_sha256": "d58ff4a841a0c923e98e0e4c2f5f2c4c72e32eb8879b743e48e9de1f0227124a", "format": 1 }, { "name": "roles/mongodb_config/molecule/default/molecule.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "7a81696b0bba4ff65dc6d7f89d16d2c7daa6368b5e84ff4772fbf31210bb1c3c", + "chksum_sha256": "7ed5994c9bef0b2e46cf6bae21af9a82a7366b3a8dc85605c217f6941166c3c5", "format": 1 }, { "name": "roles/mongodb_config/molecule/default/playbook.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "4d583abdcf01781aa7067708340991b1ce76a927d4a0c3f20f0f728d19e2d50f", + "chksum_sha256": "23267a579fc73f82b2e15f3b7652d25f2a44fdc8bf2c374ad21be9ef90426eb8", "format": 1 }, { @@ -802,7 +837,7 @@ "name": "roles/mongodb_config/templates/configsrv.conf.j2", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "c6ef3f0bde18b5678d91f4a04538d10957dfc5cfb6e51131675268e6905869af", + "chksum_sha256": "24094caecb4f6c83858bf5d854b0c2e3b3a9c6daed896e592eb937b0f963d5ef", "format": 1 }, { @@ -851,7 +886,7 @@ "name": "roles/mongodb_config/README.md", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "ccf4c86dd5e1a6e1998fbb59d506b5473f94a58caecac46568f167033f12c183", + "chksum_sha256": "1a927b09d12cc908ac710a0d3fa72671be0f50e4930e185db510bdd8f2d1c8c4", "format": 1 }, { @@ -872,7 +907,7 @@ "name": "roles/mongodb_install/files/lock_mongodb_packages.sh", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "89582cbb311785ffd3e39029a6f03678267cb1e84995b7260ed41bcc3a508e83", + "chksum_sha256": "463061abc6bebbcbad2e3d4a111c4d813494a8504e73d24c66335850e148430c", "format": 1 }, { @@ -928,7 +963,7 @@ "name": "roles/mongodb_install/molecule/default/molecule.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "e1d96e0e5e9e889366a75d87c73f5408954d1bcfab2e1253c6e070f4d6da1509", + "chksum_sha256": "704539b8afef5b03179bfebc38ca69b4017f863b86821af66866c6138d6b7965", "format": 1 }, { @@ -939,6 +974,13 @@ "format": 1 }, { + "name": "roles/mongodb_install/molecule/default/prepare.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "716aa1020826da54c85e96d853b6f075d293f3b85163f1e59083e6a77de03f6b", + "format": 1 + }, + { "name": "roles/mongodb_install/molecule/mongodb_hold_packages", "ftype": "dir", "chksum_type": null, @@ -963,14 +1005,14 @@ "name": "roles/mongodb_install/molecule/mongodb_hold_packages/tests/test_default.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "6e073162dffc65ded4fb9afefc297a091c7210f97072044c905b09502944147b", + "chksum_sha256": "fe77ad84ef37f1e94aea2dc559de730eb76792fd6f2e6162b055dd5a07eea0a1", "format": 1 }, { "name": "roles/mongodb_install/molecule/mongodb_hold_packages/molecule.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "1415aa365827c25bd2eb92c2ed0b7fc5d994211d1ace12939d9edf3108238029", + "chksum_sha256": "52aaa6252e224662deeae462f1196eb36627d457c368c97b1921fa358f511da1", "format": 1 }, { @@ -984,7 +1026,7 @@ "name": "roles/mongodb_install/molecule/mongodb_hold_packages/prepare.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "33e0317ed95fb8f1c1c1731829ab5face9b8a4b462508ca98b7f0f60d2fd081c", + "chksum_sha256": "39b7a0f9bc99a5ed5e6780cddaf721d86d5ebdba3b816331e0477bdc74ab2834", "format": 1 }, { @@ -1012,14 +1054,14 @@ "name": "roles/mongodb_install/molecule/mongodb_nohold_packages/tests/test_default.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "3a2b47c9b82958b1a9e6f02b2deae73bc3cf7c1d7a3b71677bb44014ee9495d1", + "chksum_sha256": "55316179446793619e8f84077feb30a7f196c2d745696845435df26c35dbe821", "format": 1 }, { "name": "roles/mongodb_install/molecule/mongodb_nohold_packages/molecule.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "1415aa365827c25bd2eb92c2ed0b7fc5d994211d1ace12939d9edf3108238029", + "chksum_sha256": "52aaa6252e224662deeae462f1196eb36627d457c368c97b1921fa358f511da1", "format": 1 }, { @@ -1033,7 +1075,7 @@ "name": "roles/mongodb_install/molecule/mongodb_nohold_packages/prepare.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "86d57bedf4f40ab8b4bb0e3c2ff7dd13460c59bb717b75f40c66127fdf04fc19", + "chksum_sha256": "39b7a0f9bc99a5ed5e6780cddaf721d86d5ebdba3b816331e0477bdc74ab2834", "format": 1 }, { @@ -1068,7 +1110,7 @@ "name": "roles/mongodb_install/molecule/specific_mongodb_version/molecule.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "1357cdc063266cba2791e9aff653754beaeac0ccb4cc9c14e57f276efb073a85", + "chksum_sha256": "f00fe8ebc792b3ed29f11cf1a6a6ea2a812da05c42381c3159992b16e29a43e9", "format": 1 }, { @@ -1079,6 +1121,13 @@ "format": 1 }, { + "name": "roles/mongodb_install/molecule/specific_mongodb_version/prepare.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "716aa1020826da54c85e96d853b6f075d293f3b85163f1e59083e6a77de03f6b", + "format": 1 + }, + { "name": "roles/mongodb_install/molecule/virtualbox", "ftype": "dir", "chksum_type": null, @@ -1131,7 +1180,7 @@ "name": "roles/mongodb_install/tasks/main.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "96fc2a8682910071e99da627660d51e23b3810c8527f9417e7676bc19d041db7", + "chksum_sha256": "7e697265fdb1056041aa09706fbd1692a788d642f9e854c8e4f48feca59dc15b", "format": 1 }, { @@ -1166,7 +1215,7 @@ "name": "roles/mongodb_linux/defaults/main.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "8c1cb3f8cb7c88e5f9b94e95c798303831bd6d28cee2b24b42e1b8b5c3c77fc7", + "chksum_sha256": "d86ecaec3b0c92ecd4838d5d23c78facb542ec49032799451ba4e4faafccc63c", "format": 1 }, { @@ -1180,7 +1229,7 @@ "name": "roles/mongodb_linux/files/thp-disable.service", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "1b9f839d1dbbb918acd201e94fe3a9bb9ddaafdbf9398059f8fb0817ecd823c3", + "chksum_sha256": "8b7ce5d74e14d3efe593ed64d94376f5320183f9f522b407cbad53a72bbb5439", "format": 1 }, { @@ -1236,7 +1285,7 @@ "name": "roles/mongodb_linux/molecule/default/molecule.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "b231dbfcbc1932c974c1a82df6cc5e5b32dce3b2168bae77781e8c5f0a706d6b", + "chksum_sha256": "fe17f301302d20fdd6df13667cc160c5f0305b639eaddc00203da9b988185241", "format": 1 }, { @@ -1299,7 +1348,7 @@ "name": "roles/mongodb_linux/tasks/main.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "c3eea6e9a70b6f26b80927d4e7b32ed555d1b3c823aeabca4d9e4827eb82d98f", + "chksum_sha256": "6fced29f74e80b9e274f5ec26398f1a7f58ff53b0b89c049fcfbffb18d9c812f", "format": 1 }, { @@ -1310,6 +1359,13 @@ "format": 1 }, { + "name": "roles/mongodb_linux/vars/Debian-12.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3755aba3d3662eb7a5db022eeee52e58af7498f7cd2a11f56f0affac09cffb9f", + "format": 1 + }, + { "name": "roles/mongodb_linux/vars/Debian.yml", "ftype": "file", "chksum_type": "sha256", @@ -1331,6 +1387,13 @@ "format": 1 }, { + "name": "roles/mongodb_linux/vars/RedHat-9.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a2f3697e1cadee2ccd84ff99e8c57788bca914a28e7fd3826c580fa8ad1f6ba0", + "format": 1 + }, + { "name": "roles/mongodb_linux/vars/RedHat.yml", "ftype": "file", "chksum_type": "sha256", @@ -1355,7 +1418,7 @@ "name": "roles/mongodb_linux/README.md", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "63c1aafaf9e96e1b5af474e2ae294424374cd0ddc0f2b9168ee423bf577a38eb", + "chksum_sha256": "f5aa2b290ead1c5bc566f8090cf8158f709b391d6c505a06c79792f2f3013e13", "format": 1 }, { @@ -1376,7 +1439,7 @@ "name": "roles/mongodb_mongod/defaults/main.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "3fd9448c9f2e71d1392c3204ce01532404b663397b8a38dd475a3b908a8a06d7", + "chksum_sha256": "9393e6e14e1beae42490926c6a614768816c3755f880f6a01e0524386358a0b0", "format": 1 }, { @@ -1390,7 +1453,7 @@ "name": "roles/mongodb_mongod/handlers/main.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "662a28d9c1fd7469e827f9c7cba697264223ccddf694c130d05123e531078b1b", + "chksum_sha256": "3e6b2158c8e1234c3ae1f3014245b0484006a532a8aca06f93b07dc83e411447", "format": 1 }, { @@ -1439,21 +1502,21 @@ "name": "roles/mongodb_mongod/molecule/custom_db_path/tests/test_default.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "a1329ddc753d95bb5b6a419239dd11b04458d311b7c887383209fca998d2e7e1", + "chksum_sha256": "114708df31e1ae006de36e6da5855dc27e2364ed5d59fcd479c5df011568bb4a", "format": 1 }, { "name": "roles/mongodb_mongod/molecule/custom_db_path/molecule.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "a755fd15a10b01e97988e46729fa0778559f1ae60113cb225d5b9888ae5830ac", + "chksum_sha256": "b0f6a68a3bc235970237258b0e194ed94fae205efebe453a6c9f20addd5a5ce0", "format": 1 }, { "name": "roles/mongodb_mongod/molecule/custom_db_path/playbook.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "f00bd99f8c6f8a3846cc888ed647c62bd78e1f80919a27b4d7c7760d81b81bd3", + "chksum_sha256": "255483b7cc0083dc8dfd74a643d66773878ed4424a5d2c2a58f0e549c8921b81", "format": 1 }, { @@ -1488,21 +1551,21 @@ "name": "roles/mongodb_mongod/molecule/default/tests/test_default.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "17805508cb475efa6ef5db20800b4a5a579c821d410bae36a35bd146ca6fa3e1", + "chksum_sha256": "2cc045495253d0c39609fa814d0911454c25a829c98e6038a7791cf54723cc71", "format": 1 }, { "name": "roles/mongodb_mongod/molecule/default/molecule.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "994424e997851f791720fba34b6b65eb6afbc38c82d0dee086fcd7078275a9e6", + "chksum_sha256": "e1b801f8421f73a84b91e8eb1b091e3edc7b169ac8f245d2f0da97b0d35b7d71", "format": 1 }, { "name": "roles/mongodb_mongod/molecule/default/playbook.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "63a19a9b4f08c1266695faaba9e54dbedd28e3dcc8c6787e64766ba8bb417761", + "chksum_sha256": "192e372a1908bcf0ec54b8c52eb459db79529fe098210c07b42363c62f52443a", "format": 1 }, { @@ -1537,21 +1600,21 @@ "name": "roles/mongodb_mongod/molecule/multiple_bind_ip/tests/test_default.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "ecc1e7f77b43b5e6a46e171a9a2bf2b63ffa4d83f38ef1a721f10ccf8f4bb7a8", + "chksum_sha256": "4bcab44a1f135f5a657ed3149112fd3321a6a63591ef60a5669fa690da892b31", "format": 1 }, { "name": "roles/mongodb_mongod/molecule/multiple_bind_ip/molecule.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "7e577d75e184d4b8f9a43b00e9dacc2f228a308a1bd6c19a5eb2692856e53ec8", + "chksum_sha256": "4bd4d98c03f8cd3c6d8ce974474df1a038b73cbf0e0c1da9aa0090ae531ef0a4", "format": 1 }, { "name": "roles/mongodb_mongod/molecule/multiple_bind_ip/playbook.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "b51c6a694115163ce2b6812c3c520723a8f7c45dd5b779172d12ad7fa5635edc", + "chksum_sha256": "a746b663a752a435a6490632389476a1f502e138886c66fff49cccdc1e068f9e", "format": 1 }, { @@ -1611,10 +1674,17 @@ "format": 1 }, { + "name": "roles/mongodb_mongod/tasks/logrotate.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "118a6c4770ac2a3880516cbb8b4cf84bb8e03bf0500a3736f8bc1928312d7c35", + "format": 1 + }, + { "name": "roles/mongodb_mongod/tasks/main.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "52dbf388253cdfc09243b8f3de0ca28f274a82c89e325ab18bbd8aafb5b743a8", + "chksum_sha256": "e14ef77e6676c1e39f5be07eeb2392027fb4fb88676c608deb75607e23823018", "format": 1 }, { @@ -1628,7 +1698,14 @@ "name": "roles/mongodb_mongod/templates/mongod.conf.j2", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "13f379130e1e18bbc1e0819207beeb4f26d4a52b192fa75de3f125db0390862c", + "chksum_sha256": "7640c7f81cf31e93dc02bb1e1b5099ddc1f9b555e5109190f2c252fed81f4b43", + "format": 1 + }, + { + "name": "roles/mongodb_mongod/templates/mongodb.logrotate.j2", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "21ad67a4b7659d49e8d7d0c4533c02b84f1e5d233c427034eaebe0458897096b", "format": 1 }, { @@ -1677,7 +1754,7 @@ "name": "roles/mongodb_mongod/README.md", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "4d0e53aee8b83c06980a6350923a8a0e1c6d55e9a48409c21e5c3a0a9a587571", + "chksum_sha256": "b1476365276bea045940d237a5aabeec55bb9b33c084e4eb11f898e19a137066", "format": 1 }, { @@ -1698,7 +1775,7 @@ "name": "roles/mongodb_mongos/defaults/main.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "01ab55998e3208feebf702cb0e3ffc97cf4f603e5086e994054f2735ba3078bf", + "chksum_sha256": "688a38955cb3af4ad91934f5dc605591b9ea7b4ff4409d52c6d467d353ac42e1", "format": 1 }, { @@ -1768,21 +1845,21 @@ "name": "roles/mongodb_mongos/molecule/default/molecule.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "702b696ccd89d34c943a966e4185e2473eb9a0f1621411584c08499f16c55a93", + "chksum_sha256": "0a092e14ce32979f4898440305e2b6deb139b6e1111d1a2e4931c031cf5d409d", "format": 1 }, { "name": "roles/mongodb_mongos/molecule/default/playbook.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "89c6e68e43761ba1c1561cb77854e7e79b32726ee4f03d1d7f7e185ca0bf8883", + "chksum_sha256": "531b36ee51c7dbce56828f34f361a11cdbe8be1ab3467886e19c95afd592ad67", "format": 1 }, { "name": "roles/mongodb_mongos/molecule/default/prepare.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "158c7741dc6b3aab715292c41dcf01fabbebf01638c97446589ab877ffe22491", + "chksum_sha256": "e00402f4e6a834f23823890627199c922e4a9de4f4a7a94cd872e915036afbd2", "format": 1 }, { @@ -1852,7 +1929,7 @@ "name": "roles/mongodb_mongos/templates/mongos.conf.j2", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "3dca1de18243e57265866cd9b9b851dac3a1941fdf8da97e93d1c57643108d5f", + "chksum_sha256": "fbd7af556a9778eeccce3b0b345a8d2644eae92224393eb17522d9241673d7a7", "format": 1 }, { @@ -1908,7 +1985,7 @@ "name": "roles/mongodb_mongos/README.md", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "a13f2fab8aceb7e147ee8f691e050bc65bbf3f6f44495ce6217d567adcf58dd1", + "chksum_sha256": "46b03a9992c095fd3813f0aeb108042f0dca6d3034e95347a65b15ef3474ff0e", "format": 1 }, { @@ -1985,7 +2062,7 @@ "name": "roles/mongodb_repository/molecule/default/molecule.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "05560652ed31d566d085a225e2b5aeb50c66c54f9c943982fc7ecad4fd0cf4bf", + "chksum_sha256": "6e6d921129d528fcd553ea213e652cf3a37c3fe6fe95b57b470fa12ada407a84", "format": 1 }, { @@ -2146,7 +2223,7 @@ "name": "roles/mongodb_selinux/molecule/default/molecule.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "90f021d6adf7fe29b9140e6137c0c6c8afa0bdbdfbcb82014f4286d3d0ecf139", + "chksum_sha256": "d0b2f513f9d181359b54313f3542e9056262309f68f3dd8cd93eecaad6fbd746", "format": 1 }, { @@ -2293,7 +2370,7 @@ "name": "CHANGELOG.rst", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "17b50804c5b444656c29da757e68b4f9769a5a8eba9af7bdc772527943fccb05", + "chksum_sha256": "c81479be70033bb9abe13501e9c3eef37936cb74ea74bbfea1d83d9e685c2917", "format": 1 }, { @@ -2307,7 +2384,7 @@ "name": "README.md", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "3308be37a3b35aec4053a63147f24db66db009ab48f6c73c9eb976dcc2b4fa94", + "chksum_sha256": "30119dbbd021221c84f7447cee3fd266408933a599e51affa2fab12db835bd87", "format": 1 }, { diff --git a/ansible_collections/community/mongodb/MANIFEST.json b/ansible_collections/community/mongodb/MANIFEST.json index 4e225b112..8ae826436 100644 --- a/ansible_collections/community/mongodb/MANIFEST.json +++ b/ansible_collections/community/mongodb/MANIFEST.json @@ -2,7 +2,7 @@ "collection_info": { "namespace": "community", "name": "mongodb", - "version": "1.6.0", + "version": "1.7.2", "authors": [ "Ansible (https://github.com/ansible)", "Rhys Campbell (https://github.com/rhysmeister)", @@ -11,7 +11,8 @@ "Elliott Foster (http://fourkitchens.com)", "Loic Blot (http://www.infopro-digital.com/)", "Matt Martz (https://github.com/sivel)", - "Jacob Floyd (https://github.com/cognifloyd)" + "Jacob Floyd (https://github.com/cognifloyd)", + "Martin Schurz (https://github.com/schurzi)" ], "readme": "README.md", "tags": [ @@ -35,7 +36,7 @@ "name": "FILES.json", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "088440e2e1049c54446ad93e2ba9288528fd68f0451484b75ffbbbd6f0528e24", + "chksum_sha256": "4d1c58600e395dade74dad0a4e8ad949bda341bf224312202dcff67516a0a16e", "format": 1 }, "format": 1 diff --git a/ansible_collections/community/mongodb/README.md b/ansible_collections/community/mongodb/README.md index cd86c4322..caadf1e93 100644 --- a/ansible_collections/community/mongodb/README.md +++ b/ansible_collections/community/mongodb/README.md @@ -1,10 +1,8 @@ # MongoDB Version and PyMongoDB Version Compatibility -- This collection is tested against the most recent two minor MongoDB releases, currently 5.0.X and 6.0.X. -- ~This collection is tested against PyMongo version 3.12.X and latest.~ PyMongo 3.12.X dropped on 11.04.2023. Now PyMongo latest only. -- This collection will not run against any MongoDB version lower than 4.0. You can set *strict_compatibility* to false to override this behaviour but don't expect 100% success. It might be a better approach to use an older release of this collection (1.3.4 or earlier) if you're using an old MongoDB version (3.6 or earlier). +- This collection is tested against the most recent two minor MongoDB releases, currently 6.0.X and 7.0.X. +- PyMongo 3.12.X dropped on 11.04.2023. Now PyMongo latest only. - Compatibility may be maintained for older software versions but is not guaranteed. Please upgrade your PyMongo driver version if you encounter difficulties with older versions. -- ~Support for PyMongo versions less than 4.X will be dropped in the future.~ [Drop support for pymongo < 4.0?](https://github.com/ansible-collections/community.mongodb/issues/457) - Support for Pymongo < 4.0 now dropped from collection version 1.5.0 # Mongodb Collection |Category|Status| @@ -12,10 +10,6 @@ |Github CI|![CI](https://github.com/ansible-collections/community.mongodb/workflows/CI/badge.svg)| |Codecov|[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/community.mongodb)](https://codecov.io/gh/ansible-collections/community.mongodb)| |CI Roles|![CI_roles](https://github.com/ansible-collections/community.mongodb/workflows/CI_roles/badge.svg)| -|AutomatingMongoDBWithAnsible|[![CI-basic](https://github.com/rhysmeister/AutomatingMongoDBWithAnsible/actions/workflows/CI-basic.yml/badge.svg)](https://github.com/rhysmeister/AutomatingMongoDBWithAnsible/actions/workflows/CI-basic.yml)| -|AutomatingMongoDBWithAnsible|[![CI-etc](https://github.com/rhysmeister/AutomatingMongoDBWithAnsible/actions/workflows/CI-etc.yml/badge.svg)](https://github.com/rhysmeister/AutomatingMongoDBWithAnsible/actions/workflows/CI-etc.yml)| -|AutomatingMongoDBWithAnsible|[![CI-resync](https://github.com/rhysmeister/AutomatingMongoDBWithAnsible/actions/workflows/CI-resync.yml/badge.svg)](https://github.com/rhysmeister/AutomatingMongoDBWithAnsible/actions/workflows/CI-resync.yml)| -|AutomatingMongoDBWithAnsible|[![CI-upgrade-downgrade](https://github.com/rhysmeister/AutomatingMongoDBWithAnsible/actions/workflows/CI-upgrade-downgrade.yml/badge.svg)](https://github.com/rhysmeister/AutomatingMongoDBWithAnsible/actions/workflows/CI-upgrade-downgrade.yml)| |Latest Build|![Build & Publish Collection](https://github.com/ansible-collections/community.mongodb/workflows/Build%20&%20Publish%20Collection/badge.svg)| This collection called `mongodb` aims at providing all Ansible modules allowing to interact with MongoDB. @@ -58,7 +52,6 @@ These modules are for any MongoDB cluster (standalone, replicaset, or sharded): - `community.mongodb.mongodb_index`: Creates or drops indexes on MongoDB collections. - `community.mongodb.mongodb_info`: Gather information about MongoDB instance. -- `community.mongodb.mongodb_monitoring`: Manages the [free monitoring](https://docs.mongodb.com/manual/administration/free-monitoring/) feature. - `community.mongodb.mongodb_oplog`: [Resizes](https://docs.mongodb.com/manual/tutorial/change-oplog-size) the MongoDB oplog (MongoDB 3.6+ only). - `community.mongodb.mongodb_parameter`: Change an administrative parameter on a MongoDB server. - `community.mongodb.mongodb_role`: Manage [MongoDB Roles](https://www.mongodb.com/docs/upcoming/tutorial/manage-users-and-roles/). @@ -81,6 +74,12 @@ These modules are only useful for sharded MongoDB clusters: - `community.mongodb.mongodb_shard_tag`: Manage Shard Tags. - `community.mongodb.mongodb_shard_zone`: Manage Shard Zones. +These modules are only useful for MongoDB Atlas clusters: + +- `community.mongodb.mongodb_atlas_cluster`: Manage MongoDB clusters in Atlas. +- `community.mongodb.mongodb_atlas_ldap_user`: Manage LDAP users in Atlas. +- `community.mongodb.mongodb_atlas_user`: Manage users in Atlas. +- `community.mongodb.mongodb_atlas_whitelist`: Manage IP whitelists in Atlas. ## community.mongodb Role Tags @@ -111,6 +110,14 @@ These tags apply to the specific roles as indicated. |mongodb_auth|admin_user|Tasks that work with the MongoDB Administrator user.| |mongodb_auth|app_user|Tasks that work with MongoDB app users.| +## Usage Examples + +The following links provide various examples for how the community.mongodb roles and modules can be used in real projects. + +* https://github.com/rhysmeister/AutomatingMongoDBWithAnsible (no longer maintained) +* https://github.com/superset1/Ansible_role_mongodb +* https://github.com/ansible-collections/community.mongodb/tree/master/roles/ROLENAME/molecule (replace ROLENAME, some full examples that we use in our testing) + ## Running the integration and unit tests * Requirements @@ -133,14 +140,6 @@ mkdir -p git/ansible_collections/community cd git/ansible_collections/community ``` -# Usage Examples - -The following links provide various exampels for how the community.mongodb roles and modules can be used in real projects. - -* https://github.com/rhysmeister/AutomatingMongoDBWithAnsible (no longer maintained) -* https://github.com/superset1/Ansible_role_mongodb -* https://github.com/ansible-collections/community.mongodb/tree/master/roles/ROLENAME/molecule (replace ROLENAME, some full examples that we use in our testing) - * Clone the required projects. ```bash diff --git a/ansible_collections/community/mongodb/changelogs/changelog.yaml b/ansible_collections/community/mongodb/changelogs/changelog.yaml index 7ad33ab5c..7f608d606 100644 --- a/ansible_collections/community/mongodb/changelogs/changelog.yaml +++ b/ansible_collections/community/mongodb/changelogs/changelog.yaml @@ -199,8 +199,8 @@ releases: - 440 - Fix incorrect alias ssl_crlfile. - 450 - Fix issues with mongodb_replicaset connecting with the pymongo 4.0.X driver. minor_changes: - - 450 - mongodb_replicaset. Introduce cluster_cmd parameter. Can be set to isMaster or hello. - hello is the default. isMaster is useful for older versions of MongoDB. + - 450 - mongodb_replicaset. Introduce cluster_cmd parameter. Can be set to isMaster or hello. + hello is the default. isMaster is useful for older versions of MongoDB. See [db.hello()](https://www.mongodb.com/docs/manual/reference/method/db.hello/) for more. 1.3.4: release_summary: | @@ -212,7 +212,7 @@ releases: This release is a maintenance release. Pymongo versions 3.12.* or 4.* are now required. MongoDB version 4+ are also required but can be overriden if desired. major_changes: - 470 - Removes depreciated distutils package and require Pymongo 3.12+ and MongoDB 4+ - Adds a new parameter strict_compatibility (default true). + Adds a new parameter strict_compatibility (default true). Set to false to disable Pymongo and MongoDB requirements. 1.4.1: release_summary: | @@ -247,7 +247,7 @@ releases: - 540 mongodb_replicaset - replicaset member priority updates. - 488 mongodb_info - Better handling of json data types. modules: - - description: + - description: - Manage MongoDB User Roles (#530). name: mongodb_role namespace: community @@ -269,4 +269,64 @@ releases: This release is a maintenance release. minor_changes: - 569 - All pymongo modules - Better support for MongoDB Atlas. - - 568 - Minor documentation updates.
\ No newline at end of file + - 568 - Minor documentation updates. + 1.6.1: + release_summary: | + This release is a maintenance release. + minor_changes: + - 578 - mongodb_role - More robust comparison of user roles. + 1.6.2: + release_summary: | + This release is a maintenance release. + minor_changes: + - 583 - mongodb_linux - Add vars for RedHat 9 to role. + - 586 - mongodb_auth - Add ssl vars to role. + - 589 - mongodb_linux - Adds vars to better handle ntp package installation and handling. + - 588 - mongodb_linux - Default ntp system to systemd-timesyncd for Debian12. + - 593 - mongodb_linux - Add vm.max_map_count = 128000 sysctl config. + - 597 - mongodb_monitoring - Module has been deleted as Free Monitoring service has been stopped. + - 595 - mongodb_linux - Improvements to transparent_hugepage handling. + 1.6.3: + release_summary: | + This release is a maintenance release. + minor_changes: + - 600 - Remove delete module from README.md. + - 601 - mongodb_install - Fix issue with specific_mongodb_version on RedHat OS family. + 1.7.0: + release_summary: | + This release is a maintenance release. + minor_changes: + - 622 - mongodb_mongod - Allow systemd configuration override. + - 620 - mongodb_common - Use SSL constants in shared connection code. + - 609 - mongodb_mongod, mongodb_mongos, mongodb_config - support for allowConnectionsWithoutCertificates. + - 605 - mongodb_mongod, mongodb_mongos, mongodb_config - support for security.disabledProtocols. + bugfixes: + - 614 - mongodb_replicaset - Count voting members based on the sum of "votes" and using a comprehension list. + - 611 - mongodb_role - lambda function changed to support non-existing keys. + modules: + - description: + - Manage database clusters in Atlas (#612) + name: mongodb_atlas_cluster + namespace: community + - description: + - Manage LDAP users in Atlas (#612) + name: mongodb_atlas_ldap_user + namespace: community + - description: + - Manage database users in Atlas (#612) + name: mongodb_atlas_user + namespace: community + - description: + - Manage IP whitelists in Atlas (#612) + name: mongodb_atlas_whitelist + namespace: community + 1.7.1: + release_summary: | + This release is a maintenance release. + bugfixes: + - 631 - cache/mongodb.py - Support pymongo 4.0+. This plugin no longer support pymongo 3.12.*. + 1.7.2: + release_summary: | + This release is a maintenance release. + bugfixes: + - 638 - mongodb_replicaset - Allow module to update replicaset horizons. diff --git a/ansible_collections/community/mongodb/plugins/cache/mongodb.py b/ansible_collections/community/mongodb/plugins/cache/mongodb.py index b51b7b293..0fa7a2cd8 100644 --- a/ansible_collections/community/mongodb/plugins/cache/mongodb.py +++ b/ansible_collections/community/mongodb/plugins/cache/mongodb.py @@ -182,7 +182,7 @@ class CacheModule(BaseCacheModule): def contains(self, key): with self._collection() as collection: - return bool(collection.count({'_id': self._make_key(key)})) + return bool(collection.count_documents({'_id': self._make_key(key)})) def delete(self, key): del self._cache[key] diff --git a/ansible_collections/community/mongodb/plugins/doc_fragments/atlas_options.py b/ansible_collections/community/mongodb/plugins/doc_fragments/atlas_options.py new file mode 100644 index 000000000..dfdee3325 --- /dev/null +++ b/ansible_collections/community/mongodb/plugins/doc_fragments/atlas_options.py @@ -0,0 +1,54 @@ +# -*- coding: utf-8 -*- +# +# Copyright (c) 2021 T-Systems MMS +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# +# This module is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This software is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this software. If not, see <http://www.gnu.org/licenses/>. + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +class ModuleDocFragment(object): + # Documentation for global options that are always the same + DOCUMENTATION = r''' +options: + api_username: + description: + - The username for use in authentication with the Atlas API. + - Can use API users and tokens (public key is username) + type: str + required: True + aliases: [apiUsername] + api_password: + description: + - The password for use in authentication with the Atlas API. + - Can use API users and tokens (private key is password) + type: str + required: True + aliases: [apiPassword] + group_id: + description: + - Unique identifier for the Atlas project. + type: str + required: True + aliases: [groupId] + state: + description: + - State of the ressource. + choices: [ "present", "absent" ] + default: present + type: str +''' diff --git a/ansible_collections/community/mongodb/plugins/module_utils/mongodb_atlas.py b/ansible_collections/community/mongodb/plugins/module_utils/mongodb_atlas.py new file mode 100644 index 000000000..a32f3e1de --- /dev/null +++ b/ansible_collections/community/mongodb/plugins/module_utils/mongodb_atlas.py @@ -0,0 +1,220 @@ +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import json +from collections import defaultdict + +from ansible.module_utils.urls import fetch_url + +try: + from urllib import quote +except ImportError: + # noinspection PyCompatibility, PyUnresolvedReferences + from urllib.parse import ( + quote, + ) # pylint: disable=locally-disabled, import-error, no-name-in-module + + +class AtlasAPIObject: + module = None + + def __init__( + self, module, object_name, group_id, path, data, data_is_array=False + ): + self.module = module + self.path = path + self.data = data + self.group_id = group_id + self.object_name = object_name + self.data_is_array = data_is_array + + self.module.params["url_username"] = self.module.params["api_username"] + self.module.params["url_password"] = self.module.params["api_password"] + + def call_url(self, path, data="", method="GET"): + headers = { + "Accept": "application/json", + "Content-Type": "application/json", + } + + if self.data_is_array and data != "": + data = "[" + data + "]" + + url = ( + "https://cloud.mongodb.com/api/atlas/v1.0/groups/" + + self.group_id + + path + ) + rsp, info = fetch_url( + module=self.module, + url=url, + data=data, + headers=headers, + method=method, + ) + + content = "" + error = "" + if rsp and info["status"] not in (204, 404): + content = json.loads(rsp.read()) + if info["status"] >= 400: + try: + content = json.loads(info["body"]) + error = content["reason"] + if "detail" in content: + error += ". Detail: " + content["detail"] + except ValueError: + error = info["msg"] + if info["status"] < 0: + error = info["msg"] + return {"code": info["status"], "data": content, "error": error} + + def exists(self): + additional_path = "" + if self.path == "/databaseUsers": + additional_path = "/admin" + ret = self.call_url( + path=self.path + + additional_path + + "/" + + quote(self.data[self.object_name], "") + ) + if ret["code"] == 200: + return True + return False + + def create(self): + ret = self.call_url( + path=self.path, + data=self.module.jsonify(self.data), + method="POST", + ) + return ret + + def delete(self): + additional_path = "" + if self.path == "/databaseUsers": + additional_path = "/admin" + ret = self.call_url( + path=self.path + + additional_path + + "/" + + quote(self.data[self.object_name], ""), + method="DELETE", + ) + return ret + + def modify(self): + additional_path = "" + if self.path == "/databaseUsers": + additional_path = "/admin" + ret = self.call_url( + path=self.path + + additional_path + + "/" + + quote(self.data[self.object_name], ""), + data=self.module.jsonify(self.data), + method="PATCH", + ) + return ret + + def diff(self): + additional_path = "" + if self.path == "/databaseUsers": + additional_path = "/admin" + ret = self.call_url( + path=self.path + + additional_path + + "/" + + quote(self.data[self.object_name], ""), + method="GET", + ) + + data_from_atlas = json.loads(self.module.jsonify(ret["data"])) + data_from_task = json.loads(self.module.jsonify(self.data)) + + diff = defaultdict(dict) + for key, value in data_from_atlas.items(): + if key in data_from_task.keys() and value != data_from_task[key]: + diff["before"][key] = "{val}".format(val=value) + diff["after"][key] = "{val}".format(val=data_from_task[key]) + return diff + + def update(self, state): + changed = False + diff_result = {"before": "", "after": ""} + if self.exists(): + diff_result.update({"before": "state: present\n"}) + if state == "absent": + if self.module.check_mode: + diff_result.update({"after": "state: absent\n"}) + self.module.exit_json( + changed=True, + object_name=self.data[self.object_name], + diff=diff_result, + ) + else: + try: + ret = self.delete() + if ret["code"] == 204 or ret["code"] == 202: + changed = True + diff_result.update({"after": "state: absent\n"}) + else: + self.module.fail_json( + msg="bad return code while deleting: %d. Error message: %s" + % (ret["code"], ret["error"]) + ) + except Exception as e: + self.module.fail_json( + msg="exception when deleting: " + str(e) + ) + + else: + diff_result.update(self.diff()) + if self.module.check_mode: + if diff_result["after"] != "": + changed = True + self.module.exit_json( + changed=changed, + object_name=self.data[self.object_name], + data=self.data, + diff=diff_result, + ) + if diff_result["after"] != "": + if self.path == "/whitelist": + ret = self.create() + else: + ret = self.modify() + if ret["code"] == 200 or ret["code"] == 201: + changed = True + else: + self.module.fail_json( + msg="bad return code while modifying: %d. Error message: %s" + % (ret["code"], ret["error"]) + ) + + else: + diff_result.update({"before": "state: absent\n"}) + if state == "present": + if self.module.check_mode: + changed = True + diff_result.update({"after": "state: created\n"}) + else: + try: + ret = self.create() + if ret["code"] == 201: + changed = True + diff_result.update({"after": "state: created\n"}) + else: + self.module.fail_json( + msg="bad return code while creating: %d. Error message: %s" + % (ret["code"], ret["error"]) + ) + except Exception as e: + self.module.fail_json( + msg="exception while creating: " + str(e) + ) + return changed, diff_result diff --git a/ansible_collections/community/mongodb/plugins/module_utils/mongodb_common.py b/ansible_collections/community/mongodb/plugins/module_utils/mongodb_common.py index e1ab27293..2a748b96f 100644 --- a/ansible_collections/community/mongodb/plugins/module_utils/mongodb_common.py +++ b/ansible_collections/community/mongodb/plugins/module_utils/mongodb_common.py @@ -168,9 +168,9 @@ def rename_ssl_option_for_pymongo4(connection_options): when the driver use is >= PyMongo 4 """ if int(PyMongoVersion[0]) >= 4: - if connection_options.get('ssl_cert_reqs', None) == 'CERT_NONE': - connection_options['tlsAllowInvalidCertificates'] = False - elif connection_options.get('ssl_cert_reqs', None) == 'CERT_REQUIRED': + if connection_options.get('ssl_cert_reqs', None) in ('CERT_NONE', ssl_lib.CERT_NONE): + connection_options['tlsAllowInvalidCertificates'] = True + elif connection_options.get('ssl_cert_reqs', None) in ('CERT_REQUIRED', ssl_lib.CERT_REQUIRED): connection_options['tlsAllowInvalidCertificates'] = False connection_options.pop('ssl_cert_reqs', None) if connection_options.get('ssl_ca_certs', None) is not None: @@ -395,6 +395,7 @@ def member_dicts_different(conf, member_config): "hidden": False, "priority": {"nonarbiter": 1.0, "arbiter": 0}, "tags": {}, + "horizons": {}, "secondardDelaySecs": 0, "votes": 1 } diff --git a/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_cluster.py b/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_cluster.py new file mode 100644 index 000000000..e8aa6e43f --- /dev/null +++ b/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_cluster.py @@ -0,0 +1,238 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Copyright (c) 2020 T-Systems MMS +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# +# This module is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This software is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this software. If not, see <http://www.gnu.org/licenses/>. + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = ''' +--- +module: mongodb_atlas_cluster +short_description: Manage database clusters in Atlas +description: + - The clusters module provides access to your cluster configurations. + - The module lets you create, edit and delete clusters. + - L(API Documentation,https://docs.atlas.mongodb.com/reference/api/clusters/) +author: "Martin Schurz (@schurzi)" +extends_documentation_fragment: community.mongodb.atlas_options +options: + name: + description: + - Name of the cluster as it appears in Atlas. Once the cluster is created, its name cannot be changed. + type: str + required: True + mongo_db_major_version: + description: + - Version of the cluster to deploy. + - Atlas always deploys the cluster with the latest stable release of the specified version. + - You can upgrade to a newer version of MongoDB when you modify a cluster. + choices: [ "4.2", "4.4", "5.0", "6.0", "7.0" ] + type: str + aliases: [ "mongoDBMajorVersion" ] + cluster_type: + description: + - Type of the cluster that you want to create. + choices: [ "REPLICASET", "SHARDED" ] + default: "REPLICASET" + type: str + aliases: [ "clusterType" ] + replication_factor: + description: + - Number of replica set members. Each member keeps a copy of your databases, providing high availability and data redundancy. + choices: [ 3, 5, 7 ] + default: 3 + type: int + aliases: [ "replicationFactor" ] + auto_scaling: + description: + - Configure your cluster to automatically scale its storage and cluster tier. + suboptions: + disk_gb_enabled: + type: bool + description: + - Specifies whether disk auto-scaling is enabled. The default is true. + aliases: [ "diskGBEnabled" ] + required: False + type: dict + aliases: [ "autoScaling" ] + provider_settings: + description: + - Configuration for the provisioned servers on which MongoDB runs. + - The available options are specific to the cloud service provider. + suboptions: + provider_name: + required: True + type: str + description: + - Cloud service provider on which the servers are provisioned. + aliases: [ "providerName" ] + region_name: + required: True + type: str + description: + - Physical location of your MongoDB cluster. + aliases: [ "regionName" ] + instance_size_name: + required: True + type: str + description: + - Atlas provides different cluster tiers, each with a default storage capacity and RAM size. + - The cluster you select is used for all the data-bearing servers in your cluster tier. + aliases: [ "instanceSizeName" ] + required: True + type: dict + aliases: [ "providerSettings" ] + disk_size_gb: + description: + - Capacity, in gigabytes, of the host's root volume. Increase this number to add capacity, + up to a maximum possible value of 4096 (i.e., 4 TB). This value must be a positive integer. + type: int + aliases: [ "diskSizeGB" ] + provider_backup_enabled: + description: + - Flag that indicates if the cluster uses Cloud Backups for backups. + type: bool + aliases: [ "providerBackupEnabled" ] + pit_enabled: + description: + - Flag that indicates the cluster uses continuous cloud backups. + type: bool + aliases: [ "pitEnabled" ] +''' + +EXAMPLES = ''' + - name: test cluster + community.mongodb.mongodb_atlas_cluster: + api_username: "API_user" + api_password: "API_passwort_or_token" + group_id: "GROUP_ID" + name: "testcluster" + mongo_db_major_version: "4.0" + cluster_type: "REPLICASET" + provider_settings: + provider_name: "GCP" + region_name: "EUROPE_WEST_3" + instance_size_name: "M10" +... +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_atlas import ( + AtlasAPIObject, +) + + +# =========================================== +# Module execution. +# +def main(): + # add our own arguments + argument_spec = dict( + state=dict(default="present", choices=["absent", "present"]), + api_username=dict(required=True, aliases=['apiUsername']), + api_password=dict(required=True, no_log=True, aliases=['apiPassword']), + group_id=dict(required=True, aliases=['groupId']), + name=dict(required=True), + mongo_db_major_version=dict( + choices=["4.2", "4.4", "5.0", "6.0", "7.0"], + aliases=["mongoDBMajorVersion"] + ), + cluster_type=dict( + default="REPLICASET", choices=["REPLICASET", "SHARDED"], + aliases=["clusterType"] + ), + replication_factor=dict(default=3, type="int", choices=[3, 5, 7], aliases=["replicationFactor"]), + auto_scaling=dict( + type="dict", + options=dict( + disk_gb_enabled=dict(type="bool", aliases=["diskGBEnabled"]), + ), + aliases=["autoScaling"] + ), + provider_settings=dict( + type="dict", + required=True, + options=dict( + provider_name=dict(required=True, aliases=["providerName"]), + region_name=dict(required=True, aliases=["regionName"]), + instance_size_name=dict(required=True, aliases=["instanceSizeName"]), + ), + aliases=["providerSettings"] + ), + disk_size_gb=dict(type="int", aliases=["diskSizeGB"]), + provider_backup_enabled=dict(type="bool", aliases=["providerBackupEnabled"]), + pit_enabled=dict(type="bool", aliases=["pitEnabled"]), + ) + + # Define the main module + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + + data = { + "name": module.params["name"], + "clusterType": module.params["cluster_type"], + "replicationFactor": module.params["replication_factor"], + "providerSettings": { + "providerName": module.params["provider_settings"]["provider_name"], + "regionName": module.params["provider_settings"]["region_name"], + "instanceSizeName": module.params["provider_settings"]["instance_size_name"], + } + } + + # handle optional options + optional_vars = { + "mongo_db_major_version": "mongoDBMajorVersion", + "auto_scaling": "autoScaling", + "disk_size_gb": "diskSizeGB", + "provider_backup_enabled": "providerBackupEnabled", + "pit_enabled": "pitEnabled", + } + + for key in optional_vars: + if module.params[key] is not None: + if key == "auto_scaling": + data.update({optional_vars[key]: {"diskGBEnabled": module.params[key]["disk_gb_enabled"]}}) + else: + data.update({optional_vars[key]: module.params[key]}) + + try: + atlas = AtlasAPIObject( + module=module, + path="/clusters", + object_name="name", + group_id=module.params["group_id"], + data=data, + ) + except Exception as e: + module.fail_json( + msg="unable to connect to Atlas API. Exception message: %s" % e + ) + + changed, diff = atlas.update(module.params["state"]) + module.exit_json( + changed=changed, + data=atlas.data, + diff=diff, + ) + + +# import module snippets +if __name__ == "__main__": + main() diff --git a/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_ldap_user.py b/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_ldap_user.py new file mode 100644 index 000000000..e816a264c --- /dev/null +++ b/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_ldap_user.py @@ -0,0 +1,165 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Copyright (c) 2020 T-Systems MMS +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# +# This module is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This software is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this software. If not, see <http://www.gnu.org/licenses/>. + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = ''' +--- +module: mongodb_atlas_ldap_user +short_description: Manage LDAP users in Atlas +description: + - The mongodb_atlas_ldap_user module lets you create LDAP groups on the admin database by mapping LDAP groups to MongoDB roles on your Atlas databases. + - Each user or group has a set of roles that provide access to the project's databases. + - L(API Documentation,https://docs.atlas.mongodb.com/security-ldaps/) +author: "Martin Schurz (@schurzi) / Derek Giri" +extends_documentation_fragment: community.mongodb.atlas_options +options: + database_name: + description: + - Database against which Atlas authenticates the user. + choices: ["admin", "$external"] + default: "admin" + type: str + aliases: [ "databaseName" ] + ldap_auth_type: + description: + - Type of LDAP authorization for the user i.e. USER or GROUP + choices: ["GROUP", "USER"] + default: "GROUP" + type: str + aliases: [ "ldapAuthType" ] + username: + description: + - Username for authenticating to MongoDB. + required: true + type: str + roles: + description: + - Array of this user's roles and the databases / collections on which the roles apply. + - A role must include folliwing elements + suboptions: + database_name: + required: true + type: str + description: + - Database on which the user has the specified role. + - A role on the admin database can include privileges that apply to the other databases. + aliases: [ "databaseName" ] + role_name: + required: true + type: str + description: + - Name of the role. This value can either be a built-in role or a custom role. + aliases: ["roleName" ] + required: true + type: list + elements: dict +''' + +EXAMPLES = ''' + - name: LDAP Group or Username + community.mongodb.mongodb_atlas_ldap_user: + api_username: "API_user" + api_password: "API_passwort_or_token" + atlas_ldap_user: "USER DN or GROUP DN" + group_id: "GROUP_ID" + database_name: "admin" + username: my_app_user + roles: + - database_name: private_info + role_name: read + - database_name: public_info + role_name: readWrite +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_atlas import ( + AtlasAPIObject, +) + + +# =========================================== +# Module execution. +# +def main(): + # add our own arguments + argument_spec = dict( + state=dict(default="present", choices=["absent", "present"]), + api_username=dict(required=True, aliases=['apiUsername']), + api_password=dict(required=True, no_log=True, aliases=['apiPassword']), + group_id=dict(required=True, aliases=['groupId']), + ldap_auth_type=dict(default="GROUP", choices=["GROUP", "USER"], aliases=["ldapAuthType"]), + database_name=dict(default="admin", choices=["admin", "$external"], aliases=["databaseName"]), + username=dict(required=True), + roles=dict( + required=True, + type="list", + elements="dict", + options=dict( + database_name=dict(required=True, aliases=["databaseName"]), + role_name=dict(required=True, aliases=["roleName"]), + ), + ), + ) + + # Define the main module + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + + data = { + "databaseName": module.params["database_name"], + "ldapAuthType": module.params["ldap_auth_type"], + "username": module.params["username"], + "roles": [], + } + + # remap keys to API format + for role in module.params.get("roles"): + data["roles"].append({ + "databaseName": role.get("database_name"), + "roleName": role.get("role_name") + }) + + try: + atlas = AtlasAPIObject( + module=module, + path="/databaseUsers", + object_name="username", + group_id=module.params["group_id"], + data=data, + ) + except Exception as e: + module.fail_json( + msg="unable to connect to Atlas API. Exception message: %s" % e + ) + + changed, diff = atlas.update(module.params["state"]) + module.exit_json( + changed=changed, + data=atlas.data, + diff=diff, + ) + + +# import module snippets +if __name__ == "__main__": + main() diff --git a/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_user.py b/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_user.py new file mode 100644 index 000000000..ac8427b03 --- /dev/null +++ b/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_user.py @@ -0,0 +1,196 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Copyright (c) 2020 T-Systems MMS +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# +# This module is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This software is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this software. If not, see <http://www.gnu.org/licenses/>. + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = ''' +--- +module: mongodb_atlas_user +short_description: Manage database users in Atlas +description: + - The mongodb_atlas_user module lets you create, modify and delete the database users in your cluster. + - Each user has a set of roles that provide access to the project's databases. + - A user's roles apply to all the clusters in the project + - if two clusters have a products database and a user has a role granting read access on the products database, + - the user has that access on both clusters. + - L(API Documentation,https://docs.atlas.mongodb.com/reference/api/database-users/) +author: "Martin Schurz (@schurzi)" +extends_documentation_fragment: community.mongodb.atlas_options +options: + database_name: + description: + - Database against which Atlas authenticates the user. + choices: ["admin", "$external"] + default: "admin" + type: str + aliases: [ "databaseName" ] + username: + description: + - Username for authenticating to MongoDB. + required: true + type: str + password: + description: + - User's password. + required: true + type: str + roles: + description: + - Array of this user's roles and the databases / collections on which the roles apply. + - A role must include following elements + suboptions: + database_name: + required: true + type: str + description: + - Database on which the user has the specified role. + - A role on the admin database can include privileges that apply to the other databases. + aliases: [ "databaseName" ] + role_name: + required: true + type: str + description: + - Name of the role. This value can either be a built-in role or a custom role. + aliases: [ "roleName" ] + required: true + type: list + elements: dict + scopes: + description: + - List of clusters and Atlas Data Lakes that this user can access. + - Atlas grants database users access to all resources by default. + suboptions: + name: + required: true + type: str + description: + - Name of the cluster or Atlas Data Lake that the database user can access. + type: + type: str + choices: ["CLUSTER", "DATA_LAKE"] + default: "CLUSTER" + description: + - Type of resource that the database user can access. + required: false + default: [] + type: list + elements: dict +''' + +EXAMPLES = ''' + - name: test user + community.mongodb.mongodb_atlas_user: + api_username: "API_user" + api_password: "API_passwort_or_token" + group_id: "GROUP_ID" + username: my_app_user + password: SuperSecret! + roles: + - database_name: private_info + role_name: read + - database_name: public_info + role_name: readWrite +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_atlas import ( + AtlasAPIObject, +) + + +# =========================================== +# Module execution. +# +def main(): + # add our own arguments + argument_spec = dict( + state=dict(default="present", choices=["absent", "present"]), + api_username=dict(required=True, aliases=['apiUsername']), + api_password=dict(required=True, no_log=True, aliases=['apiPassword']), + group_id=dict(required=True, aliases=['groupId']), + database_name=dict(default="admin", choices=["admin", "$external"], aliases=["databaseName"]), + username=dict(required=True), + password=dict(required=True, no_log=True), + roles=dict( + required=True, + type="list", + elements="dict", + options=dict( + database_name=dict(required=True, aliases=["databaseName"]), + role_name=dict(required=True, aliases=["roleName"]), + ), + ), + scopes=dict( + required=False, + type="list", + elements="dict", + options=dict( + name=dict(required=True), + type=dict(default="CLUSTER", choices=["CLUSTER", "DATA_LAKE"]), + ), + default=[], + ), + ) + + # Define the main module + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + + data = { + "databaseName": module.params["database_name"], + "username": module.params["username"], + "password": module.params["password"], + "roles": [], + "scopes": module.params["scopes"], + } + + # remap keys to API format + for role in module.params.get("roles"): + data["roles"].append({ + "databaseName": role.get("database_name"), + "roleName": role.get("role_name") + }) + + try: + atlas = AtlasAPIObject( + module=module, + path="/databaseUsers", + object_name="username", + group_id=module.params["group_id"], + data=data, + ) + except Exception as e: + module.fail_json( + msg="unable to connect to Atlas API. Exception message: %s" % e + ) + + changed, diff = atlas.update(module.params["state"]) + module.exit_json( + changed=changed, + data=atlas.data, + diff=diff, + ) + + +# import module snippets +if __name__ == "__main__": + main() diff --git a/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_whitelist.py b/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_whitelist.py new file mode 100644 index 000000000..5354321a6 --- /dev/null +++ b/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_whitelist.py @@ -0,0 +1,111 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Copyright (c) 2020 T-Systems MMS +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# +# This module is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This software is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this software. If not, see <http://www.gnu.org/licenses/>. + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = ''' +--- +module: mongodb_atlas_whitelist +short_description: Manage IP whitelists in Atlas +description: + - The mongodb_atlas_whitelist module manages a Atlas project's IP whitelist. + - L(API Documentation,https://docs.atlas.mongodb.com/reference/api/whitelist/) +author: "Martin Schurz (@schurzi)" +extends_documentation_fragment: community.mongodb.atlas_options +options: + cidr_block: + description: + - Whitelist entry in Classless Inter-Domain Routing (CIDR) notation. + type: str + required: True + aliases: [ "cidrBlock" ] + comment: + description: + - Optional Comment associated with the whitelist entry. + type: str + default: "created by Ansible" +''' + +EXAMPLES = ''' + - name: test whitelist + community.mongodb.mongodb_atlas_whitelist: + api_username: "API_user" + api_password: "API_passwort_or_token" + group_id: "GROUP_ID" + cidr_block: "192.168.0.0/24" + comment: "test" +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.community.mongodb.plugins.module_utils.mongodb_atlas import ( + AtlasAPIObject, +) + + +# =========================================== +# Module execution. +# +def main(): + # add our own arguments + argument_spec = dict( + state=dict(default="present", choices=["absent", "present"]), + api_username=dict(required=True, aliases=['apiUsername']), + api_password=dict(required=True, no_log=True, aliases=['apiPassword']), + group_id=dict(required=True, aliases=['groupId']), + cidr_block=dict(required=True, aliases=["cidrBlock"]), + comment=dict(default="created by Ansible"), + ) + + # Define the main module + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + + data = { + "cidrBlock": module.params["cidr_block"], + "comment": module.params["comment"], + } + + try: + atlas = AtlasAPIObject( + module=module, + path="/whitelist", + object_name="cidrBlock", + group_id=module.params["group_id"], + data=data, + data_is_array=True, + ) + except Exception as e: + module.fail_json( + msg="unable to connect to Atlas API. Exception message: %s" % e + ) + + changed, diff = atlas.update(module.params["state"]) + module.exit_json( + changed=changed, + data=atlas.data, + diff=diff, + ) + + +# import module snippets +if __name__ == "__main__": + main() diff --git a/ansible_collections/community/mongodb/plugins/modules/mongodb_balancer.py b/ansible_collections/community/mongodb/plugins/modules/mongodb_balancer.py index 0e9b33a34..77ce37ed0 100644 --- a/ansible_collections/community/mongodb/plugins/modules/mongodb_balancer.py +++ b/ansible_collections/community/mongodb/plugins/modules/mongodb_balancer.py @@ -29,6 +29,8 @@ options: autosplit: description: - Disable or enable the autosplit flag in the config.settings collection. + - From MongoDB 6.1 automatic chunk splitting is not performed so this parameter is not valid in this and later versions. See more see [enableAutoSplit](https://www.mongodb.com/docs/manual/reference/method/sh.enableAutoSplit/). # noqa: E501 + - This parameter is deprecated and will be removed in a future release. required: false type: bool chunksize: diff --git a/ansible_collections/community/mongodb/plugins/modules/mongodb_monitoring.py b/ansible_collections/community/mongodb/plugins/modules/mongodb_monitoring.py deleted file mode 100644 index d399a9907..000000000 --- a/ansible_collections/community/mongodb/plugins/modules/mongodb_monitoring.py +++ /dev/null @@ -1,197 +0,0 @@ -#!/usr/bin/python - -# Copyright: (c) 2021, Rhys Campbell rhyscampbell@blueiwn.ch -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) - -from __future__ import absolute_import, division, print_function -__metaclass__ = type - - -DOCUMENTATION = r''' ---- -module: mongodb_monitoring -short_description: Manages the free monitoring feature. -description: - - Manages the free monitoring feature. - - Optionally return the monitoring url. -author: Rhys Campbell (@rhysmeister) -version_added: "1.3.0" - -extends_documentation_fragment: - - community.mongodb.login_options - - community.mongodb.ssl_options - -options: - state: - description: Manage the free monitoring feature. - type: str - choices: - - "started" - - "stopped" - default: "started" - return_url: - description: When true return the monitoring url if available. - type: bool - default: false - -notes: -- Requires the pymongo Python package on the remote host, version 2.4.2+. This - can be installed using pip or the OS package manager. @see U(http://api.mongodb.org/python/current/installation.html) -requirements: - - pymongo -''' - -EXAMPLES = r''' -- name: Enable monitoring - community.mongodb.mongodb_monitoring: - state: "started" - -- name: Disable monitoring - community.mongodb.mongodb_monitoring: - state: "stopped" - -- name: Enable monitoring and return the monitoring url - community.mongodb_monitoring: - state: "started" - return_url: "yes" -''' - -RETURN = r''' -changed: - description: Whether the monitoring status changed. - returned: success - type: bool -msg: - description: A short description of what happened. - returned: success - type: str -failed: - description: If something went wrong - returned: failed - type: bool -url: - description: The MongoDB instance Monitoring url. - returned: When requested and available. - type: str -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils._text import to_native -from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import ( - missing_required_lib, - mongodb_common_argument_spec, - PYMONGO_IMP_ERR, - pymongo_found, - mongo_auth, - get_mongodb_client, -) - -has_ordereddict = False -try: - from collections import OrderedDict - has_ordereddict = True -except ImportError as excep: - try: - from ordereddict import OrderedDict - has_ordereddict = True - except ImportError as excep: - pass - - -def stop_monitoring(client): - ''' - Stops MongoDB Free Monitoring - ''' - cmd_doc = OrderedDict([('setFreeMonitoring', 1), - ('action', 'disable')]) - client['admin'].command(cmd_doc) - - -def start_monitoring(client): - ''' - Stops MongoDB Free Monitoring - ''' - cmd_doc = OrderedDict([('setFreeMonitoring', 1), - ('action', 'enable')]) - client['admin'].command(cmd_doc) - - -def get_monitoring_status(client): - ''' - Gets the state of MongoDB Monitoring. - N.B. If Monitoring has never been enabled the - free_monitoring record in admin.system.version - will not yet exist. - ''' - monitoring_state = None - url = None - result = client["admin"]['system.version'].find_one({"_id": "free_monitoring"}) - if not result: - monitoring_state = "stopped" - else: - url = result["informationalURL"] - if result["state"] == "enabled": - monitoring_state = "started" - else: - monitoring_state = "stopped" - return monitoring_state, url - - -def main(): - argument_spec = mongodb_common_argument_spec() - argument_spec.update( - state=dict(type='str', default='started', choices=['started', 'stopped']), - return_url=dict(type='bool', default=False) - ) - - module = AnsibleModule( - argument_spec=argument_spec, - supports_check_mode=True, - required_together=[['login_user', 'login_password']], - ) - - if not has_ordereddict: - module.fail_json(msg='Cannot import OrderedDict class. You can probably install with: pip install ordereddict') - - if not pymongo_found: - module.fail_json(msg=missing_required_lib('pymongo'), - exception=PYMONGO_IMP_ERR) - - state = module.params['state'] - return_url = module.params['return_url'] - - try: - client = get_mongodb_client(module, directConnection=True) - client = mongo_auth(module, client, directConnection=True) - except Exception as e: - module.fail_json(msg='Unable to connect to database: %s' % to_native(e)) - - current_monitoring_state, url = get_monitoring_status(client) - result = {} - if state == "started": - if current_monitoring_state == "started": - result['changed'] = False - result['msg'] = "Free monitoring is already started" - else: - if module.check_mode is False: - start_monitoring(client) - result['changed'] = True - result['msg'] = "Free monitoring has been started" - else: - if current_monitoring_state == "started": - if module.check_mode is False: - stop_monitoring(client) - result['changed'] = True - result['msg'] = "Free monitoring has been stopped" - else: - result['changed'] = False - result['msg'] = "Free monitoring is already stopped" - - if return_url and url: - result['url'] = url - - module.exit_json(**result) - - -if __name__ == '__main__': - main() diff --git a/ansible_collections/community/mongodb/plugins/modules/mongodb_replicaset.py b/ansible_collections/community/mongodb/plugins/modules/mongodb_replicaset.py index d0baf661e..d6cdaae26 100644 --- a/ansible_collections/community/mongodb/plugins/modules/mongodb_replicaset.py +++ b/ansible_collections/community/mongodb/plugins/modules/mongodb_replicaset.py @@ -554,8 +554,11 @@ def main(): debug = module.params['debug'] cluster_cmd = module.params['cluster_cmd'] + # Count voting members + voting_members = sum([1 if not isinstance(m, dict) or m.get("votes", 1) == 1 else 0 for m in members]) + if validate and reconfigure is False: - if len(members) <= 2 or len(members) % 2 == 0: + if len(members) <= 2 or voting_members % 2 == 0: module.fail_json(msg="MongoDB Replicaset validation failed. Invalid number of replicaset members.") if arbiter_at_index is not None and len(members) - 1 < arbiter_at_index: module.fail_json(msg="MongoDB Replicaset validation failed. Invalid arbiter index.") diff --git a/ansible_collections/community/mongodb/plugins/modules/mongodb_role.py b/ansible_collections/community/mongodb/plugins/modules/mongodb_role.py index 012f553a0..23f653c32 100644 --- a/ansible_collections/community/mongodb/plugins/modules/mongodb_role.py +++ b/ansible_collections/community/mongodb/plugins/modules/mongodb_role.py @@ -303,8 +303,8 @@ def check_if_role_changed(client, role, db_name, privileges, authenticationRestr 'roles' not in role_dict and roles != []): changed = True elif ('authenticationRestrictions' in role_dict and - sorted(reformat_authenticationRestrictions, key=lambda x: (x['clientSource'], x['serverAddress'])) != - sorted(authenticationRestrictions, key=lambda x: (x['clientSource'], x['serverAddress'])) or + sorted(reformat_authenticationRestrictions, key=lambda x: (x.get('clientSource', ''), x.get('serverAddress', ''))) != + sorted(authenticationRestrictions, key=lambda x: (x.get('clientSource', ''), x.get('serverAddress', ''))) or 'authenticationRestrictions' not in role_dict and authenticationRestrictions != []): changed = True else: diff --git a/ansible_collections/community/mongodb/plugins/modules/mongodb_user.py b/ansible_collections/community/mongodb/plugins/modules/mongodb_user.py index eab0d186c..fee4c48c1 100644 --- a/ansible_collections/community/mongodb/plugins/modules/mongodb_user.py +++ b/ansible_collections/community/mongodb/plugins/modules/mongodb_user.py @@ -189,7 +189,6 @@ user: import os import traceback -from operator import itemgetter from ansible.module_utils.basic import AnsibleModule, missing_required_lib @@ -307,7 +306,7 @@ def check_if_roles_changed(uinfo, roles, db_name): roles_as_list_of_dict = make_sure_roles_are_a_list_of_dict(roles, db_name) uinfo_roles = uinfo.get('roles', []) - if sorted(roles_as_list_of_dict, key=itemgetter('db')) == sorted(uinfo_roles, key=itemgetter('db')): + if sorted(roles_as_list_of_dict, key=lambda roles: sorted(roles.items())) == sorted(uinfo_roles, key=lambda roles: sorted(roles.items())): return False return True diff --git a/ansible_collections/community/mongodb/roles/mongodb_auth/defaults/main.yml b/ansible_collections/community/mongodb/roles/mongodb_auth/defaults/main.yml index c34225a2a..59049bde2 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_auth/defaults/main.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_auth/defaults/main.yml @@ -26,3 +26,5 @@ mongodb_users: [] # Setting this to yes will result in 'changed' on every run, even if the password is the same. # See the comment in tasks/main.yml for more details. mongodb_force_update_password: no + +mongodb_use_tls: false
\ No newline at end of file diff --git a/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/molecule.yml index 8b614fb6a..dfb11aac4 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/molecule.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/molecule.yml @@ -15,8 +15,8 @@ platforms: privileged: True volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: ubuntu_18 - image: ubuntu:18.04 + - name: ubuntu_22_04 + image: ubuntu:22.04 command: /sbin/init privileged: True - name: ubuntu_22 diff --git a/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/playbook.yml b/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/playbook.yml index 46c4e8e2e..efbb70469 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/playbook.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/playbook.yml @@ -9,7 +9,7 @@ # initially disable authorization on some hosts hosts_with_auth_disabled: - - ubuntu_18 + - ubuntu_22_04 - ubuntu_22 # add some users for some of the hosts @@ -52,6 +52,17 @@ include_role: name: mongodb_auth + - name: Determine openssl version + command: openssl version + changed_when: false + register: openssl + + - name: Set mongosh package version + set_fact: + mongosh_package: "{{ 'mongodb-mongosh-shared-openssl3' if openssl.stdout.startswith('OpenSSL 3') else 'mongodb-mongosh-shared-openssl11' }}" + when: mongosh_package is not defined + - name: Install MongoDB Shell package: - name: mongodb-mongosh + name: + - "{{ mongosh_package }}" diff --git a/ansible_collections/community/mongodb/roles/mongodb_auth/tasks/main.yml b/ansible_collections/community/mongodb/roles/mongodb_auth/tasks/main.yml index d3775a1b7..eff6e4f31 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_auth/tasks/main.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_auth/tasks/main.yml @@ -94,6 +94,8 @@ database: admin roles: "{{ mongodb_admin_roles }}" + ssl: "{{ mongodb_use_tls }}" + ssl_ca_certs: "{{ mongodb_certificate_ca_file if mongodb_use_tls else omit }}" login_host: localhost login_port: "{{ mongod_port | string }}" # silence implicit int->str conversion warning create_for_localhost_exception: /root/mongodb_admin.success diff --git a/ansible_collections/community/mongodb/roles/mongodb_auth/tasks/mongodb_auth_user.yml b/ansible_collections/community/mongodb/roles/mongodb_auth/tasks/mongodb_auth_user.yml index e21dec073..5c0c930ba 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_auth/tasks/mongodb_auth_user.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_auth/tasks/mongodb_auth_user.yml @@ -18,6 +18,8 @@ database: "{{ _mongodb_user.db }}" roles: "{{ _mongodb_user.roles|default('readWrite') }}" + ssl: "{{ mongodb_use_tls }}" + ssl_ca_certs: "{{ mongodb_certificate_ca_file if mongodb_use_tls else omit }}" login_host: localhost login_port: "{{ mongod_port | string }}" # silence implicit int->str conversion warning login_user: "{{ mongodb_admin_user }}" diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/README.md b/ansible_collections/community/mongodb/roles/mongodb_config/README.md index 4ab33efcb..b5cd560a5 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_config/README.md +++ b/ansible_collections/community/mongodb/roles/mongodb_config/README.md @@ -6,25 +6,27 @@ A simple role to aid in setting up a CSRS Config Server Replicaset for a MongoDB Role Variables -------------- -* `config_port`: The port used by the mongos process. Default 27019. -* `mongod_service`: The name of the mongod service. Default mongod. -* `mongodb_user`: The Linux OS user for MongoDB. Default mongod. -* `mongodb_group`: The Linux OS user group for MongoDB. Default mongod. -* `pid_file`: The pid file for mongos. Default /run/mongodb/mongos.pid. -* `log_path`: Path of the log file. Default /var/log/mongodb/mongod.log. -* `bind_ip`: The IP address mongod will bind to. Default 0.0.0.0. -* `bind_ip_all`: Have mongod bind to all IP addresses instead of specifying `bind_ip`. Default false. -* `config_repl_set_name`: The replicaset name for the config servers. Default cfg. -* `authorization`: Enable authorization. Default enabled. +* `config_port`: The port used by the mongos process. Default `27019`. +* `mongod_service`: The name of the mongod service. Default `mongod`. +* `mongodb_user`: The Linux OS user for MongoDB. Default `mongod`. +* `mongodb_group`: The Linux OS user group for MongoDB. Default `mongod`. +* `pid_file`: The pid file for mongos. Default `/run/mongodb/mongos.pid`. +* `log_path`: Path of the log file. Default `/var/log/mongodb/mongod.log`. +* `bind_ip`: The IP address mongod will bind to. Default `0.0.0.0`. +* `bind_ip_all`: Have mongod bind to all IP addresses instead of specifying `bind_ip`. Default `false`. +* `config_repl_set_name`: The replicaset name for the config servers. Default `cfg`. +* `authorization`: Enable authorization. Default `enabled`. * `openssl_keyfile_content`: The kexfile content that MongoDB uses to authenticate within a replicaset. Generate with cmd: openssl rand -base64 756. -* `openssl_keyfile_path`: Put the openssl_keyfile at this path. Default: /etc/keyfile -* `mongod_package`: The name of the mongod installation package. Default mongodb-org-server. -replicaset: When enabled add a replication section to the configuration. Default true. +* `openssl_keyfile_path`: Put the openssl_keyfile at this path. Default: `/etc/keyfile`. +* `mongod_package`: The name of the mongod installation package. Default `mongodb-org-server`. +replicaset: When enabled add a replication section to the configuration. Default `true`. * `net_compressors`: If this is set, this sets `net.compression.compressors` in mongod.conf. -* `mongod_config_template`: If defined allows to override path to mongod config template with custom configuration. Default "mongod.conf.j2" +* `mongod_config_template`: If defined allows to override path to mongod config template with custom configuration. Default `mongod.conf.j2`. * `skip_restart`: If set to `true` will skip restarting mongod service when config file or the keyfile content changes. Default `true`. * `db_path`: Path to database data location. Default `/var/lib/mongodb` on Debian based distributions, `/var/lib/mongo` for others. -* `mongodb_use_tls`: Wether to use tls. Default false. +* `mongodb_use_tls`: Whether to use tls. Default `false`. +* `mongodb_disabled_tls_protocols`: The tls protocols to be disabled. Leave blank to let MongoDB decide which protocols to allow according to the ones available on the system; check the [official docs](https://www.mongodb.com/docs/v6.0/reference/configuration-options/#mongodb-setting-net.tls.disabledProtocols) for details. Default "". +* `mongodb_allow_connections_without_certificates`: When enabled allows to bypass the certificate validation for clients that do not present a certificate, if a certificate is provided it _must_ be valid. Default `false`. * `mongodb_certificate_key_file`: Path to the PEM-file containing the certficate and private key. * `mongodb_certificate_ca_file`: Path to the CA-file. diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/defaults/main.yml b/ansible_collections/community/mongodb/roles/mongodb_config/defaults/main.yml index 0460a8bd6..916d06725 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_config/defaults/main.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_config/defaults/main.yml @@ -32,3 +32,5 @@ mongod_config_template: "configsrv.conf.j2" skip_restart: true db_path: "{{ '/var/lib/mongodb' if ansible_os_family == 'Debian' else '/var/lib/mongo' if ansible_os_family == 'RedHat' else '/var/lib/mongo' }}" mongodb_use_tls: false +mongodb_disabled_tls_protocols: "" +mongodb_allow_connections_without_certificates: false diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/molecule.yml index 3dc8132e1..e9d686e54 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/molecule.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/molecule.yml @@ -19,9 +19,9 @@ platforms: networks: - name: "mymongo" network_mode: "mymongo" - - name: ubuntu_18 - hostname: ubuntu_18 - image: ubuntu:18.04 + - name: ubuntu_22_04 + hostname: ubuntu_22_04 + image: ubuntu:22.04 command: /sbin/init privileged: True networks: diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/playbook.yml b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/playbook.yml index eceb73444..bf89e498d 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/playbook.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/playbook.yml @@ -15,9 +15,20 @@ name: "{{ 'pymongo==3.12.*' if ansible_python_version[0:3] | float < 3.6 else 'pymongo' }}" when: ansible_hostname == "fedora" + - name: Determine openssl version + command: openssl version + changed_when: false + register: openssl + + - name: Set mongosh package version + set_fact: + mongosh_package: "{{ 'mongodb-mongosh-shared-openssl3' if openssl.stdout.startswith('OpenSSL 3') else 'mongodb-mongosh-shared-openssl11' }}" + when: mongosh_package is not defined + - name: Install MongoDB Shell package: - name: mongodb-mongosh + name: + - "{{ mongosh_package }}" - name: Init config server replicaset community.mongodb.mongodb_replicaset: @@ -28,7 +39,7 @@ members: - almalinux_8:27019 - fedora:27019 - - ubuntu_18:27019 + - ubuntu_22_04:27019 - debian_bullseye:27019 - ubuntu_22:27019 when: ansible_hostname == "fedora" diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/tests/test_default.py b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/tests/test_default.py index 99a541fd1..823197ea5 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/tests/test_default.py +++ b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/tests/test_default.py @@ -60,7 +60,7 @@ def test_mongod_replicaset(host): assert "cfg" in r.stdout assert "almalinux_8:{0}".format(port) in r.stdout assert "fedora:{0}".format(port) in r.stdout - assert "ubuntu_18:{0}".format(port) in r.stdout + assert "ubuntu_22_04:{0}".format(port) in r.stdout assert "ubuntu_22:{0}".format(port) in r.stdout assert "debian_bullseye:{0}".format(port) in r.stdout diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/molecule.yml index 3dc8132e1..e9d686e54 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/molecule.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/molecule.yml @@ -19,9 +19,9 @@ platforms: networks: - name: "mymongo" network_mode: "mymongo" - - name: ubuntu_18 - hostname: ubuntu_18 - image: ubuntu:18.04 + - name: ubuntu_22_04 + hostname: ubuntu_22_04 + image: ubuntu:22.04 command: /sbin/init privileged: True networks: diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/playbook.yml b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/playbook.yml index 42c89bad2..4f9d6ce29 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/playbook.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/playbook.yml @@ -13,9 +13,20 @@ name: "{{ 'pymongo==3.12.*' if ansible_python_version[0:3] | float < 3.6 else 'pymongo' }}" when: ansible_hostname == "fedora" + - name: Determine openssl version + command: openssl version + changed_when: false + register: openssl + + - name: Set mongosh package version + set_fact: + mongosh_package: "{{ 'mongodb-mongosh-shared-openssl3' if openssl.stdout.startswith('OpenSSL 3') else 'mongodb-mongosh-shared-openssl11' }}" + when: mongosh_package is not defined + - name: Install MongoDB Shell package: - name: mongodb-mongosh + name: + - "{{ mongosh_package }}" - name: Init config server replicaset community.mongodb.mongodb_replicaset: @@ -26,7 +37,7 @@ members: - almalinux_8:27019 - fedora:27019 - - ubuntu_18:27019 + - ubuntu_22_04:27019 - debian_bullseye:27019 - ubuntu_22:27019 when: ansible_hostname == "fedora" diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/tests/test_default.py b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/tests/test_default.py index fe7aecf16..89b86c207 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/tests/test_default.py +++ b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/tests/test_default.py @@ -60,7 +60,7 @@ def test_mongod_replicaset(host): assert "cfg" in r.stdout assert "almalinux_8:{0}".format(port) in r.stdout assert "fedora:{0}".format(port) in r.stdout - assert "ubuntu_18:{0}".format(port) in r.stdout + assert "ubuntu_22_04:{0}".format(port) in r.stdout assert "ubuntu_22:{0}".format(port) in r.stdout assert "debian_bullseye:{0}".format(port) in r.stdout diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/templates/configsrv.conf.j2 b/ansible_collections/community/mongodb/roles/mongodb_config/templates/configsrv.conf.j2 index afb06f641..192b3cbae 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_config/templates/configsrv.conf.j2 +++ b/ansible_collections/community/mongodb/roles/mongodb_config/templates/configsrv.conf.j2 @@ -41,6 +41,12 @@ net: mode: requireTLS certificateKeyFile: {{ mongodb_certificate_key_file }} CAFile: {{ mongodb_certificate_ca_file }} +{% if mongodb_disabled_tls_protocols != "" %} + disabledProtocols: {{ mongodb_disabled_tls_protocols }} +{% endif %} +{% if mongodb_allow_connections_without_certificates %} + allowConnectionsWithoutCertificates: true +{% endif %} {% endif %} {% if authorization == "enabled" %} diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/files/lock_mongodb_packages.sh b/ansible_collections/community/mongodb/roles/mongodb_install/files/lock_mongodb_packages.sh index 0c3e8e6f5..bbfff55c8 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_install/files/lock_mongodb_packages.sh +++ b/ansible_collections/community/mongodb/roles/mongodb_install/files/lock_mongodb_packages.sh @@ -8,13 +8,19 @@ HOLD="$1"; PACKAGE_NAME="mongodb-org*" if [[ "$HOLD" == "HOLD" ]]; then - if command -v yum &> /dev/null; then + if command -v dnf &> /dev/null; then + dnf install "dnf-command(versionlock)" + dnf versionlock "$PACKAGE_NAME" && touch /root/mongo_version_lock.success; + elif command -v yum &> /dev/null; then yum versionlock "$PACKAGE_NAME" && touch /root/mongo_version_lock.success; elif command -v apt-mark &> /dev/null; then apt-mark hold "$PACKAGE_NAME" && touch /root/mongo_version_lock.success; fi; elif [[ "$HOLD" == "NOHOLD" ]]; then - if command -v yum &> /dev/null; then + if command -v dnf &> /dev/null; then + dnf install "dnf-command(versionlock)" + dnf versionlock delete "$PACKAGE_NAME" || true && rm -rf /root/mongo_version_lock.success; + elif command -v yum &> /dev/null; then yum versionlock delete "$PACKAGE_NAME" || true && rm -rf /root/mongo_version_lock.success; elif command -v apt-mark &> /dev/null; then apt-mark unhold "$PACKAGE_NAME" && rm -rf /root/mongo_version_lock.success; diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/molecule.yml index 5258056e7..aab979c46 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/molecule.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/molecule.yml @@ -11,8 +11,8 @@ lint: platforms: - name: almalinux_8 image: almalinux:8 - - name: ubuntu_18 - image: ubuntu:18.04 + - name: ubuntu_22_04 + image: ubuntu:22.04 privileged: yes command: "/sbin/init" - name: ubuntu_22 diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/prepare.yml b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/prepare.yml new file mode 100644 index 000000000..1eec53a5c --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/prepare.yml @@ -0,0 +1,10 @@ +--- +- name: Prepare + hosts: all + become: yes + + tasks: + + - name: Install openssl + package: + name: "openssl"
\ No newline at end of file diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/molecule.yml index 4266ee65b..2767eee61 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/molecule.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/molecule.yml @@ -13,8 +13,8 @@ platforms: image: almalinux:8 - name: fedora image: fedora:37 - - name: ubuntu_18 - image: ubuntu:18.04 + - name: ubuntu_22_04 + image: ubuntu:22.04 - name: ubuntu_22 image: ubuntu:22.04 - name: debian_bullseye diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/prepare.yml b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/prepare.yml index 8a94ca7eb..bcc16f3f1 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/prepare.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/prepare.yml @@ -10,3 +10,7 @@ name: yum-plugin-versionlock state: present when: ansible_facts.os_family == "RedHat" + + - name: Install openssl + package: + name: "openssl"
\ No newline at end of file diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/tests/test_default.py b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/tests/test_default.py index 381a5823a..72893a0aa 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/tests/test_default.py +++ b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/tests/test_default.py @@ -17,8 +17,6 @@ def test_mongodb_packages_not_installed(host): assert p.is_installed p = host.package("mongodb-org-server") assert p.is_installed - p = host.package("mongodb-mongosh") - assert p.is_installed p = host.package("mongodb-org-mongos") assert p.is_installed p = host.package("mongodb-org-tools") diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/molecule.yml index 4266ee65b..2767eee61 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/molecule.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/molecule.yml @@ -13,8 +13,8 @@ platforms: image: almalinux:8 - name: fedora image: fedora:37 - - name: ubuntu_18 - image: ubuntu:18.04 + - name: ubuntu_22_04 + image: ubuntu:22.04 - name: ubuntu_22 image: ubuntu:22.04 - name: debian_bullseye diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/prepare.yml b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/prepare.yml index 325651e03..bcc16f3f1 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/prepare.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/prepare.yml @@ -9,4 +9,8 @@ yum: name: yum-plugin-versionlock state: present - when: ansible_facts.os_family == "RedHat"
\ No newline at end of file + when: ansible_facts.os_family == "RedHat" + + - name: Install openssl + package: + name: "openssl"
\ No newline at end of file diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/tests/test_default.py b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/tests/test_default.py index cd1fc5f79..2fc340c43 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/tests/test_default.py +++ b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/tests/test_default.py @@ -17,8 +17,6 @@ def test_mongodb_packages_installed(host): assert p.is_installed p = host.package("mongodb-org-server") assert p.is_installed - p = host.package("mongodb-mongosh") - assert p.is_installed p = host.package("mongodb-org-mongos") assert p.is_installed p = host.package("mongodb-org-tools") diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/molecule.yml index 3fdeb9123..6ee9a3814 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/molecule.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/molecule.yml @@ -9,14 +9,14 @@ lint: config-data: line-length: disable platforms: - #- name: almalinux_8 - # image: almalinux:8 yum seems broken for wildcard/version install for AL8 + - name: almalinux_8 + image: almalinux:8 #- name: fedora # image: fedora:37 ditto - - name: centos7 - image: centos:7 # Just here while the above two are broken - - name: ubuntu_18 - image: ubuntu:18.04 + #- name: centos7 + # image: centos:7 # Just here while the above two are broken + - name: ubuntu_22_04 + image: ubuntu:22.04 - name: ubuntu_22 image: ubuntu:22.04 - name: debian_bullseye diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/prepare.yml b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/prepare.yml new file mode 100644 index 000000000..1eec53a5c --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/prepare.yml @@ -0,0 +1,10 @@ +--- +- name: Prepare + hosts: all + become: yes + + tasks: + + - name: Install openssl + package: + name: "openssl"
\ No newline at end of file diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/tasks/main.yml b/ansible_collections/community/mongodb/roles/mongodb_install/tasks/main.yml index d43174fd3..02b71f82d 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_install/tasks/main.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_install/tasks/main.yml @@ -1,8 +1,23 @@ --- +- name: Determine openssl version + command: openssl version + changed_when: false + register: openssl + +- name: Set mongosh package version + set_fact: + mongosh_package: "{{ 'mongodb-mongosh-shared-openssl3' if openssl.stdout.startswith('OpenSSL 3') else 'mongodb-mongosh-shared-openssl11' }}" + when: mongosh_package is not defined + # tasks file for mongodb_install - name: Install MongoDB Packages package: - name: mongodb-org + name: + - "mongodb-org" + - "mongodb-org-server" + - "{{ mongosh_package }}" # variablized due to tls issue + - "mongodb-org-mongos" + - "mongodb-org-tools" state: present when: specific_mongodb_version is not defined register: _pkg @@ -15,7 +30,12 @@ - name: Install MongoDB Packages (Specific version) package: - name: "mongodb-org*{{ specific_mongodb_version }}" + name: + - "mongodb-org-{{ specific_mongodb_version }}" + - "mongodb-org-server-{{ specific_mongodb_version }}" + - "{{ mongosh_package }}" # variablized due to tls issue + - "mongodb-org-mongos-{{ specific_mongodb_version }}" + - "mongodb-org-tools-{{ specific_mongodb_version }}" state: present when: - specific_mongodb_version is defined @@ -37,7 +57,7 @@ name: - "mongodb-org={{ specific_mongodb_version }}" - "mongodb-org-server={{ specific_mongodb_version }}" - - "mongodb-mongosh" # mongosh package uses a new versioning number schema + - "{{ mongosh_package }}" # variablized due to tls issue - "mongodb-org-mongos={{ specific_mongodb_version }}" - "mongodb-org-tools={{ specific_mongodb_version }}" state: present diff --git a/ansible_collections/community/mongodb/roles/mongodb_linux/README.md b/ansible_collections/community/mongodb/roles/mongodb_linux/README.md index 7cc37be47..5a948d5c9 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_linux/README.md +++ b/ansible_collections/community/mongodb/roles/mongodb_linux/README.md @@ -17,8 +17,9 @@ Role Variables -------------- swappiness: OS swappiness value. Default "1". -ntp_package: Name of ntp package. Default ntp. -ntp_service: Name of ntp service. Default ntpd. +mongodb_ntp_package: Name of ntp package. Default depends on OS-specific vars. +mongodb_ntp_service: Name of ntp service. Default depends on OS-specific vars. +mongodb_gnu_c_lib: Name of the GNU C lib. Default depends on OS-specific vars. * On RedHat 8 and higher systems ntp_package and ntp_service are set to chrony and chronyd respectively. diff --git a/ansible_collections/community/mongodb/roles/mongodb_linux/defaults/main.yml b/ansible_collections/community/mongodb/roles/mongodb_linux/defaults/main.yml index 7b2a0a68b..14659e137 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_linux/defaults/main.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_linux/defaults/main.yml @@ -8,3 +8,7 @@ swappiness: "1" nproc_and_nofile_limit: 64000 # TODO: mongo suggests infinity here memlock_limit: 1024 + +mongodb_ntp_package: +mongodb_ntp_service: +mongodb_gnu_c_lib: diff --git a/ansible_collections/community/mongodb/roles/mongodb_linux/files/thp-disable.service b/ansible_collections/community/mongodb/roles/mongodb_linux/files/thp-disable.service index 3602ed7b4..b8b6ba38b 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_linux/files/thp-disable.service +++ b/ansible_collections/community/mongodb/roles/mongodb_linux/files/thp-disable.service @@ -1,5 +1,6 @@ [Unit] Description=Disable Transparent Huge Pages +ConditionPathIsDirectory=/sys/kernel/mm/transparent_hugepage [Service] Type=oneshot diff --git a/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/molecule.yml index 5d12cbb04..712209f4e 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/molecule.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/molecule.yml @@ -18,8 +18,8 @@ platforms: networks: - name: "mongodb_linux" network_mode: "mongodb_linux" - - name: ubuntu_18 - image: ubuntu:18.04 + - name: ubuntu_22_04 + image: ubuntu:22.04 command: /sbin/init privileged: True networks: diff --git a/ansible_collections/community/mongodb/roles/mongodb_linux/tasks/main.yml b/ansible_collections/community/mongodb/roles/mongodb_linux/tasks/main.yml index e8a61a394..70b223127 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_linux/tasks/main.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_linux/tasks/main.yml @@ -17,6 +17,12 @@ tags: - "vars" +- name: "Override variables from OS-specific configuration" + set_fact: + ntp_package: "{{ mongodb_ntp_package | default(ntp_package, true) }}" + ntp_service: "{{ mongodb_ntp_service | default(ntp_service, true) }}" + gnu_c_lib: "{{ mongodb_gnu_c_lib | default(gnu_c_lib, true) }}" + - name: See if we are in docker when: - "ansible_facts.virtualization_role == 'guest'" @@ -126,8 +132,14 @@ - "setup" - "service" +- name: Check if transparent_hugepage is enabled in the kernel + stat: + path: /sys/kernel/mm/transparent_hugepage + register: sys_thp + - name: Check if disable-transparent-huge-pages service is already run shell: cat /sys/kernel/mm/transparent_hugepage/enabled | grep -o '[never]' + when: sys_thp.stat.exists register: _huge_page_status ignore_errors: yes changed_when: _huge_page_status.stdout == "" @@ -141,7 +153,7 @@ name: disable-transparent-huge-pages state: started enabled: yes - when: (not in_docker|bool) and (_huge_page_status.stdout == "") + when: (not in_docker|bool) and (sys_thp.stat.exists) and (_huge_page_status.stdout == "") tags: - "linux" - "service" @@ -190,6 +202,7 @@ # TODO: These may need to be configurable for different usage patterns. - { "name": "vm.dirty_ratio", "value": "15" } - { "name": "vm.dirty_background_ratio", "value": "5" } + - { "name": "vm.max_map_count", "value": "128000" } - { "name": "net.core.somaxconn ", "value": "4096" } - { "name": "net.ipv4.tcp_fin_timeout", "value": "30" } - { "name": "net.ipv4.tcp_keepalive_intvl", "value": "30" } diff --git a/ansible_collections/community/mongodb/roles/mongodb_linux/vars/Debian-12.yml b/ansible_collections/community/mongodb/roles/mongodb_linux/vars/Debian-12.yml new file mode 100644 index 000000000..364a59345 --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_linux/vars/Debian-12.yml @@ -0,0 +1,5 @@ +--- +# Packages for Debian distros +ntp_package: systemd-timesyncd +ntp_service: systemd-timesyncd +gnu_c_lib: libc6 diff --git a/ansible_collections/community/mongodb/roles/mongodb_linux/vars/RedHat-9.yml b/ansible_collections/community/mongodb/roles/mongodb_linux/vars/RedHat-9.yml new file mode 100644 index 000000000..7e8077261 --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_linux/vars/RedHat-9.yml @@ -0,0 +1,5 @@ +--- +# Packages for RedHat-9 distros +ntp_package: chrony +ntp_service: chronyd +gnu_c_lib: glibc diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/README.md b/ansible_collections/community/mongodb/roles/mongodb_mongod/README.md index 51a801296..f2bf1d935 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_mongod/README.md +++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/README.md @@ -6,29 +6,34 @@ A simple role to aid in the setup of a MongoDB replicaset. Role Variables -------------- -* `mongod_port`: The port used by the mongod process. Default 27017. -* `mongod_service`: The name of the mongod service. Default mongod. -* `mongodb_user`: The Linux OS user for MongoDB. Default mongod. -* `mongodb_group`: The Linux OS user group for MongoDB. Default mongod. -* `bind_ip`: The IP address mongod will bind to. Default 0.0.0.0. -* `bind_ip_all`: Have mongod bind to all IP addresses instead of specifying `bind_ip`. Default false. -* `log_path`: Path of the log file. Default: /var/log/mongodb/mongod.log. -* `repl_set_name`: The name of the replicaset the member will participate in. Default rs0. -* `authorization`: Enable authorization. Default enabled. +* `mongod_port`: The port used by the mongod process. Default `27017`. +* `mongod_service`: The name of the mongod service. Default `mongod`. +* `mongodb_user`: The Linux OS user for MongoDB. Default `mongod`. +* `mongodb_group`: The Linux OS user group for MongoDB. Default `mongod`. +* `bind_ip`: The IP address mongod will bind to. Default `0.0.0.0`. +* `bind_ip_all`: Have mongod bind to all IP addresses instead of specifying `bind_ip`. Default `false`. +* `log_path`: Path of the log file. Default: `/var/log/mongodb/mongod.log`. +* `repl_set_name`: The name of the replicaset the member will participate in. Default `rs0`. +* `authorization`: Enable authorization. Default `enabled`. * `openssl_keyfile_content`: The keyfile content that MongoDB uses to authenticate within a replicaset. Generate with cmd: openssl rand -base64 756. -* `openssl_keyfile_path`: Put the openssl_keyfile at this path. Default: /etc/keyfile -* `mongodb_admin_user`: MongoDB admin username. Default admin. -* `mongodb_admin_pwd`: MongoDB admin password. Default admin. -* `mongod_package`: The mongod package to install. Default mongodb-org-server. -* `replicaset`: When enabled add a replication section to the configuration. Default true. -* `sharding`: If this replicaset member will form part of a sharded cluster. Default false. +* `openssl_keyfile_path`: Put the openssl_keyfile at this path. Default: `/etc/keyfile`. +* `mongodb_admin_user`: MongoDB admin username. Default `admin`. +* `mongodb_admin_pwd`: MongoDB admin password. Default `admin`. +* `mongod_package`: The mongod package to install. Default `mongodb-org-server`. +* `replicaset`: When enabled add a replication section to the configuration. Default `true`. +* `sharding`: If this replicaset member will form part of a sharded cluster. Default `false`. * `net_compressors`: If this is set, this sets `net.compression.compressors` in mongod.conf. -* `mongod_config_template`: If defined allows to override path to mongod config template with custom configuration. Default "mongod.conf.j2" +* `mongod_config_template`: If defined allows to override path to mongod config template with custom configuration. Default `mongod.conf.j2`. * `skip_restart`: If set to `true` will skip restarting mongod service when config file or the keyfile content changes. Default `true`. * `db_path`: Path to database data location. Default `/var/lib/mongodb` on Debian based distributions, `/var/lib/mongo` for others. -* `mongodb_use_tls`: Wether to use tls. Default false. +* `mongodb_use_tls`: Whether to use tls. Default `false`. +* `mongodb_disabled_tls_protocols`: The tls protocols to be disabled. Leave blank to let MongoDB decide which protocols to allow according to the ones available on the system; check the [official docs](https://www.mongodb.com/docs/v6.0/reference/configuration-options/#mongodb-setting-net.tls.disabledProtocols) for details. Default "". +* `mongodb_allow_connections_without_certificates`: When enabled allows to bypass the certificate validation for clients that do not present a certificate, if a certificate is provided it _must_ be valid. Default `false`. * `mongodb_certificate_key_file`: Path to the PEM-file containing the certficate and private key. * `mongodb_certificate_ca_file`: Path to the CA-file. +* `mongodb_logrotate_enabled`: Add logrotate configuration. Default: `false`. +* `mongodb_logrotate_template`: Jinja template for the logrotate configuration. Default `mongodb.logrotate.j2`. +* `mongodb_systemd_service_override`: Content of a file to override systemd configuration. IMPORTANT NOTE: It is expected that `mongodb_admin_user` & `mongodb_admin_pwd` values be overridden in your own file protected by Ansible Vault. These values are primary included here for Molecule/Travis CI integration. Any production environments should protect these values. For more information see [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html) diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/defaults/main.yml b/ansible_collections/community/mongodb/roles/mongodb_mongod/defaults/main.yml index b0d9da221..3fd788ec2 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_mongod/defaults/main.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/defaults/main.yml @@ -34,3 +34,15 @@ mongod_config_template: "mongod.conf.j2" skip_restart: true db_path: "{{ '/var/lib/mongodb' if ansible_os_family == 'Debian' else '/var/lib/mongo' if ansible_os_family == 'RedHat' else '/var/lib/mongo' }}" mongodb_use_tls: false +mongodb_disabled_tls_protocols: "" +mongodb_allow_connections_without_certificates: false +mongodb_logrotate_enabled: false +mongodb_logrotate_template: "mongodb.logrotate.j2" + +# Override systemd default configuration +# Some properties are not overridden: https://askubuntu.com/questions/659267/how-do-i-override-or-configure-systemd-services +# Examples: +# mongodb_systemd_service_override: | +# [Service] +# Restart=on-failure # Mongod will restart on-failure (by default mongod don't restart) +mongodb_systemd_service_override: "" diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/handlers/main.yml b/ansible_collections/community/mongodb/roles/mongodb_mongod/handlers/main.yml index 026817530..6653f9651 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_mongod/handlers/main.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/handlers/main.yml @@ -12,3 +12,8 @@ host: "{{ bind_ip | split(',') | first }}" port: "{{ mongod_port }}" when: not skip_restart + +- name: Reload systemd configuration + listen: daemon-reload + systemd: + daemon_reload: true diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/molecule.yml index e98e993dc..e3b8a0288 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/molecule.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/molecule.yml @@ -18,8 +18,8 @@ platforms: networks: - name: "mongod" network_mode: "mongod" - - name: ubuntu_18 - image: ubuntu:18.04 + - name: ubuntu_22_04 + image: ubuntu:22.04 command: /sbin/init privileged: True networks: diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/playbook.yml b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/playbook.yml index e0bee962e..6e7f5cbc7 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/playbook.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/playbook.yml @@ -15,9 +15,20 @@ name: "{{ 'pymongo==3.12.*' if ansible_python_version[0:3] | float < 3.6 else 'pymongo' }}" when: ansible_hostname == "fedora" + - name: Determine openssl version + command: openssl version + changed_when: false + register: openssl + + - name: Set mongosh package version + set_fact: + mongosh_package: "{{ 'mongodb-mongosh-shared-openssl3' if openssl.stdout.startswith('OpenSSL 3') else 'mongodb-mongosh-shared-openssl11' }}" + when: mongosh_package is not defined + - name: Install MongoDB Shell package: - name: mongodb-mongosh + name: + - "{{ mongosh_package }}" - name: Initialise replicaset community.mongodb.mongodb_replicaset: @@ -27,7 +38,7 @@ members: - almalinux_8:27017 - fedora:27017 - - ubuntu_18:27017 + - ubuntu_22_04:27017 - debian_bullseye:27017 - ubuntu_22:27017 when: ansible_hostname == "fedora" diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/tests/test_default.py b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/tests/test_default.py index 9aca8518e..4376de40c 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/tests/test_default.py +++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/tests/test_default.py @@ -64,7 +64,7 @@ def test_mongod_replicaset(host): assert "rs0" in r.stdout assert "almalinux_8:{0}".format(port) in r.stdout assert "fedora:{0}".format(port) in r.stdout - assert "ubuntu_18:{0}".format(port) in r.stdout + assert "ubuntu_22_04:{0}".format(port) in r.stdout assert "ubuntu_22:{0}".format(port) in r.stdout assert "debian_bullseye:{0}".format(port) in r.stdout diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/molecule.yml index 2cbd158c4..deb681763 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/molecule.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/molecule.yml @@ -18,8 +18,8 @@ platforms: networks: - name: "mongod" network_mode: "mongod" - - name: ubuntu_18 - image: ubuntu:18.04 + - name: ubuntu_22_04 + image: ubuntu:22.04 command: /sbin/init privileged: True networks: diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/playbook.yml b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/playbook.yml index 54b4def97..0ef97010b 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/playbook.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/playbook.yml @@ -13,9 +13,20 @@ name: "{{ 'pymongo==3.12.*' if ansible_python_version[0:3] | float < 3.6 else 'pymongo' }}" when: ansible_hostname == "fedora" + - name: Determine openssl version + command: openssl version + changed_when: false + register: openssl + + - name: Set mongosh package version + set_fact: + mongosh_package: "{{ 'mongodb-mongosh-shared-openssl3' if openssl.stdout.startswith('OpenSSL 3') else 'mongodb-mongosh-shared-openssl11' }}" + when: mongosh_package is not defined + - name: Install MongoDB Shell package: - name: mongodb-mongosh + name: + - "{{ mongosh_package }}" - name: Initialise replicaset community.mongodb.mongodb_replicaset: @@ -25,7 +36,7 @@ members: - almalinux_8:27017 - fedora:27017 - - ubuntu_18:27017 + - ubuntu_22_04:27017 - debian_bullseye:27017 - ubuntu_22:27017 when: ansible_hostname == "fedora" diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/tests/test_default.py b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/tests/test_default.py index 896f0ee58..6a68ce52c 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/tests/test_default.py +++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/tests/test_default.py @@ -64,7 +64,7 @@ def test_mongod_replicaset(host): assert "rs0" in r.stdout assert "almalinux_8:{0}".format(port) in r.stdout assert "fedora:{0}".format(port) in r.stdout - assert "ubuntu_18:{0}".format(port) in r.stdout + assert "ubuntu_22_04:{0}".format(port) in r.stdout assert "ubuntu_22:{0}".format(port) in r.stdout assert "debian_bullseye:{0}".format(port) in r.stdout diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/molecule.yml index b3f2e1199..20a80cfc7 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/molecule.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/molecule.yml @@ -18,8 +18,8 @@ platforms: networks: - name: "mongod" network_mode: "mongod" - - name: ubuntu_18 - image: ubuntu:18.04 + - name: ubuntu_22_04 + image: ubuntu:22.04 command: /sbin/init privileged: True networks: diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/playbook.yml b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/playbook.yml index ba1a7f28a..7593d0781 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/playbook.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/playbook.yml @@ -16,9 +16,20 @@ name: "{{ 'pymongo==3.12.*' if ansible_python_version[0:3] | float < 3.6 else 'pymongo' }}" when: ansible_hostname == "fedora" + - name: Determine openssl version + command: openssl version + changed_when: false + register: openssl + + - name: Set mongosh package version + set_fact: + mongosh_package: "{{ 'mongodb-mongosh-shared-openssl3' if openssl.stdout.startswith('OpenSSL 3') else 'mongodb-mongosh-shared-openssl11' }}" + when: mongosh_package is not defined + - name: Install MongoDB Shell package: - name: mongodb-mongosh + name: + - "{{ mongosh_package }}" - name: Initialise replicaset community.mongodb.mongodb_replicaset: @@ -28,7 +39,7 @@ members: - almalinux_8:27017 - fedora:27017 - - ubuntu_18:27017 + - ubuntu_22_04:27017 - debian_bullseye:27017 - ubuntu_22:27017 when: ansible_hostname == "fedora" diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/tests/test_default.py b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/tests/test_default.py index 6f54d5aad..adc23cda5 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/tests/test_default.py +++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/tests/test_default.py @@ -64,7 +64,7 @@ def test_mongod_replicaset(host): assert "rs0" in r.stdout assert "almalinux_8:{0}".format(port) in r.stdout assert "fedora:{0}".format(port) in r.stdout - assert "ubuntu_18:{0}".format(port) in r.stdout + assert "ubuntu_22_04:{0}".format(port) in r.stdout assert "ubuntu_22:{0}".format(port) in r.stdout assert "debian_bullseye:{0}".format(port) in r.stdout diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/tasks/logrotate.yml b/ansible_collections/community/mongodb/roles/mongodb_mongod/tasks/logrotate.yml new file mode 100644 index 000000000..e72fa33d2 --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/tasks/logrotate.yml @@ -0,0 +1,9 @@ +--- +- name: Install logrotate configuration + ansible.builtin.template: + src: "{{ mongodb_logrotate_template }}" + dest: /etc/logrotate.d/mongod + tags: + - "mongodb" + - "setup" + - "service" diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/tasks/main.yml b/ansible_collections/community/mongodb/roles/mongodb_mongod/tasks/main.yml index bd1eb944d..1f1072a63 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_mongod/tasks/main.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/tasks/main.yml @@ -64,6 +64,30 @@ - "mongodb" - "setup" +- name: Override mongod service + when: mongodb_systemd_service_override | length > 0 + tags: + - "mongodb" + - "setup" + - "service" + block: + - name: "Create {{ mongod_service }}.service.d directory" + file: + path: "/etc/systemd/system/{{ mongod_service }}.service.d/" + state: directory + owner: root + group: root + mode: 0755 + + - name: Override mongod service from provided content + copy: + content: "{{ mongodb_systemd_service_override }}" + dest: "/etc/systemd/system/{{ mongod_service }}.service.d/override.conf" + owner: root + group: root + mode: 0644 + notify: daemon-reload + - name: Check for github override set_fact: x_github_override: "{{ lookup('env', 'X_GITHUB_OVERRIDE') | default('0', True) }}" @@ -79,6 +103,15 @@ - "mongodb" - "setup" - "service" + +- name: Configure logrotate if enabled + when: mongodb_logrotate_enabled + ansible.builtin.include_tasks: logrotate.yml + tags: + - "mongodb" + - "setup" + - "service" + # debug section - pause: seconds: 5 diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/templates/mongod.conf.j2 b/ansible_collections/community/mongodb/roles/mongodb_mongod/templates/mongod.conf.j2 index 9ff5a5dec..cd2d1f0fc 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_mongod/templates/mongod.conf.j2 +++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/templates/mongod.conf.j2 @@ -8,6 +8,9 @@ systemLog: destination: file logAppend: true path: {{ log_path }} +{% if mongodb_logrotate_enabled %} + logRotate: reopen +{% endif %} # Where and how to store data. storage: @@ -41,6 +44,12 @@ net: mode: requireTLS certificateKeyFile: {{ mongodb_certificate_key_file }} CAFile: {{ mongodb_certificate_ca_file }} +{% if mongodb_disabled_tls_protocols != "" %} + disabledProtocols: {{ mongodb_disabled_tls_protocols }} +{% endif %} +{% if mongodb_allow_connections_without_certificates %} + allowConnectionsWithoutCertificates: true +{% endif %} {% endif %} {% if authorization == "enabled" %} diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/templates/mongodb.logrotate.j2 b/ansible_collections/community/mongodb/roles/mongodb_mongod/templates/mongodb.logrotate.j2 new file mode 100644 index 000000000..4cecbcadd --- /dev/null +++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/templates/mongodb.logrotate.j2 @@ -0,0 +1,14 @@ +{{ log_path }} { + daily + size 100M + rotate 5 + missingok + compress + delaycompress + notifempty + create 640 {{ mongodb_user }} {{ mongodb_group }} + sharedscripts + postrotate + /bin/kill -SIGUSR1 `pidof {{ mongod_service }} 2>/dev/null` >/dev/null 2>&1 + endscript +} diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/README.md b/ansible_collections/community/mongodb/roles/mongodb_mongos/README.md index 414246781..de935f0b6 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_mongos/README.md +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/README.md @@ -13,24 +13,26 @@ good idea to mention in this section that the boto package is required. Role Variables -------------- -* `mongos_port`: The port used by the mongos process. Default 27017. -* `mongos_service`: The name of the mongos service. Default mongos. -* `mongodb_user`: The Linux OS user for MongoDB. Default mongod. -* `mongodb_group`: The Linux OS user group for MongoDB. Default mongod. -* `pid_file`: The pid file for mongos. Default /run/mongodb/mongos.pid. -* `bind_ip`: The IP address mongos will bind to. Default 0.0.0.0. -* `bind_ip_all`: Have mongos bind to all IP addresses instead of specifying `bind_ip`. Default false. -* `log_path`: Path of the log file. Default: /var/log/mongodb/mongos.log. -* `mypy`: Python interpretor. Default python -* `mongos_package`: The name of the mongos installation package. Default mongodb-org-mongos. -* `config_repl_set_name`: The name of the config server replicaset. Default cfg. +* `mongos_port`: The port used by the mongos process. Default `27017`. +* `mongos_service`: The name of the mongos service. Default `mongos`. +* `mongodb_user`: The Linux OS user for MongoDB. Default `mongod`. +* `mongodb_group`: The Linux OS user group for MongoDB. Default `mongod`. +* `pid_file`: The pid file for mongos. Default `/run/mongodb/mongos.pid`. +* `bind_ip`: The IP address mongos will bind to. Default `0.0.0.0`. +* `bind_ip_all`: Have mongos bind to all IP addresses instead of specifying `bind_ip`. Default `false`. +* `log_path`: Path of the log file. Default: `/var/log/mongodb/mongos.log`. +* `mypy`: Python interpretor. Default `python`. +* `mongos_package`: The name of the mongos installation package. Default `mongodb-org-mongos`. +* `config_repl_set_name`: The name of the config server replicaset. Default `cfg`. * `config_servers`: "config1:27019, config2:27019, config3:27019" * `openssl_keyfile_content`: The kexfile content that MongoDB uses to authenticate within a replicaset. Generate with cmd: openssl rand -base64 756. -* `openssl_keyfile_path`: Put the openssl_keyfile at this path. Default: /etc/keyfile +* `openssl_keyfile_path`: Put the openssl_keyfile at this path. Default: `/etc/keyfile`. * `net_compressors`: If this is set, this sets `net.compression.compressors` in mongos.conf. -* `mongos_config_template`: If defined allows to override path to mongod config template with custom configuration. Default "mongos.conf.j2" +* `mongos_config_template`: If defined allows to override path to mongod config template with custom configuration. Default `mongos.conf.j2`. * `skip_restart`: If set to `true` will skip restarting mongos service when config file or the keyfile content changes. Default `true`. -* `mongodb_use_tls`: Wether to use tls. Default false. +* `mongodb_use_tls`: Whether to use tls. Default `false`. +* `mongodb_disabled_tls_protocols`: The tls protocols to be disabled. Leave blank to let MongoDB decide which protocols to allow according to the ones available on the system; check the [official docs](https://www.mongodb.com/docs/v6.0/reference/configuration-options/#mongodb-setting-net.tls.disabledProtocols) for details. Default "". +* `mongodb_allow_connections_without_certificates`: When enabled allows to bypass the certificate validation for clients that do not present a certificate, if a certificate is provided it _must_ be valid. Default `false`. * `mongodb_certificate_key_file`: Path to the PEM-file containing the certficate and private key. * `mongodb_certificate_ca_file`: Path to the CA-file. diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/defaults/main.yml b/ansible_collections/community/mongodb/roles/mongodb_mongos/defaults/main.yml index 6d91e8814..0ca7f0371 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_mongos/defaults/main.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/defaults/main.yml @@ -31,3 +31,5 @@ net_compressors: null mongos_config_template: "mongos.conf.j2" skip_restart: true mongodb_use_tls: false +mongodb_disabled_tls_protocols: "" +mongodb_allow_connections_without_certificates: false diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/molecule.yml index b361e644c..f1e8d4999 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/molecule.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/molecule.yml @@ -28,8 +28,8 @@ platforms: networks: - name: "mymongos" network_mode: "mymongos" - - name: ubuntu_18 - image: ubuntu:18.04 + - name: ubuntu_22_04 + image: ubuntu:22.04 command: /sbin/init privileged: True networks: @@ -50,7 +50,7 @@ platforms: # - name: "mymongos" # network_mode: "mymongos" - name: config1 - image: ubuntu:18.04 + image: ubuntu:22.04 command: /sbin/init privileged: True networks: diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/playbook.yml b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/playbook.yml index de0e856ba..cee69734a 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/playbook.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/playbook.yml @@ -26,9 +26,20 @@ name: "{{ 'pymongo==3.12.*' if ansible_python_version[0:3] | float < 3.6 else 'pymongo' }}" when: ansible_hostname == "config1" + - name: Determine openssl version + command: openssl version + changed_when: false + register: openssl + + - name: Set mongosh package version + set_fact: + mongosh_package: "{{ 'mongodb-mongosh-shared-openssl3' if openssl.stdout.startswith('OpenSSL 3') else 'mongodb-mongosh-shared-openssl11' }}" + when: mongosh_package is not defined + - name: Install MongoDB Shell package: - name: mongodb-mongosh + name: + - "{{ mongosh_package }}" - name: Init config server replicaset community.mongodb.mongodb_replicaset: diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/prepare.yml b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/prepare.yml index 40efdd033..d9a4dd252 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/prepare.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/prepare.yml @@ -20,4 +20,8 @@ ansible.builtin.package: name: "{{ redhat_packages }}" state: present - when: ansible_os_family == "RedHat"
\ No newline at end of file + when: ansible_os_family == "RedHat" + + - name: Install openssl + package: + name: openssl
\ No newline at end of file diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos.conf.j2 b/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos.conf.j2 index 6c61b8716..f9726f2f5 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos.conf.j2 +++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos.conf.j2 @@ -19,6 +19,12 @@ net: mode: requireTLS certificateKeyFile: {{ mongodb_certificate_key_file }} CAFile: {{ mongodb_certificate_ca_file }} +{% if mongodb_disabled_tls_protocols != "" %} + disabledProtocols: {{ mongodb_disabled_tls_protocols }} +{% endif %} +{% if mongodb_allow_connections_without_certificates %} + allowConnectionsWithoutCertificates: true +{% endif %} {% endif %} sharding: configDB: "{{ config_repl_set_name }}/{{ config_servers }}" diff --git a/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/default/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/default/molecule.yml index a750255f9..18ab8e812 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/default/molecule.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/default/molecule.yml @@ -11,8 +11,8 @@ lint: platforms: - name: almalinux_8 image: almalinux:8 - - name: ubuntu_18 - image: ubuntu:18.04 + - name: ubuntu_22_04 + image: ubuntu:22.04 - name: ubuntu_22 image: ubuntu:22.04 - name: debian_bullseye diff --git a/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/default/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/default/molecule.yml index 907a32abc..c54825da3 100644 --- a/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/default/molecule.yml +++ b/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/default/molecule.yml @@ -11,8 +11,8 @@ lint: platforms: - name: almalinux_8 image: almalinux:8 - - name: ubuntu_18 - image: ubuntu:18.04 + - name: ubuntu_22_04 + image: ubuntu:22.04 - name: ubuntu_22 image: ubuntu:22.04 - name: debian_bullseye |