summaryrefslogtreecommitdiffstats
path: root/ansible_collections/community/mongodb
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--ansible_collections/community/mongodb/.github/workflows/ansible-test.yml81
-rw-r--r--ansible_collections/community/mongodb/.github/workflows/mongodb-cache.yml56
-rw-r--r--ansible_collections/community/mongodb/.github/workflows/publish_collection.yml10
-rw-r--r--ansible_collections/community/mongodb/.github/workflows/test-roles.yml8
-rw-r--r--ansible_collections/community/mongodb/.github/workflows/x509.yml12
-rw-r--r--ansible_collections/community/mongodb/CHANGELOG.rst110
-rw-r--r--ansible_collections/community/mongodb/FILES.json221
-rw-r--r--ansible_collections/community/mongodb/MANIFEST.json7
-rw-r--r--ansible_collections/community/mongodb/README.md33
-rw-r--r--ansible_collections/community/mongodb/changelogs/changelog.yaml70
-rw-r--r--ansible_collections/community/mongodb/plugins/cache/mongodb.py2
-rw-r--r--ansible_collections/community/mongodb/plugins/doc_fragments/atlas_options.py54
-rw-r--r--ansible_collections/community/mongodb/plugins/module_utils/mongodb_atlas.py220
-rw-r--r--ansible_collections/community/mongodb/plugins/module_utils/mongodb_common.py7
-rw-r--r--ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_cluster.py238
-rw-r--r--ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_ldap_user.py165
-rw-r--r--ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_user.py196
-rw-r--r--ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_whitelist.py111
-rw-r--r--ansible_collections/community/mongodb/plugins/modules/mongodb_balancer.py2
-rw-r--r--ansible_collections/community/mongodb/plugins/modules/mongodb_monitoring.py197
-rw-r--r--ansible_collections/community/mongodb/plugins/modules/mongodb_replicaset.py5
-rw-r--r--ansible_collections/community/mongodb/plugins/modules/mongodb_role.py4
-rw-r--r--ansible_collections/community/mongodb/plugins/modules/mongodb_user.py3
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_auth/defaults/main.yml2
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/molecule.yml4
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/playbook.yml15
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_auth/tasks/main.yml2
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_auth/tasks/mongodb_auth_user.yml2
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_config/README.md32
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_config/defaults/main.yml2
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/molecule.yml6
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/playbook.yml15
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/tests/test_default.py2
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/molecule.yml6
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/playbook.yml15
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/tests/test_default.py2
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_config/templates/configsrv.conf.j26
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_install/files/lock_mongodb_packages.sh10
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/molecule.yml4
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/prepare.yml10
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/molecule.yml4
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/prepare.yml4
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/tests/test_default.py2
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/molecule.yml4
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/prepare.yml6
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/tests/test_default.py2
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/molecule.yml12
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/prepare.yml10
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_install/tasks/main.yml26
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_linux/README.md5
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_linux/defaults/main.yml4
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_linux/files/thp-disable.service1
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/molecule.yml4
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_linux/tasks/main.yml15
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_linux/vars/Debian-12.yml5
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_linux/vars/RedHat-9.yml5
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_mongod/README.md39
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_mongod/defaults/main.yml12
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_mongod/handlers/main.yml5
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/molecule.yml4
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/playbook.yml15
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/tests/test_default.py2
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/molecule.yml4
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/playbook.yml15
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/tests/test_default.py2
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/molecule.yml4
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/playbook.yml15
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/tests/test_default.py2
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_mongod/tasks/logrotate.yml9
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_mongod/tasks/main.yml33
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_mongod/templates/mongod.conf.j29
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_mongod/templates/mongodb.logrotate.j214
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_mongos/README.md30
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_mongos/defaults/main.yml2
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/molecule.yml6
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/playbook.yml13
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/prepare.yml6
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos.conf.j26
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_repository/molecule/default/molecule.yml4
-rw-r--r--ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/default/molecule.yml4
80 files changed, 1804 insertions, 507 deletions
diff --git a/ansible_collections/community/mongodb/.github/workflows/ansible-test.yml b/ansible_collections/community/mongodb/.github/workflows/ansible-test.yml
index 6a8d52bd1..f64d5881c 100644
--- a/ansible_collections/community/mongodb/.github/workflows/ansible-test.yml
+++ b/ansible_collections/community/mongodb/.github/workflows/ansible-test.yml
@@ -18,20 +18,23 @@ jobs:
ansible_version:
- devel
- stable-2.13
+ - stable-2.14
+ - stable-2.15
+ - stable-2.16
steps:
- name: Check out code
- uses: actions/checkout@v2
+ uses: actions/checkout@v4
with:
path: ansible_collections/community/mongodb
- - name: Set up Python 3.9
- uses: actions/setup-python@v4
+ - name: Set up Python 3.10
+ uses: actions/setup-python@v5
with:
- python-version: 3.9
+ python-version: "3.10"
- name: Install ansible-base (${{ matrix.ansible_version }})
- uses: nick-invision/retry@v2
+ uses: nick-invision/retry@v3
with:
timeout_minutes: 3
max_attempts: 3
@@ -50,40 +53,43 @@ jobs:
ansible_version:
- devel
- stable-2.13
+ - stable-2.14
+ - stable-2.15
+ - stable-2.16
steps:
- name: Check out code
- uses: actions/checkout@v2
+ uses: actions/checkout@v4
with:
path: ansible_collections/community/mongodb
- - name: Set up Python 3.9
- uses: actions/setup-python@v4
+ - name: Set up Python 3.10
+ uses: actions/setup-python@v5
with:
- python-version: 3.9
+ python-version: "3.10"
- name: Install ansible-base (${{ matrix.ansible_version }})
- uses: nick-invision/retry@v2
+ uses: nick-invision/retry@v3
with:
timeout_minutes: 3
max_attempts: 3
command: pip install https://github.com/ansible/ansible/archive/${{ matrix.ansible_version }}.tar.gz --disable-pip-version-check
- name: Install mongodb
- uses: nick-invision/retry@v2
+ uses: nick-invision/retry@v3
with:
timeout_minutes: 3
max_attempts: 3
command: sudo apt-get install -y mongodb-org
- name: Install dateutil
- uses: nick-invision/retry@v2
+ uses: nick-invision/retry@v3
with:
timeout_minutes: 3
max_attempts: 3
command: pip install python-dateutil
- name: Install python libs
- uses: nick-invision/retry@v2
+ uses: nick-invision/retry@v3
with:
timeout_minutes: 3
max_attempts: 3
@@ -97,12 +103,12 @@ jobs:
run: mlaunch --single --port 27999
- name: Run unit tests
- run: ansible-test units -v --color --python 3.9 --coverage
+ run: ansible-test units -v --color --python 3.10 --coverage
- name: Generate coverage report.
run: ansible-test coverage xml -v --requirements --group-by command --group-by version
- - uses: codecov/codecov-action@v1
+ - uses: codecov/codecov-action@v3
with:
fail_ci_if_error: false
@@ -120,7 +126,7 @@ jobs:
steps:
- name: Check out code
- uses: actions/checkout@v2
+ uses: actions/checkout@v4
with:
path: ansible_collections/community/mongodb
@@ -144,64 +150,53 @@ jobs:
strategy:
matrix:
mongodb_version:
- - "5.0"
- "6.0"
+ - "7.0"
mongodb_module: ${{ fromJson(needs.integration_matrix.outputs.matrix) }}
versions:
- #- python_version: "2.7"
- # ansible_version: "stable-2.10"
- # docker_image: "centos7"
- #- python_version: "2.7"
- # ansible_version: "stable-2.11"
- # docker_image: "centos7"
- - python_version: "3.6"
- ansible_version: "stable-2.10"
- docker_image: "ubuntu1804"
- - python_version: "3.6"
- ansible_version: "stable-2.11"
- docker_image: "ubuntu1804"
- - python_version: "3.8"
- ansible_version: "stable-2.12"
- docker_image: "default"
- python_version: "3.8"
ansible_version: "stable-2.13"
docker_image: "default"
- python_version: "3.9"
ansible_version: "stable-2.14"
docker_image: "default"
- # Fedora 33 should be possible after this is fixed
- # https://jira.mongodb.org/browse/MONGOSH-941
- #- python_version: "3.9"
- # ansible_version: "devel"
- # docker_image: "fedora33"
+ - python_version: "3.10"
+ ansible_version: "stable-2.15"
+ docker_image: "default"
+ - python_version: "3.10"
+ ansible_version: "stable-2.16"
+ docker_image: "default"
+ - python_version: "3.10"
+ ansible_version: "devel"
+ docker_image: "default"
steps:
- name: Check out code
- uses: actions/checkout@v2
+ uses: actions/checkout@v4
with:
path: ansible_collections/community/mongodb
- name: Set up Python ${{ matrix.versions.python_version }}
- uses: actions/setup-python@v4
+ uses: actions/setup-python@v5
with:
python-version: ${{ matrix.versions.python_version }}
- name: Install ansible-base (${{ matrix.versions.ansible_version }})
- uses: nick-invision/retry@v2
+ uses: nick-invision/retry@v3
with:
timeout_minutes: 3
max_attempts: 3
command: pip install https://github.com/ansible/ansible/archive/${{ matrix.versions.ansible_version }}.tar.gz --disable-pip-version-check
- name: Install community.general
- uses: nick-invision/retry@v2
+ uses: nick-invision/retry@v3
with:
timeout_minutes: 3
max_attempts: 3
command: ansible-galaxy collection install 'community.general' -p ansible_collections/
- name: Install community.crypto
- uses: nick-invision/retry@v2
+ uses: nick-invision/retry@v3
with:
timeout_minutes: 3
max_attempts: 3
@@ -214,4 +209,4 @@ jobs:
run: ansible-test integration --docker ${{ matrix.versions.docker_image }} -v --color --retry-on-error --python ${{ matrix.versions.python_version }} --continue-on-error --diff --coverage ${{ matrix.mongodb_module }}
- name: Upload Coverage data
- run: tests/coverage.sh \ No newline at end of file
+ run: tests/coverage.sh
diff --git a/ansible_collections/community/mongodb/.github/workflows/mongodb-cache.yml b/ansible_collections/community/mongodb/.github/workflows/mongodb-cache.yml
index 992646c28..757b72256 100644
--- a/ansible_collections/community/mongodb/.github/workflows/mongodb-cache.yml
+++ b/ansible_collections/community/mongodb/.github/workflows/mongodb-cache.yml
@@ -17,33 +17,31 @@ jobs:
strategy:
matrix:
versions:
- - ansible_version: "stable-2.10"
- python_version: "3.6"
- - ansible_version: "stable-2.11"
- python_version: "3.6"
- - ansible_version: "stable-2.12"
- python_version: "3.9"
- ansible_version: "stable-2.13"
- python_version: "3.8"
- - ansible_version: "stable-2.14"
python_version: "3.9"
+ - ansible_version: "stable-2.14"
+ python_version: "3.10"
+ - ansible_version: "stable-2.15"
+ python_version: "3.11"
+ - ansible_version: "stable-2.16"
+ python_version: "3.11"
- ansible_version: "devel"
- python_version: "3.9"
+ python_version: "3.11"
steps:
- name: Check out code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
with:
path: ansible_collections/community/mongodb
- name: Set up Python ${{ matrix.versions.python_version }}
- uses: actions/setup-python@v4
+ uses: actions/setup-python@v5
with:
python-version: ${{ matrix.versions.python_version }}
- name: Install ansible-base (${{ matrix.versions.ansible_version }})
- uses: nick-invision/retry@v2
+ uses: nick-invision/retry@v3
with:
timeout_minutes: 3
max_attempts: 3
@@ -68,7 +66,7 @@ jobs:
-v mongocache:/data/db mongo:latest
- name: Install mongodb-org-shell
- uses: nick-invision/retry@v2
+ uses: nick-invision/retry@v3
with:
timeout_minutes: 3
max_attempts: 3
@@ -86,18 +84,18 @@ jobs:
echo "nopymongo=$output" >> $GITHUB_OUTPUT
- name: Test cache handling of missing pymongo
- uses: nick-invision/assert-action@v1
+ uses: nick-invision/assert-action@v2
with:
expected: "The 'pymongo' python module is required for the mongodb fact cache"
actual: ${{ steps.no-pymongo.outputs.nopymongo }}
comparison: contains
- name: Install pymongo
- uses: nick-invision/retry@v2
+ uses: nick-invision/retry@v3
with:
timeout_minutes: 3
max_attempts: 3
- command: pip install pymongo==3.12.2
+ command: pip install pymongo
- name: Run ansible to generate the mongodb cache
run: ansible localhost -m setup
@@ -113,7 +111,7 @@ jobs:
echo "mongo=$output" >> $GITHUB_OUTPUT
- name: Test that we have something that looks like a cache record
- uses: nick-invision/assert-action@v1
+ uses: nick-invision/assert-action@v2
with:
expected: ansible_processor_count
actual: ${{ steps.mongo1.outputs.mongo }}
@@ -130,14 +128,14 @@ jobs:
echo "mongo=$output" >> $GITHUB_OUTPUT
- name: Test that we don't have an index called ttl
- uses: nick-invision/assert-action@v1
+ uses: nick-invision/assert-action@v2
with:
expected: ttl
actual: ${{ steps.mongo2.outputs.mongo }}
comparison: notContains
- name: Test that we have good output from getindexes
- uses: nick-invision/assert-action@v1
+ uses: nick-invision/assert-action@v2
with:
expected: "_id_"
actual: ${{ steps.mongo2.outputs.mongo }}
@@ -157,7 +155,7 @@ jobs:
echo "mongo=$output" >> $GITHUB_OUTPUT
- name: Test that we have something that looks like a cache record
- uses: nick-invision/assert-action@v1
+ uses: nick-invision/assert-action@v2
with:
expected: ansible_processor_count
actual: ${{ steps.mongo3.outputs.mongo }}
@@ -174,14 +172,14 @@ jobs:
echo "mongo=$output" >> $GITHUB_OUTPUT
- name: Test that we don't have an index called ttl
- uses: nick-invision/assert-action@v1
+ uses: nick-invision/assert-action@v2
with:
expected: ttl
actual: ${{ steps.mongo4.outputs.mongo }}
comparison: notContains
- name: Test that we have good output from getindexes
- uses: nick-invision/assert-action@v1
+ uses: nick-invision/assert-action@v2
with:
expected: "_id_"
actual: ${{ steps.mongo4.outputs.mongo }}
@@ -203,7 +201,7 @@ jobs:
echo "mongo=$output" >> $GITHUB_OUTPUT
- name: Test that we have something that looks like a cache record
- uses: nick-invision/assert-action@v1
+ uses: nick-invision/assert-action@v2
with:
expected: ansible_processor_count
actual: ${{ steps.mongo5.outputs.mongo }}
@@ -220,7 +218,7 @@ jobs:
echo "mongo=$output" >> $GITHUB_OUTPUT
- name: Test that we do have an index called ttl
- uses: nick-invision/assert-action@v1
+ uses: nick-invision/assert-action@v2
with:
expected: ttl
actual: ${{ steps.mongo6.outputs.mongo }}
@@ -242,7 +240,7 @@ jobs:
echo "mongo=$output" >> $GITHUB_OUTPUT
- name: Test that we have something that looks like a cache record
- uses: nick-invision/assert-action@v1
+ uses: nick-invision/assert-action@v2
with:
expected: ansible_processor_count
actual: ${{ steps.mongo7.outputs.mongo }}
@@ -259,7 +257,7 @@ jobs:
echo "mongo=$output" >> $GITHUB_OUTPUT
- name: Test that we do have an index called ttl
- uses: nick-invision/assert-action@v1
+ uses: nick-invision/assert-action@v2
with:
expected: ttl
actual: ${{ steps.mongo8.outputs.mongo }}
@@ -281,7 +279,7 @@ jobs:
echo "mongo=$output" >> $GITHUB_OUTPUT
- name: Test that we have something that looks like a cache record
- uses: nick-invision/assert-action@v1
+ uses: nick-invision/assert-action@v2
with:
expected: ansible_processor_count
actual: ${{ steps.mongo9.outputs.mongo }}
@@ -298,14 +296,14 @@ jobs:
echo "mongo=$output" >> $GITHUB_OUTPUT
- name: Test that we don't have an index called ttl
- uses: nick-invision/assert-action@v1
+ uses: nick-invision/assert-action@v2
with:
expected: ttl
actual: ${{ steps.mongo10.outputs.mongo }}
comparison: notContains
- name: Test that we have good output from getindexes
- uses: nick-invision/assert-action@v1
+ uses: nick-invision/assert-action@v2
with:
expected: "_id_"
actual: ${{ steps.mongo10.outputs.mongo }}
diff --git a/ansible_collections/community/mongodb/.github/workflows/publish_collection.yml b/ansible_collections/community/mongodb/.github/workflows/publish_collection.yml
index a16dcd55d..c928a4809 100644
--- a/ansible_collections/community/mongodb/.github/workflows/publish_collection.yml
+++ b/ansible_collections/community/mongodb/.github/workflows/publish_collection.yml
@@ -14,14 +14,14 @@ jobs:
steps:
- name: Check out code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
with:
path: ansible_collections/community/mongodb
- - name: Set up Python 3.9
- uses: actions/setup-python@v4
+ - name: Set up Python 3.10
+ uses: actions/setup-python@v5
with:
- python-version: 3.9
+ python-version: "3.10"
- name: Install ansible-base (devel)
run: pip install https://github.com/ansible/ansible/archive/devel.tar.gz --disable-pip-version-check
@@ -40,7 +40,7 @@ jobs:
# Moving the tag leaves an orphan artifact. Just changing the artifact doesn't move the tag.
- name: Delete latest tag and release
- uses: dev-drprasad/delete-tag-and-release@v0.2.1
+ uses: dev-drprasad/delete-tag-and-release@v1.0.1
with:
delete_release: true
tag_name: latest
diff --git a/ansible_collections/community/mongodb/.github/workflows/test-roles.yml b/ansible_collections/community/mongodb/.github/workflows/test-roles.yml
index 2529bfc10..5aa01e2cc 100644
--- a/ansible_collections/community/mongodb/.github/workflows/test-roles.yml
+++ b/ansible_collections/community/mongodb/.github/workflows/test-roles.yml
@@ -17,7 +17,7 @@ jobs:
steps:
- name: Check out code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
with:
path: ansible_collections/community/mongodb
@@ -42,17 +42,17 @@ jobs:
strategy:
matrix:
python_version:
- - "3.6"
+ - "3.10"
mongodb_role: ${{ fromJson(needs.roles_matrix.outputs.matrix) }}
steps:
- name: Check out code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
with:
path: ansible_collections/community/mongodb
- name: Set up Python ${{ matrix.test_scenario.python_version }}
- uses: actions/setup-python@v4
+ uses: actions/setup-python@v5
with:
python-version: ${{ matrix.test_scenario.python_version }}
diff --git a/ansible_collections/community/mongodb/.github/workflows/x509.yml b/ansible_collections/community/mongodb/.github/workflows/x509.yml
index bd6fd561c..59070b07f 100644
--- a/ansible_collections/community/mongodb/.github/workflows/x509.yml
+++ b/ansible_collections/community/mongodb/.github/workflows/x509.yml
@@ -13,7 +13,7 @@ jobs:
steps:
- name: Check out code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
with:
path: ansible_collections/community/mongodb
@@ -104,13 +104,13 @@ jobs:
--authenticationDatabase '$external' \
--eval "db.adminCommand('listDatabases')"
- - name: Set up Python 3.9
- uses: actions/setup-python@v4
+ - name: Set up Python 3.10
+ uses: actions/setup-python@v5
with:
- python-version: "3.9"
+ python-version: "3.10"
- name: Install ansible-base devel
- uses: nick-invision/retry@v2
+ uses: nick-invision/retry@v3
with:
timeout_minutes: 3
max_attempts: 3
@@ -129,7 +129,7 @@ jobs:
working-directory: ansible_collections/community/mongodb
- name: Install pymongo
- uses: nick-invision/retry@v2.8.2
+ uses: nick-invision/retry@v3
with:
timeout_minutes: 3
max_attempts: 3
diff --git a/ansible_collections/community/mongodb/CHANGELOG.rst b/ansible_collections/community/mongodb/CHANGELOG.rst
index 2c898bd5d..88b4b7fe4 100644
--- a/ansible_collections/community/mongodb/CHANGELOG.rst
+++ b/ansible_collections/community/mongodb/CHANGELOG.rst
@@ -4,6 +4,108 @@ Community.MongoDB Release Notes
.. contents:: Topics
+v1.7.2:
+=========
+
+Release Summary
+----------------
+
+This release is a maintenance release.
+
+Bug Fixes
+----------
+
+- 638 - mongodb_replicaset - Allow module to update replicaset horizons.
+
+v1.7.1:
+=========
+
+Release Summary
+----------------
+
+This release is a maintenance release.
+
+Bug Fixes
+----------
+
+- 631 - cache/mongodb.py - Support pymongo 4.0+. This plugin no longer support pymongo 3.12.*.
+
+v1.7.0:
+=========
+
+Release Summary
+----------------
+
+This release is a maintenance release.
+
+Minor Changes
+--------------
+
+- 622 - mongodb_mongod - Allow systemd configuration override.
+- 620 - mongodb_common - Use SSL constants in shared connection code.
+- 609 - mongodb_mongod, mongodb_mongos, mongodb_config - support for allowConnectionsWithoutCertificates.
+- 605 - mongodb_mongod, mongodb_mongos, mongodb_config - support for security.disabledProtocols.
+
+Bug Fixes
+----------
+
+- 614 - mongodb_replicaset - Count voting members based on the sum of "votes" and using a comprehension list.
+- 611 - mongodb_role - lambda function changed to support non-existing keys.
+
+Modules
+---------
+
+- 612 - mongodb_atlas_cluster - Manage database clusters in Atlas (#612).
+- 612 - mongodb_atlas_ldap_user - Manage ldap users in Atlas (#612).
+- 612 - mongodb_atlas_user - Manage database users in Atlas (#612).
+- 612 - mongodb_atlas_whitelist - Manage IP whitelists in Atlas (#612).
+
+v1.6.3:
+========
+
+Release Summary
+---------------
+
+This release is a maintenance release.
+
+Minor Changes
+--------------
+
+- 600 - Remove delete module from README.md.
+- 601 - mongodb_install - Fix issue with specific_mongodb_version on RedHat OS family.
+
+v1.6.2:
+========
+
+Release Summary
+---------------
+
+This release is a maintenance release.
+
+Minor Changes
+--------------
+
+- 583 - mongodb_linux - Add vars for RedHat 9 to role.
+- 586 - mongodb_auth - Add ssl vars to role.
+- 589 - mongodb_linux - Adds vars to better handle ntp package installation and handling.
+- 588 - mongodb_linux - Default ntp system to systemd-timesyncd for Debian12.
+- 593 - mongodb_linux - Add vm.max_map_count = 128000 sysctl config.
+- 597 - mongodb_monitoring - Module has been deleted as Free Monitoring service has been stopped.
+- 595 - mongodb_linux - Improvements to transparent_hugepage handling.
+
+v1.6.1:
+========
+
+Release Summary
+---------------
+
+This release is a maintenance release.
+
+Minor Changes
+--------------
+
+- 578 - mongodb_role - More robust comparison of user roles.
+
v1.6.0:
========
@@ -16,7 +118,7 @@ Minor Changes
--------------
- 569 - All pymongo modules - Better support for MongoDB Atlas.
-- 568 - Minor documentation updates.
+- 568 - Minor documentation updates.
v1.5.2
=======
@@ -131,7 +233,7 @@ Major Changes
---------------
- 470 - Removes depreciated distutils package and require Pymongo 3.12+ and MongoDB 4+
- Adds a new parameter strict_compatibility (default true).
+ Adds a new parameter strict_compatibility (default true).
Set to false to disable Pymongo and MongoDB requirements.
v1.3.4
@@ -165,8 +267,8 @@ Bug Fixes
Minor Changes
---------------
-- 450 - mongodb_replicaset. Introduce cluster_cmd parameter. Can be set to isMaster or hello.
- Hello is the default. isMaster is useful for older versions of MongoDB.
+- 450 - mongodb_replicaset. Introduce cluster_cmd parameter. Can be set to isMaster or hello.
+ Hello is the default. isMaster is useful for older versions of MongoDB.
See [db.hello()](https://www.mongodb.com/docs/manual/reference/method/db.hello/) for more.
v1.3.2
diff --git a/ansible_collections/community/mongodb/FILES.json b/ansible_collections/community/mongodb/FILES.json
index 3350b5fe3..ff9223131 100644
--- a/ansible_collections/community/mongodb/FILES.json
+++ b/ansible_collections/community/mongodb/FILES.json
@@ -25,21 +25,21 @@
"name": ".github/workflows/ansible-test.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "893b57c4cbb866c079d790a6018f660ee8f178ee105a8e46b2d93f1e5106bb1f",
+ "chksum_sha256": "73b933669a573ce6fa027dff9223cbbed48d4d31e0b61cf54c503f3eec46816a",
"format": 1
},
{
"name": ".github/workflows/mongodb-cache.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "3b6e9e5c1b98e1db58c3c3327bb10ce1c59cd24dbc716d253f2d75bd30ab06d4",
+ "chksum_sha256": "a501aa0916837a4abfbd5f910662f525be0833be53d3d46a0c98973659ba21f2",
"format": 1
},
{
"name": ".github/workflows/publish_collection.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "5dc1ef6a5c6cdf0ce4d49e520df15cefc0b8f9732f9cde850c8f82d674a247b2",
+ "chksum_sha256": "e938fc2ffec98aa434184ee4f7f7a293def84daaadf116289b38226e0a00426a",
"format": 1
},
{
@@ -53,14 +53,14 @@
"name": ".github/workflows/test-roles.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "d3b655c70d9d1d8f93a6e18a36c04735ef41c9cf67c5db5c82fa5a8d51a5ac3a",
+ "chksum_sha256": "fcb80d477c82b079fbf7fc1bb3b099bb913d4961c699026bc2b78e8064cb58e6",
"format": 1
},
{
"name": ".github/workflows/x509.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "e0f9df03ae321bb23feeec7ee9b0de71d915fa27667aa3f88cb52a82d1ea07a8",
+ "chksum_sha256": "da22d7aa6893fdf4134f886f828344437bbdab96808ad7617f36775f619d480f",
"format": 1
},
{
@@ -95,7 +95,7 @@
"name": "changelogs/changelog.yaml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "a2b8248a625db8ee7b0564011caa76e5cca57d319a6465f327b2151bfac26a47",
+ "chksum_sha256": "62026cfdee0d726808baf3b46212cb3b1d0668bf8f156898c11b3017f45c67e4",
"format": 1
},
{
@@ -151,7 +151,7 @@
"name": "plugins/cache/mongodb.py",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "dd0e0964cdbeb66487c9dd39feeee0f408221f0060988df7afc8ee9b5c17b9bd",
+ "chksum_sha256": "aedbdc6afc85b4d5ed39ce822c4573b7a7de0742ea6ec43e5e7e1f6bcfb12905",
"format": 1
},
{
@@ -162,6 +162,13 @@
"format": 1
},
{
+ "name": "plugins/doc_fragments/atlas_options.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "c28b5eaeb1b089c9b66a2ad64ba7467f7836f86d6948ca9e5aed684304873b2a",
+ "format": 1
+ },
+ {
"name": "plugins/doc_fragments/login_options.py",
"ftype": "file",
"chksum_type": "sha256",
@@ -211,10 +218,17 @@
"format": 1
},
{
+ "name": "plugins/module_utils/mongodb_atlas.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "e63bf87e1f6f35859e306fbd7070c70c1d5406ab3a30c51923cc6fe0d338779a",
+ "format": 1
+ },
+ {
"name": "plugins/module_utils/mongodb_common.py",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "31ee1df028aaf5f6807866807dd9bbb584318af5bd640c924daf3b4ad76dfc48",
+ "chksum_sha256": "a46ecf4ee936b461cabe289496e425a9fd2d454df7c083580e7e65c96c45092d",
"format": 1
},
{
@@ -239,10 +253,38 @@
"format": 1
},
{
+ "name": "plugins/modules/mongodb_atlas_cluster.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "41da55ac3e6fbeeb8ad3c056e37e1bf3116b6b75b82dbbcd279af10f9228d247",
+ "format": 1
+ },
+ {
+ "name": "plugins/modules/mongodb_atlas_ldap_user.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "2c424fd746b2a531c811fc9d4ba6126e42b6433db87998beae2ac725392cf3c9",
+ "format": 1
+ },
+ {
+ "name": "plugins/modules/mongodb_atlas_user.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "fc1f272d0d97322664633458de27c9fcbc0011696052421bc2bb58d7fb06744b",
+ "format": 1
+ },
+ {
+ "name": "plugins/modules/mongodb_atlas_whitelist.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "066c44e0ed09fb61e4a0b66416a644121eb7eb5556c9a1895ae8305f49f4ffcf",
+ "format": 1
+ },
+ {
"name": "plugins/modules/mongodb_balancer.py",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "a634f2ab69e027cd9876a36937c808b1ab551707739aa4bf87c88f5bbeffc635",
+ "chksum_sha256": "dd4263c776a24763b3811a2a343dcb555a53f135e452216417b8018d970e26c7",
"format": 1
},
{
@@ -267,13 +309,6 @@
"format": 1
},
{
- "name": "plugins/modules/mongodb_monitoring.py",
- "ftype": "file",
- "chksum_type": "sha256",
- "chksum_sha256": "928eca8ce08b54251c708fb88749f1f5a75aa26e7f1c84fbe31983f43ab4fe4e",
- "format": 1
- },
- {
"name": "plugins/modules/mongodb_oplog.py",
"ftype": "file",
"chksum_type": "sha256",
@@ -291,14 +326,14 @@
"name": "plugins/modules/mongodb_replicaset.py",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "044d8ef48ba89fd5809b673990776acfa573c9b2a27890d7d6cddd17f2afc50f",
+ "chksum_sha256": "c26ca9213dc53361cf320db30d7e478d4107da0ca89b2b2a72c5e50d17352db0",
"format": 1
},
{
"name": "plugins/modules/mongodb_role.py",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "53bf6881a8d8dae4abf3d94cd238b24eb13c4ae39420495e57f25c799ba1fba6",
+ "chksum_sha256": "2fd82f46ba80720492007a2505e4aca8a5053a71dba2b27a9f1cead7cc33d57d",
"format": 1
},
{
@@ -361,7 +396,7 @@
"name": "plugins/modules/mongodb_user.py",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "dc53094a237fcc6941306d9bc48d30097c8f3e8b50cbb122d841e2140f16af4d",
+ "chksum_sha256": "3d4cd46206b60f69ed168e84ec54e151a32c1c4a18c1c2989d19a6e9e98924a7",
"format": 1
},
{
@@ -389,7 +424,7 @@
"name": "roles/mongodb_auth/defaults/main.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "770aaa7a7e1aa715295ce515ebcc381e0ddf088bb88df068626d5f023e577b9a",
+ "chksum_sha256": "b6135635aa61d2f294bf69a1b7308495d1b82be79bc7ce2f514ae9e0c4f693f5",
"format": 1
},
{
@@ -445,14 +480,14 @@
"name": "roles/mongodb_auth/molecule/default/molecule.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "189c4239601a31224b5b0e5c2555d3824f8db7faa50bd5b3286db59f9762a919",
+ "chksum_sha256": "7277bbdc4e39e8b2fea6947c097402c58b19ddf3c55362b9de63eee36c6d94e2",
"format": 1
},
{
"name": "roles/mongodb_auth/molecule/default/playbook.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "90376e78d3e52f87ea244a0da77ce40456dac6455a49eeb1e3f6b6edfc8c47bd",
+ "chksum_sha256": "52ca66d02d0aa4bbed51e46564a5be8f3a973a5efa1fb58adaf76c636ac209cc",
"format": 1
},
{
@@ -515,14 +550,14 @@
"name": "roles/mongodb_auth/tasks/main.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "4dfaf85065ad9d25d59e58ff7aca52d1f7a02caac905e434921eecb6387c2bb4",
+ "chksum_sha256": "d053cc9984165bbdfab92bcbb59e988d5766b2f9fbc9acc3df95a403f398abdb",
"format": 1
},
{
"name": "roles/mongodb_auth/tasks/mongodb_auth_user.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "327d37e2ce96949fa0401129c3609fe8f8c93fa7075cad4115f2465117a7e947",
+ "chksum_sha256": "d27869371e43dceadffe0295ab9ee06e3161dc94fa598ed8776e559d9f916c82",
"format": 1
},
{
@@ -599,7 +634,7 @@
"name": "roles/mongodb_config/defaults/main.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "b02f09d1c97cb479f785d03f12474d9fc599049d74ae1374063960250ab94948",
+ "chksum_sha256": "75bcad9b2efe940df6365fe5051866d218383c609fdb60ebfcc95b7de083220a",
"format": 1
},
{
@@ -662,21 +697,21 @@
"name": "roles/mongodb_config/molecule/custom_db_path/tests/test_default.py",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "6785ea2c0ef42b1c74098c66a58e79496172b9150c3a6f840da39becf1e65f92",
+ "chksum_sha256": "9043f00bfad88d3f198692b80b762ca41af5db6d2f57f72915a2d74c3d4f853c",
"format": 1
},
{
"name": "roles/mongodb_config/molecule/custom_db_path/molecule.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "7a81696b0bba4ff65dc6d7f89d16d2c7daa6368b5e84ff4772fbf31210bb1c3c",
+ "chksum_sha256": "7ed5994c9bef0b2e46cf6bae21af9a82a7366b3a8dc85605c217f6941166c3c5",
"format": 1
},
{
"name": "roles/mongodb_config/molecule/custom_db_path/playbook.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "ab3364344b36e00fcad9d5e00be1aa6c15ea629d619a8e87308d38416045891c",
+ "chksum_sha256": "96f0c0737e5155e74c3221fe8140e6fed8829c88b8e7f67e53bd64d4bc8b5efe",
"format": 1
},
{
@@ -711,21 +746,21 @@
"name": "roles/mongodb_config/molecule/default/tests/test_default.py",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "76c4a4583bbd511453521974072f30d98268c9061ac35d85edf3846d4544da69",
+ "chksum_sha256": "d58ff4a841a0c923e98e0e4c2f5f2c4c72e32eb8879b743e48e9de1f0227124a",
"format": 1
},
{
"name": "roles/mongodb_config/molecule/default/molecule.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "7a81696b0bba4ff65dc6d7f89d16d2c7daa6368b5e84ff4772fbf31210bb1c3c",
+ "chksum_sha256": "7ed5994c9bef0b2e46cf6bae21af9a82a7366b3a8dc85605c217f6941166c3c5",
"format": 1
},
{
"name": "roles/mongodb_config/molecule/default/playbook.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "4d583abdcf01781aa7067708340991b1ce76a927d4a0c3f20f0f728d19e2d50f",
+ "chksum_sha256": "23267a579fc73f82b2e15f3b7652d25f2a44fdc8bf2c374ad21be9ef90426eb8",
"format": 1
},
{
@@ -802,7 +837,7 @@
"name": "roles/mongodb_config/templates/configsrv.conf.j2",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "c6ef3f0bde18b5678d91f4a04538d10957dfc5cfb6e51131675268e6905869af",
+ "chksum_sha256": "24094caecb4f6c83858bf5d854b0c2e3b3a9c6daed896e592eb937b0f963d5ef",
"format": 1
},
{
@@ -851,7 +886,7 @@
"name": "roles/mongodb_config/README.md",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "ccf4c86dd5e1a6e1998fbb59d506b5473f94a58caecac46568f167033f12c183",
+ "chksum_sha256": "1a927b09d12cc908ac710a0d3fa72671be0f50e4930e185db510bdd8f2d1c8c4",
"format": 1
},
{
@@ -872,7 +907,7 @@
"name": "roles/mongodb_install/files/lock_mongodb_packages.sh",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "89582cbb311785ffd3e39029a6f03678267cb1e84995b7260ed41bcc3a508e83",
+ "chksum_sha256": "463061abc6bebbcbad2e3d4a111c4d813494a8504e73d24c66335850e148430c",
"format": 1
},
{
@@ -928,7 +963,7 @@
"name": "roles/mongodb_install/molecule/default/molecule.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "e1d96e0e5e9e889366a75d87c73f5408954d1bcfab2e1253c6e070f4d6da1509",
+ "chksum_sha256": "704539b8afef5b03179bfebc38ca69b4017f863b86821af66866c6138d6b7965",
"format": 1
},
{
@@ -939,6 +974,13 @@
"format": 1
},
{
+ "name": "roles/mongodb_install/molecule/default/prepare.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "716aa1020826da54c85e96d853b6f075d293f3b85163f1e59083e6a77de03f6b",
+ "format": 1
+ },
+ {
"name": "roles/mongodb_install/molecule/mongodb_hold_packages",
"ftype": "dir",
"chksum_type": null,
@@ -963,14 +1005,14 @@
"name": "roles/mongodb_install/molecule/mongodb_hold_packages/tests/test_default.py",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "6e073162dffc65ded4fb9afefc297a091c7210f97072044c905b09502944147b",
+ "chksum_sha256": "fe77ad84ef37f1e94aea2dc559de730eb76792fd6f2e6162b055dd5a07eea0a1",
"format": 1
},
{
"name": "roles/mongodb_install/molecule/mongodb_hold_packages/molecule.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "1415aa365827c25bd2eb92c2ed0b7fc5d994211d1ace12939d9edf3108238029",
+ "chksum_sha256": "52aaa6252e224662deeae462f1196eb36627d457c368c97b1921fa358f511da1",
"format": 1
},
{
@@ -984,7 +1026,7 @@
"name": "roles/mongodb_install/molecule/mongodb_hold_packages/prepare.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "33e0317ed95fb8f1c1c1731829ab5face9b8a4b462508ca98b7f0f60d2fd081c",
+ "chksum_sha256": "39b7a0f9bc99a5ed5e6780cddaf721d86d5ebdba3b816331e0477bdc74ab2834",
"format": 1
},
{
@@ -1012,14 +1054,14 @@
"name": "roles/mongodb_install/molecule/mongodb_nohold_packages/tests/test_default.py",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "3a2b47c9b82958b1a9e6f02b2deae73bc3cf7c1d7a3b71677bb44014ee9495d1",
+ "chksum_sha256": "55316179446793619e8f84077feb30a7f196c2d745696845435df26c35dbe821",
"format": 1
},
{
"name": "roles/mongodb_install/molecule/mongodb_nohold_packages/molecule.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "1415aa365827c25bd2eb92c2ed0b7fc5d994211d1ace12939d9edf3108238029",
+ "chksum_sha256": "52aaa6252e224662deeae462f1196eb36627d457c368c97b1921fa358f511da1",
"format": 1
},
{
@@ -1033,7 +1075,7 @@
"name": "roles/mongodb_install/molecule/mongodb_nohold_packages/prepare.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "86d57bedf4f40ab8b4bb0e3c2ff7dd13460c59bb717b75f40c66127fdf04fc19",
+ "chksum_sha256": "39b7a0f9bc99a5ed5e6780cddaf721d86d5ebdba3b816331e0477bdc74ab2834",
"format": 1
},
{
@@ -1068,7 +1110,7 @@
"name": "roles/mongodb_install/molecule/specific_mongodb_version/molecule.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "1357cdc063266cba2791e9aff653754beaeac0ccb4cc9c14e57f276efb073a85",
+ "chksum_sha256": "f00fe8ebc792b3ed29f11cf1a6a6ea2a812da05c42381c3159992b16e29a43e9",
"format": 1
},
{
@@ -1079,6 +1121,13 @@
"format": 1
},
{
+ "name": "roles/mongodb_install/molecule/specific_mongodb_version/prepare.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "716aa1020826da54c85e96d853b6f075d293f3b85163f1e59083e6a77de03f6b",
+ "format": 1
+ },
+ {
"name": "roles/mongodb_install/molecule/virtualbox",
"ftype": "dir",
"chksum_type": null,
@@ -1131,7 +1180,7 @@
"name": "roles/mongodb_install/tasks/main.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "96fc2a8682910071e99da627660d51e23b3810c8527f9417e7676bc19d041db7",
+ "chksum_sha256": "7e697265fdb1056041aa09706fbd1692a788d642f9e854c8e4f48feca59dc15b",
"format": 1
},
{
@@ -1166,7 +1215,7 @@
"name": "roles/mongodb_linux/defaults/main.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "8c1cb3f8cb7c88e5f9b94e95c798303831bd6d28cee2b24b42e1b8b5c3c77fc7",
+ "chksum_sha256": "d86ecaec3b0c92ecd4838d5d23c78facb542ec49032799451ba4e4faafccc63c",
"format": 1
},
{
@@ -1180,7 +1229,7 @@
"name": "roles/mongodb_linux/files/thp-disable.service",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "1b9f839d1dbbb918acd201e94fe3a9bb9ddaafdbf9398059f8fb0817ecd823c3",
+ "chksum_sha256": "8b7ce5d74e14d3efe593ed64d94376f5320183f9f522b407cbad53a72bbb5439",
"format": 1
},
{
@@ -1236,7 +1285,7 @@
"name": "roles/mongodb_linux/molecule/default/molecule.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "b231dbfcbc1932c974c1a82df6cc5e5b32dce3b2168bae77781e8c5f0a706d6b",
+ "chksum_sha256": "fe17f301302d20fdd6df13667cc160c5f0305b639eaddc00203da9b988185241",
"format": 1
},
{
@@ -1299,7 +1348,7 @@
"name": "roles/mongodb_linux/tasks/main.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "c3eea6e9a70b6f26b80927d4e7b32ed555d1b3c823aeabca4d9e4827eb82d98f",
+ "chksum_sha256": "6fced29f74e80b9e274f5ec26398f1a7f58ff53b0b89c049fcfbffb18d9c812f",
"format": 1
},
{
@@ -1310,6 +1359,13 @@
"format": 1
},
{
+ "name": "roles/mongodb_linux/vars/Debian-12.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "3755aba3d3662eb7a5db022eeee52e58af7498f7cd2a11f56f0affac09cffb9f",
+ "format": 1
+ },
+ {
"name": "roles/mongodb_linux/vars/Debian.yml",
"ftype": "file",
"chksum_type": "sha256",
@@ -1331,6 +1387,13 @@
"format": 1
},
{
+ "name": "roles/mongodb_linux/vars/RedHat-9.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "a2f3697e1cadee2ccd84ff99e8c57788bca914a28e7fd3826c580fa8ad1f6ba0",
+ "format": 1
+ },
+ {
"name": "roles/mongodb_linux/vars/RedHat.yml",
"ftype": "file",
"chksum_type": "sha256",
@@ -1355,7 +1418,7 @@
"name": "roles/mongodb_linux/README.md",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "63c1aafaf9e96e1b5af474e2ae294424374cd0ddc0f2b9168ee423bf577a38eb",
+ "chksum_sha256": "f5aa2b290ead1c5bc566f8090cf8158f709b391d6c505a06c79792f2f3013e13",
"format": 1
},
{
@@ -1376,7 +1439,7 @@
"name": "roles/mongodb_mongod/defaults/main.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "3fd9448c9f2e71d1392c3204ce01532404b663397b8a38dd475a3b908a8a06d7",
+ "chksum_sha256": "9393e6e14e1beae42490926c6a614768816c3755f880f6a01e0524386358a0b0",
"format": 1
},
{
@@ -1390,7 +1453,7 @@
"name": "roles/mongodb_mongod/handlers/main.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "662a28d9c1fd7469e827f9c7cba697264223ccddf694c130d05123e531078b1b",
+ "chksum_sha256": "3e6b2158c8e1234c3ae1f3014245b0484006a532a8aca06f93b07dc83e411447",
"format": 1
},
{
@@ -1439,21 +1502,21 @@
"name": "roles/mongodb_mongod/molecule/custom_db_path/tests/test_default.py",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "a1329ddc753d95bb5b6a419239dd11b04458d311b7c887383209fca998d2e7e1",
+ "chksum_sha256": "114708df31e1ae006de36e6da5855dc27e2364ed5d59fcd479c5df011568bb4a",
"format": 1
},
{
"name": "roles/mongodb_mongod/molecule/custom_db_path/molecule.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "a755fd15a10b01e97988e46729fa0778559f1ae60113cb225d5b9888ae5830ac",
+ "chksum_sha256": "b0f6a68a3bc235970237258b0e194ed94fae205efebe453a6c9f20addd5a5ce0",
"format": 1
},
{
"name": "roles/mongodb_mongod/molecule/custom_db_path/playbook.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "f00bd99f8c6f8a3846cc888ed647c62bd78e1f80919a27b4d7c7760d81b81bd3",
+ "chksum_sha256": "255483b7cc0083dc8dfd74a643d66773878ed4424a5d2c2a58f0e549c8921b81",
"format": 1
},
{
@@ -1488,21 +1551,21 @@
"name": "roles/mongodb_mongod/molecule/default/tests/test_default.py",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "17805508cb475efa6ef5db20800b4a5a579c821d410bae36a35bd146ca6fa3e1",
+ "chksum_sha256": "2cc045495253d0c39609fa814d0911454c25a829c98e6038a7791cf54723cc71",
"format": 1
},
{
"name": "roles/mongodb_mongod/molecule/default/molecule.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "994424e997851f791720fba34b6b65eb6afbc38c82d0dee086fcd7078275a9e6",
+ "chksum_sha256": "e1b801f8421f73a84b91e8eb1b091e3edc7b169ac8f245d2f0da97b0d35b7d71",
"format": 1
},
{
"name": "roles/mongodb_mongod/molecule/default/playbook.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "63a19a9b4f08c1266695faaba9e54dbedd28e3dcc8c6787e64766ba8bb417761",
+ "chksum_sha256": "192e372a1908bcf0ec54b8c52eb459db79529fe098210c07b42363c62f52443a",
"format": 1
},
{
@@ -1537,21 +1600,21 @@
"name": "roles/mongodb_mongod/molecule/multiple_bind_ip/tests/test_default.py",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "ecc1e7f77b43b5e6a46e171a9a2bf2b63ffa4d83f38ef1a721f10ccf8f4bb7a8",
+ "chksum_sha256": "4bcab44a1f135f5a657ed3149112fd3321a6a63591ef60a5669fa690da892b31",
"format": 1
},
{
"name": "roles/mongodb_mongod/molecule/multiple_bind_ip/molecule.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "7e577d75e184d4b8f9a43b00e9dacc2f228a308a1bd6c19a5eb2692856e53ec8",
+ "chksum_sha256": "4bd4d98c03f8cd3c6d8ce974474df1a038b73cbf0e0c1da9aa0090ae531ef0a4",
"format": 1
},
{
"name": "roles/mongodb_mongod/molecule/multiple_bind_ip/playbook.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "b51c6a694115163ce2b6812c3c520723a8f7c45dd5b779172d12ad7fa5635edc",
+ "chksum_sha256": "a746b663a752a435a6490632389476a1f502e138886c66fff49cccdc1e068f9e",
"format": 1
},
{
@@ -1611,10 +1674,17 @@
"format": 1
},
{
+ "name": "roles/mongodb_mongod/tasks/logrotate.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "118a6c4770ac2a3880516cbb8b4cf84bb8e03bf0500a3736f8bc1928312d7c35",
+ "format": 1
+ },
+ {
"name": "roles/mongodb_mongod/tasks/main.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "52dbf388253cdfc09243b8f3de0ca28f274a82c89e325ab18bbd8aafb5b743a8",
+ "chksum_sha256": "e14ef77e6676c1e39f5be07eeb2392027fb4fb88676c608deb75607e23823018",
"format": 1
},
{
@@ -1628,7 +1698,14 @@
"name": "roles/mongodb_mongod/templates/mongod.conf.j2",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "13f379130e1e18bbc1e0819207beeb4f26d4a52b192fa75de3f125db0390862c",
+ "chksum_sha256": "7640c7f81cf31e93dc02bb1e1b5099ddc1f9b555e5109190f2c252fed81f4b43",
+ "format": 1
+ },
+ {
+ "name": "roles/mongodb_mongod/templates/mongodb.logrotate.j2",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "21ad67a4b7659d49e8d7d0c4533c02b84f1e5d233c427034eaebe0458897096b",
"format": 1
},
{
@@ -1677,7 +1754,7 @@
"name": "roles/mongodb_mongod/README.md",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "4d0e53aee8b83c06980a6350923a8a0e1c6d55e9a48409c21e5c3a0a9a587571",
+ "chksum_sha256": "b1476365276bea045940d237a5aabeec55bb9b33c084e4eb11f898e19a137066",
"format": 1
},
{
@@ -1698,7 +1775,7 @@
"name": "roles/mongodb_mongos/defaults/main.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "01ab55998e3208feebf702cb0e3ffc97cf4f603e5086e994054f2735ba3078bf",
+ "chksum_sha256": "688a38955cb3af4ad91934f5dc605591b9ea7b4ff4409d52c6d467d353ac42e1",
"format": 1
},
{
@@ -1768,21 +1845,21 @@
"name": "roles/mongodb_mongos/molecule/default/molecule.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "702b696ccd89d34c943a966e4185e2473eb9a0f1621411584c08499f16c55a93",
+ "chksum_sha256": "0a092e14ce32979f4898440305e2b6deb139b6e1111d1a2e4931c031cf5d409d",
"format": 1
},
{
"name": "roles/mongodb_mongos/molecule/default/playbook.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "89c6e68e43761ba1c1561cb77854e7e79b32726ee4f03d1d7f7e185ca0bf8883",
+ "chksum_sha256": "531b36ee51c7dbce56828f34f361a11cdbe8be1ab3467886e19c95afd592ad67",
"format": 1
},
{
"name": "roles/mongodb_mongos/molecule/default/prepare.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "158c7741dc6b3aab715292c41dcf01fabbebf01638c97446589ab877ffe22491",
+ "chksum_sha256": "e00402f4e6a834f23823890627199c922e4a9de4f4a7a94cd872e915036afbd2",
"format": 1
},
{
@@ -1852,7 +1929,7 @@
"name": "roles/mongodb_mongos/templates/mongos.conf.j2",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "3dca1de18243e57265866cd9b9b851dac3a1941fdf8da97e93d1c57643108d5f",
+ "chksum_sha256": "fbd7af556a9778eeccce3b0b345a8d2644eae92224393eb17522d9241673d7a7",
"format": 1
},
{
@@ -1908,7 +1985,7 @@
"name": "roles/mongodb_mongos/README.md",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "a13f2fab8aceb7e147ee8f691e050bc65bbf3f6f44495ce6217d567adcf58dd1",
+ "chksum_sha256": "46b03a9992c095fd3813f0aeb108042f0dca6d3034e95347a65b15ef3474ff0e",
"format": 1
},
{
@@ -1985,7 +2062,7 @@
"name": "roles/mongodb_repository/molecule/default/molecule.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "05560652ed31d566d085a225e2b5aeb50c66c54f9c943982fc7ecad4fd0cf4bf",
+ "chksum_sha256": "6e6d921129d528fcd553ea213e652cf3a37c3fe6fe95b57b470fa12ada407a84",
"format": 1
},
{
@@ -2146,7 +2223,7 @@
"name": "roles/mongodb_selinux/molecule/default/molecule.yml",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "90f021d6adf7fe29b9140e6137c0c6c8afa0bdbdfbcb82014f4286d3d0ecf139",
+ "chksum_sha256": "d0b2f513f9d181359b54313f3542e9056262309f68f3dd8cd93eecaad6fbd746",
"format": 1
},
{
@@ -2293,7 +2370,7 @@
"name": "CHANGELOG.rst",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "17b50804c5b444656c29da757e68b4f9769a5a8eba9af7bdc772527943fccb05",
+ "chksum_sha256": "c81479be70033bb9abe13501e9c3eef37936cb74ea74bbfea1d83d9e685c2917",
"format": 1
},
{
@@ -2307,7 +2384,7 @@
"name": "README.md",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "3308be37a3b35aec4053a63147f24db66db009ab48f6c73c9eb976dcc2b4fa94",
+ "chksum_sha256": "30119dbbd021221c84f7447cee3fd266408933a599e51affa2fab12db835bd87",
"format": 1
},
{
diff --git a/ansible_collections/community/mongodb/MANIFEST.json b/ansible_collections/community/mongodb/MANIFEST.json
index 4e225b112..8ae826436 100644
--- a/ansible_collections/community/mongodb/MANIFEST.json
+++ b/ansible_collections/community/mongodb/MANIFEST.json
@@ -2,7 +2,7 @@
"collection_info": {
"namespace": "community",
"name": "mongodb",
- "version": "1.6.0",
+ "version": "1.7.2",
"authors": [
"Ansible (https://github.com/ansible)",
"Rhys Campbell (https://github.com/rhysmeister)",
@@ -11,7 +11,8 @@
"Elliott Foster (http://fourkitchens.com)",
"Loic Blot (http://www.infopro-digital.com/)",
"Matt Martz (https://github.com/sivel)",
- "Jacob Floyd (https://github.com/cognifloyd)"
+ "Jacob Floyd (https://github.com/cognifloyd)",
+ "Martin Schurz (https://github.com/schurzi)"
],
"readme": "README.md",
"tags": [
@@ -35,7 +36,7 @@
"name": "FILES.json",
"ftype": "file",
"chksum_type": "sha256",
- "chksum_sha256": "088440e2e1049c54446ad93e2ba9288528fd68f0451484b75ffbbbd6f0528e24",
+ "chksum_sha256": "4d1c58600e395dade74dad0a4e8ad949bda341bf224312202dcff67516a0a16e",
"format": 1
},
"format": 1
diff --git a/ansible_collections/community/mongodb/README.md b/ansible_collections/community/mongodb/README.md
index cd86c4322..caadf1e93 100644
--- a/ansible_collections/community/mongodb/README.md
+++ b/ansible_collections/community/mongodb/README.md
@@ -1,10 +1,8 @@
# MongoDB Version and PyMongoDB Version Compatibility
-- This collection is tested against the most recent two minor MongoDB releases, currently 5.0.X and 6.0.X.
-- ~This collection is tested against PyMongo version 3.12.X and latest.~ PyMongo 3.12.X dropped on 11.04.2023. Now PyMongo latest only.
-- This collection will not run against any MongoDB version lower than 4.0. You can set *strict_compatibility* to false to override this behaviour but don't expect 100% success. It might be a better approach to use an older release of this collection (1.3.4 or earlier) if you're using an old MongoDB version (3.6 or earlier).
+- This collection is tested against the most recent two minor MongoDB releases, currently 6.0.X and 7.0.X.
+- PyMongo 3.12.X dropped on 11.04.2023. Now PyMongo latest only.
- Compatibility may be maintained for older software versions but is not guaranteed. Please upgrade your PyMongo driver version if you encounter difficulties with older versions.
-- ~Support for PyMongo versions less than 4.X will be dropped in the future.~ [Drop support for pymongo < 4.0?](https://github.com/ansible-collections/community.mongodb/issues/457) - Support for Pymongo < 4.0 now dropped from collection version 1.5.0
# Mongodb Collection
|Category|Status|
@@ -12,10 +10,6 @@
|Github CI|![CI](https://github.com/ansible-collections/community.mongodb/workflows/CI/badge.svg)|
|Codecov|[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/community.mongodb)](https://codecov.io/gh/ansible-collections/community.mongodb)|
|CI Roles|![CI_roles](https://github.com/ansible-collections/community.mongodb/workflows/CI_roles/badge.svg)|
-|AutomatingMongoDBWithAnsible|[![CI-basic](https://github.com/rhysmeister/AutomatingMongoDBWithAnsible/actions/workflows/CI-basic.yml/badge.svg)](https://github.com/rhysmeister/AutomatingMongoDBWithAnsible/actions/workflows/CI-basic.yml)|
-|AutomatingMongoDBWithAnsible|[![CI-etc](https://github.com/rhysmeister/AutomatingMongoDBWithAnsible/actions/workflows/CI-etc.yml/badge.svg)](https://github.com/rhysmeister/AutomatingMongoDBWithAnsible/actions/workflows/CI-etc.yml)|
-|AutomatingMongoDBWithAnsible|[![CI-resync](https://github.com/rhysmeister/AutomatingMongoDBWithAnsible/actions/workflows/CI-resync.yml/badge.svg)](https://github.com/rhysmeister/AutomatingMongoDBWithAnsible/actions/workflows/CI-resync.yml)|
-|AutomatingMongoDBWithAnsible|[![CI-upgrade-downgrade](https://github.com/rhysmeister/AutomatingMongoDBWithAnsible/actions/workflows/CI-upgrade-downgrade.yml/badge.svg)](https://github.com/rhysmeister/AutomatingMongoDBWithAnsible/actions/workflows/CI-upgrade-downgrade.yml)|
|Latest Build|![Build & Publish Collection](https://github.com/ansible-collections/community.mongodb/workflows/Build%20&%20Publish%20Collection/badge.svg)|
This collection called `mongodb` aims at providing all Ansible modules allowing to interact with MongoDB.
@@ -58,7 +52,6 @@ These modules are for any MongoDB cluster (standalone, replicaset, or sharded):
- `community.mongodb.mongodb_index`: Creates or drops indexes on MongoDB collections.
- `community.mongodb.mongodb_info`: Gather information about MongoDB instance.
-- `community.mongodb.mongodb_monitoring`: Manages the [free monitoring](https://docs.mongodb.com/manual/administration/free-monitoring/) feature.
- `community.mongodb.mongodb_oplog`: [Resizes](https://docs.mongodb.com/manual/tutorial/change-oplog-size) the MongoDB oplog (MongoDB 3.6+ only).
- `community.mongodb.mongodb_parameter`: Change an administrative parameter on a MongoDB server.
- `community.mongodb.mongodb_role`: Manage [MongoDB Roles](https://www.mongodb.com/docs/upcoming/tutorial/manage-users-and-roles/).
@@ -81,6 +74,12 @@ These modules are only useful for sharded MongoDB clusters:
- `community.mongodb.mongodb_shard_tag`: Manage Shard Tags.
- `community.mongodb.mongodb_shard_zone`: Manage Shard Zones.
+These modules are only useful for MongoDB Atlas clusters:
+
+- `community.mongodb.mongodb_atlas_cluster`: Manage MongoDB clusters in Atlas.
+- `community.mongodb.mongodb_atlas_ldap_user`: Manage LDAP users in Atlas.
+- `community.mongodb.mongodb_atlas_user`: Manage users in Atlas.
+- `community.mongodb.mongodb_atlas_whitelist`: Manage IP whitelists in Atlas.
## community.mongodb Role Tags
@@ -111,6 +110,14 @@ These tags apply to the specific roles as indicated.
|mongodb_auth|admin_user|Tasks that work with the MongoDB Administrator user.|
|mongodb_auth|app_user|Tasks that work with MongoDB app users.|
+## Usage Examples
+
+The following links provide various examples for how the community.mongodb roles and modules can be used in real projects.
+
+* https://github.com/rhysmeister/AutomatingMongoDBWithAnsible (no longer maintained)
+* https://github.com/superset1/Ansible_role_mongodb
+* https://github.com/ansible-collections/community.mongodb/tree/master/roles/ROLENAME/molecule (replace ROLENAME, some full examples that we use in our testing)
+
## Running the integration and unit tests
* Requirements
@@ -133,14 +140,6 @@ mkdir -p git/ansible_collections/community
cd git/ansible_collections/community
```
-# Usage Examples
-
-The following links provide various exampels for how the community.mongodb roles and modules can be used in real projects.
-
-* https://github.com/rhysmeister/AutomatingMongoDBWithAnsible (no longer maintained)
-* https://github.com/superset1/Ansible_role_mongodb
-* https://github.com/ansible-collections/community.mongodb/tree/master/roles/ROLENAME/molecule (replace ROLENAME, some full examples that we use in our testing)
-
* Clone the required projects.
```bash
diff --git a/ansible_collections/community/mongodb/changelogs/changelog.yaml b/ansible_collections/community/mongodb/changelogs/changelog.yaml
index 7ad33ab5c..7f608d606 100644
--- a/ansible_collections/community/mongodb/changelogs/changelog.yaml
+++ b/ansible_collections/community/mongodb/changelogs/changelog.yaml
@@ -199,8 +199,8 @@ releases:
- 440 - Fix incorrect alias ssl_crlfile.
- 450 - Fix issues with mongodb_replicaset connecting with the pymongo 4.0.X driver.
minor_changes:
- - 450 - mongodb_replicaset. Introduce cluster_cmd parameter. Can be set to isMaster or hello.
- hello is the default. isMaster is useful for older versions of MongoDB.
+ - 450 - mongodb_replicaset. Introduce cluster_cmd parameter. Can be set to isMaster or hello.
+ hello is the default. isMaster is useful for older versions of MongoDB.
See [db.hello()](https://www.mongodb.com/docs/manual/reference/method/db.hello/) for more.
1.3.4:
release_summary: |
@@ -212,7 +212,7 @@ releases:
This release is a maintenance release. Pymongo versions 3.12.* or 4.* are now required. MongoDB version 4+ are also required but can be overriden if desired.
major_changes:
- 470 - Removes depreciated distutils package and require Pymongo 3.12+ and MongoDB 4+
- Adds a new parameter strict_compatibility (default true).
+ Adds a new parameter strict_compatibility (default true).
Set to false to disable Pymongo and MongoDB requirements.
1.4.1:
release_summary: |
@@ -247,7 +247,7 @@ releases:
- 540 mongodb_replicaset - replicaset member priority updates.
- 488 mongodb_info - Better handling of json data types.
modules:
- - description:
+ - description:
- Manage MongoDB User Roles (#530).
name: mongodb_role
namespace: community
@@ -269,4 +269,64 @@ releases:
This release is a maintenance release.
minor_changes:
- 569 - All pymongo modules - Better support for MongoDB Atlas.
- - 568 - Minor documentation updates. \ No newline at end of file
+ - 568 - Minor documentation updates.
+ 1.6.1:
+ release_summary: |
+ This release is a maintenance release.
+ minor_changes:
+ - 578 - mongodb_role - More robust comparison of user roles.
+ 1.6.2:
+ release_summary: |
+ This release is a maintenance release.
+ minor_changes:
+ - 583 - mongodb_linux - Add vars for RedHat 9 to role.
+ - 586 - mongodb_auth - Add ssl vars to role.
+ - 589 - mongodb_linux - Adds vars to better handle ntp package installation and handling.
+ - 588 - mongodb_linux - Default ntp system to systemd-timesyncd for Debian12.
+ - 593 - mongodb_linux - Add vm.max_map_count = 128000 sysctl config.
+ - 597 - mongodb_monitoring - Module has been deleted as Free Monitoring service has been stopped.
+ - 595 - mongodb_linux - Improvements to transparent_hugepage handling.
+ 1.6.3:
+ release_summary: |
+ This release is a maintenance release.
+ minor_changes:
+ - 600 - Remove delete module from README.md.
+ - 601 - mongodb_install - Fix issue with specific_mongodb_version on RedHat OS family.
+ 1.7.0:
+ release_summary: |
+ This release is a maintenance release.
+ minor_changes:
+ - 622 - mongodb_mongod - Allow systemd configuration override.
+ - 620 - mongodb_common - Use SSL constants in shared connection code.
+ - 609 - mongodb_mongod, mongodb_mongos, mongodb_config - support for allowConnectionsWithoutCertificates.
+ - 605 - mongodb_mongod, mongodb_mongos, mongodb_config - support for security.disabledProtocols.
+ bugfixes:
+ - 614 - mongodb_replicaset - Count voting members based on the sum of "votes" and using a comprehension list.
+ - 611 - mongodb_role - lambda function changed to support non-existing keys.
+ modules:
+ - description:
+ - Manage database clusters in Atlas (#612)
+ name: mongodb_atlas_cluster
+ namespace: community
+ - description:
+ - Manage LDAP users in Atlas (#612)
+ name: mongodb_atlas_ldap_user
+ namespace: community
+ - description:
+ - Manage database users in Atlas (#612)
+ name: mongodb_atlas_user
+ namespace: community
+ - description:
+ - Manage IP whitelists in Atlas (#612)
+ name: mongodb_atlas_whitelist
+ namespace: community
+ 1.7.1:
+ release_summary: |
+ This release is a maintenance release.
+ bugfixes:
+ - 631 - cache/mongodb.py - Support pymongo 4.0+. This plugin no longer support pymongo 3.12.*.
+ 1.7.2:
+ release_summary: |
+ This release is a maintenance release.
+ bugfixes:
+ - 638 - mongodb_replicaset - Allow module to update replicaset horizons.
diff --git a/ansible_collections/community/mongodb/plugins/cache/mongodb.py b/ansible_collections/community/mongodb/plugins/cache/mongodb.py
index b51b7b293..0fa7a2cd8 100644
--- a/ansible_collections/community/mongodb/plugins/cache/mongodb.py
+++ b/ansible_collections/community/mongodb/plugins/cache/mongodb.py
@@ -182,7 +182,7 @@ class CacheModule(BaseCacheModule):
def contains(self, key):
with self._collection() as collection:
- return bool(collection.count({'_id': self._make_key(key)}))
+ return bool(collection.count_documents({'_id': self._make_key(key)}))
def delete(self, key):
del self._cache[key]
diff --git a/ansible_collections/community/mongodb/plugins/doc_fragments/atlas_options.py b/ansible_collections/community/mongodb/plugins/doc_fragments/atlas_options.py
new file mode 100644
index 000000000..dfdee3325
--- /dev/null
+++ b/ansible_collections/community/mongodb/plugins/doc_fragments/atlas_options.py
@@ -0,0 +1,54 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (c) 2021 T-Systems MMS
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+#
+# This module is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This software is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this software. If not, see <http://www.gnu.org/licenses/>.
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+
+class ModuleDocFragment(object):
+ # Documentation for global options that are always the same
+ DOCUMENTATION = r'''
+options:
+ api_username:
+ description:
+ - The username for use in authentication with the Atlas API.
+ - Can use API users and tokens (public key is username)
+ type: str
+ required: True
+ aliases: [apiUsername]
+ api_password:
+ description:
+ - The password for use in authentication with the Atlas API.
+ - Can use API users and tokens (private key is password)
+ type: str
+ required: True
+ aliases: [apiPassword]
+ group_id:
+ description:
+ - Unique identifier for the Atlas project.
+ type: str
+ required: True
+ aliases: [groupId]
+ state:
+ description:
+ - State of the ressource.
+ choices: [ "present", "absent" ]
+ default: present
+ type: str
+'''
diff --git a/ansible_collections/community/mongodb/plugins/module_utils/mongodb_atlas.py b/ansible_collections/community/mongodb/plugins/module_utils/mongodb_atlas.py
new file mode 100644
index 000000000..a32f3e1de
--- /dev/null
+++ b/ansible_collections/community/mongodb/plugins/module_utils/mongodb_atlas.py
@@ -0,0 +1,220 @@
+# -*- coding: utf-8 -*-
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+import json
+from collections import defaultdict
+
+from ansible.module_utils.urls import fetch_url
+
+try:
+ from urllib import quote
+except ImportError:
+ # noinspection PyCompatibility, PyUnresolvedReferences
+ from urllib.parse import (
+ quote,
+ ) # pylint: disable=locally-disabled, import-error, no-name-in-module
+
+
+class AtlasAPIObject:
+ module = None
+
+ def __init__(
+ self, module, object_name, group_id, path, data, data_is_array=False
+ ):
+ self.module = module
+ self.path = path
+ self.data = data
+ self.group_id = group_id
+ self.object_name = object_name
+ self.data_is_array = data_is_array
+
+ self.module.params["url_username"] = self.module.params["api_username"]
+ self.module.params["url_password"] = self.module.params["api_password"]
+
+ def call_url(self, path, data="", method="GET"):
+ headers = {
+ "Accept": "application/json",
+ "Content-Type": "application/json",
+ }
+
+ if self.data_is_array and data != "":
+ data = "[" + data + "]"
+
+ url = (
+ "https://cloud.mongodb.com/api/atlas/v1.0/groups/"
+ + self.group_id
+ + path
+ )
+ rsp, info = fetch_url(
+ module=self.module,
+ url=url,
+ data=data,
+ headers=headers,
+ method=method,
+ )
+
+ content = ""
+ error = ""
+ if rsp and info["status"] not in (204, 404):
+ content = json.loads(rsp.read())
+ if info["status"] >= 400:
+ try:
+ content = json.loads(info["body"])
+ error = content["reason"]
+ if "detail" in content:
+ error += ". Detail: " + content["detail"]
+ except ValueError:
+ error = info["msg"]
+ if info["status"] < 0:
+ error = info["msg"]
+ return {"code": info["status"], "data": content, "error": error}
+
+ def exists(self):
+ additional_path = ""
+ if self.path == "/databaseUsers":
+ additional_path = "/admin"
+ ret = self.call_url(
+ path=self.path
+ + additional_path
+ + "/"
+ + quote(self.data[self.object_name], "")
+ )
+ if ret["code"] == 200:
+ return True
+ return False
+
+ def create(self):
+ ret = self.call_url(
+ path=self.path,
+ data=self.module.jsonify(self.data),
+ method="POST",
+ )
+ return ret
+
+ def delete(self):
+ additional_path = ""
+ if self.path == "/databaseUsers":
+ additional_path = "/admin"
+ ret = self.call_url(
+ path=self.path
+ + additional_path
+ + "/"
+ + quote(self.data[self.object_name], ""),
+ method="DELETE",
+ )
+ return ret
+
+ def modify(self):
+ additional_path = ""
+ if self.path == "/databaseUsers":
+ additional_path = "/admin"
+ ret = self.call_url(
+ path=self.path
+ + additional_path
+ + "/"
+ + quote(self.data[self.object_name], ""),
+ data=self.module.jsonify(self.data),
+ method="PATCH",
+ )
+ return ret
+
+ def diff(self):
+ additional_path = ""
+ if self.path == "/databaseUsers":
+ additional_path = "/admin"
+ ret = self.call_url(
+ path=self.path
+ + additional_path
+ + "/"
+ + quote(self.data[self.object_name], ""),
+ method="GET",
+ )
+
+ data_from_atlas = json.loads(self.module.jsonify(ret["data"]))
+ data_from_task = json.loads(self.module.jsonify(self.data))
+
+ diff = defaultdict(dict)
+ for key, value in data_from_atlas.items():
+ if key in data_from_task.keys() and value != data_from_task[key]:
+ diff["before"][key] = "{val}".format(val=value)
+ diff["after"][key] = "{val}".format(val=data_from_task[key])
+ return diff
+
+ def update(self, state):
+ changed = False
+ diff_result = {"before": "", "after": ""}
+ if self.exists():
+ diff_result.update({"before": "state: present\n"})
+ if state == "absent":
+ if self.module.check_mode:
+ diff_result.update({"after": "state: absent\n"})
+ self.module.exit_json(
+ changed=True,
+ object_name=self.data[self.object_name],
+ diff=diff_result,
+ )
+ else:
+ try:
+ ret = self.delete()
+ if ret["code"] == 204 or ret["code"] == 202:
+ changed = True
+ diff_result.update({"after": "state: absent\n"})
+ else:
+ self.module.fail_json(
+ msg="bad return code while deleting: %d. Error message: %s"
+ % (ret["code"], ret["error"])
+ )
+ except Exception as e:
+ self.module.fail_json(
+ msg="exception when deleting: " + str(e)
+ )
+
+ else:
+ diff_result.update(self.diff())
+ if self.module.check_mode:
+ if diff_result["after"] != "":
+ changed = True
+ self.module.exit_json(
+ changed=changed,
+ object_name=self.data[self.object_name],
+ data=self.data,
+ diff=diff_result,
+ )
+ if diff_result["after"] != "":
+ if self.path == "/whitelist":
+ ret = self.create()
+ else:
+ ret = self.modify()
+ if ret["code"] == 200 or ret["code"] == 201:
+ changed = True
+ else:
+ self.module.fail_json(
+ msg="bad return code while modifying: %d. Error message: %s"
+ % (ret["code"], ret["error"])
+ )
+
+ else:
+ diff_result.update({"before": "state: absent\n"})
+ if state == "present":
+ if self.module.check_mode:
+ changed = True
+ diff_result.update({"after": "state: created\n"})
+ else:
+ try:
+ ret = self.create()
+ if ret["code"] == 201:
+ changed = True
+ diff_result.update({"after": "state: created\n"})
+ else:
+ self.module.fail_json(
+ msg="bad return code while creating: %d. Error message: %s"
+ % (ret["code"], ret["error"])
+ )
+ except Exception as e:
+ self.module.fail_json(
+ msg="exception while creating: " + str(e)
+ )
+ return changed, diff_result
diff --git a/ansible_collections/community/mongodb/plugins/module_utils/mongodb_common.py b/ansible_collections/community/mongodb/plugins/module_utils/mongodb_common.py
index e1ab27293..2a748b96f 100644
--- a/ansible_collections/community/mongodb/plugins/module_utils/mongodb_common.py
+++ b/ansible_collections/community/mongodb/plugins/module_utils/mongodb_common.py
@@ -168,9 +168,9 @@ def rename_ssl_option_for_pymongo4(connection_options):
when the driver use is >= PyMongo 4
"""
if int(PyMongoVersion[0]) >= 4:
- if connection_options.get('ssl_cert_reqs', None) == 'CERT_NONE':
- connection_options['tlsAllowInvalidCertificates'] = False
- elif connection_options.get('ssl_cert_reqs', None) == 'CERT_REQUIRED':
+ if connection_options.get('ssl_cert_reqs', None) in ('CERT_NONE', ssl_lib.CERT_NONE):
+ connection_options['tlsAllowInvalidCertificates'] = True
+ elif connection_options.get('ssl_cert_reqs', None) in ('CERT_REQUIRED', ssl_lib.CERT_REQUIRED):
connection_options['tlsAllowInvalidCertificates'] = False
connection_options.pop('ssl_cert_reqs', None)
if connection_options.get('ssl_ca_certs', None) is not None:
@@ -395,6 +395,7 @@ def member_dicts_different(conf, member_config):
"hidden": False,
"priority": {"nonarbiter": 1.0, "arbiter": 0},
"tags": {},
+ "horizons": {},
"secondardDelaySecs": 0,
"votes": 1
}
diff --git a/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_cluster.py b/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_cluster.py
new file mode 100644
index 000000000..e8aa6e43f
--- /dev/null
+++ b/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_cluster.py
@@ -0,0 +1,238 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Copyright (c) 2020 T-Systems MMS
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+#
+# This module is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This software is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this software. If not, see <http://www.gnu.org/licenses/>.
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: mongodb_atlas_cluster
+short_description: Manage database clusters in Atlas
+description:
+ - The clusters module provides access to your cluster configurations.
+ - The module lets you create, edit and delete clusters.
+ - L(API Documentation,https://docs.atlas.mongodb.com/reference/api/clusters/)
+author: "Martin Schurz (@schurzi)"
+extends_documentation_fragment: community.mongodb.atlas_options
+options:
+ name:
+ description:
+ - Name of the cluster as it appears in Atlas. Once the cluster is created, its name cannot be changed.
+ type: str
+ required: True
+ mongo_db_major_version:
+ description:
+ - Version of the cluster to deploy.
+ - Atlas always deploys the cluster with the latest stable release of the specified version.
+ - You can upgrade to a newer version of MongoDB when you modify a cluster.
+ choices: [ "4.2", "4.4", "5.0", "6.0", "7.0" ]
+ type: str
+ aliases: [ "mongoDBMajorVersion" ]
+ cluster_type:
+ description:
+ - Type of the cluster that you want to create.
+ choices: [ "REPLICASET", "SHARDED" ]
+ default: "REPLICASET"
+ type: str
+ aliases: [ "clusterType" ]
+ replication_factor:
+ description:
+ - Number of replica set members. Each member keeps a copy of your databases, providing high availability and data redundancy.
+ choices: [ 3, 5, 7 ]
+ default: 3
+ type: int
+ aliases: [ "replicationFactor" ]
+ auto_scaling:
+ description:
+ - Configure your cluster to automatically scale its storage and cluster tier.
+ suboptions:
+ disk_gb_enabled:
+ type: bool
+ description:
+ - Specifies whether disk auto-scaling is enabled. The default is true.
+ aliases: [ "diskGBEnabled" ]
+ required: False
+ type: dict
+ aliases: [ "autoScaling" ]
+ provider_settings:
+ description:
+ - Configuration for the provisioned servers on which MongoDB runs.
+ - The available options are specific to the cloud service provider.
+ suboptions:
+ provider_name:
+ required: True
+ type: str
+ description:
+ - Cloud service provider on which the servers are provisioned.
+ aliases: [ "providerName" ]
+ region_name:
+ required: True
+ type: str
+ description:
+ - Physical location of your MongoDB cluster.
+ aliases: [ "regionName" ]
+ instance_size_name:
+ required: True
+ type: str
+ description:
+ - Atlas provides different cluster tiers, each with a default storage capacity and RAM size.
+ - The cluster you select is used for all the data-bearing servers in your cluster tier.
+ aliases: [ "instanceSizeName" ]
+ required: True
+ type: dict
+ aliases: [ "providerSettings" ]
+ disk_size_gb:
+ description:
+ - Capacity, in gigabytes, of the host's root volume. Increase this number to add capacity,
+ up to a maximum possible value of 4096 (i.e., 4 TB). This value must be a positive integer.
+ type: int
+ aliases: [ "diskSizeGB" ]
+ provider_backup_enabled:
+ description:
+ - Flag that indicates if the cluster uses Cloud Backups for backups.
+ type: bool
+ aliases: [ "providerBackupEnabled" ]
+ pit_enabled:
+ description:
+ - Flag that indicates the cluster uses continuous cloud backups.
+ type: bool
+ aliases: [ "pitEnabled" ]
+'''
+
+EXAMPLES = '''
+ - name: test cluster
+ community.mongodb.mongodb_atlas_cluster:
+ api_username: "API_user"
+ api_password: "API_passwort_or_token"
+ group_id: "GROUP_ID"
+ name: "testcluster"
+ mongo_db_major_version: "4.0"
+ cluster_type: "REPLICASET"
+ provider_settings:
+ provider_name: "GCP"
+ region_name: "EUROPE_WEST_3"
+ instance_size_name: "M10"
+...
+'''
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.community.mongodb.plugins.module_utils.mongodb_atlas import (
+ AtlasAPIObject,
+)
+
+
+# ===========================================
+# Module execution.
+#
+def main():
+ # add our own arguments
+ argument_spec = dict(
+ state=dict(default="present", choices=["absent", "present"]),
+ api_username=dict(required=True, aliases=['apiUsername']),
+ api_password=dict(required=True, no_log=True, aliases=['apiPassword']),
+ group_id=dict(required=True, aliases=['groupId']),
+ name=dict(required=True),
+ mongo_db_major_version=dict(
+ choices=["4.2", "4.4", "5.0", "6.0", "7.0"],
+ aliases=["mongoDBMajorVersion"]
+ ),
+ cluster_type=dict(
+ default="REPLICASET", choices=["REPLICASET", "SHARDED"],
+ aliases=["clusterType"]
+ ),
+ replication_factor=dict(default=3, type="int", choices=[3, 5, 7], aliases=["replicationFactor"]),
+ auto_scaling=dict(
+ type="dict",
+ options=dict(
+ disk_gb_enabled=dict(type="bool", aliases=["diskGBEnabled"]),
+ ),
+ aliases=["autoScaling"]
+ ),
+ provider_settings=dict(
+ type="dict",
+ required=True,
+ options=dict(
+ provider_name=dict(required=True, aliases=["providerName"]),
+ region_name=dict(required=True, aliases=["regionName"]),
+ instance_size_name=dict(required=True, aliases=["instanceSizeName"]),
+ ),
+ aliases=["providerSettings"]
+ ),
+ disk_size_gb=dict(type="int", aliases=["diskSizeGB"]),
+ provider_backup_enabled=dict(type="bool", aliases=["providerBackupEnabled"]),
+ pit_enabled=dict(type="bool", aliases=["pitEnabled"]),
+ )
+
+ # Define the main module
+ module = AnsibleModule(
+ argument_spec=argument_spec, supports_check_mode=True
+ )
+
+ data = {
+ "name": module.params["name"],
+ "clusterType": module.params["cluster_type"],
+ "replicationFactor": module.params["replication_factor"],
+ "providerSettings": {
+ "providerName": module.params["provider_settings"]["provider_name"],
+ "regionName": module.params["provider_settings"]["region_name"],
+ "instanceSizeName": module.params["provider_settings"]["instance_size_name"],
+ }
+ }
+
+ # handle optional options
+ optional_vars = {
+ "mongo_db_major_version": "mongoDBMajorVersion",
+ "auto_scaling": "autoScaling",
+ "disk_size_gb": "diskSizeGB",
+ "provider_backup_enabled": "providerBackupEnabled",
+ "pit_enabled": "pitEnabled",
+ }
+
+ for key in optional_vars:
+ if module.params[key] is not None:
+ if key == "auto_scaling":
+ data.update({optional_vars[key]: {"diskGBEnabled": module.params[key]["disk_gb_enabled"]}})
+ else:
+ data.update({optional_vars[key]: module.params[key]})
+
+ try:
+ atlas = AtlasAPIObject(
+ module=module,
+ path="/clusters",
+ object_name="name",
+ group_id=module.params["group_id"],
+ data=data,
+ )
+ except Exception as e:
+ module.fail_json(
+ msg="unable to connect to Atlas API. Exception message: %s" % e
+ )
+
+ changed, diff = atlas.update(module.params["state"])
+ module.exit_json(
+ changed=changed,
+ data=atlas.data,
+ diff=diff,
+ )
+
+
+# import module snippets
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_ldap_user.py b/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_ldap_user.py
new file mode 100644
index 000000000..e816a264c
--- /dev/null
+++ b/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_ldap_user.py
@@ -0,0 +1,165 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Copyright (c) 2020 T-Systems MMS
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+#
+# This module is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This software is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this software. If not, see <http://www.gnu.org/licenses/>.
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: mongodb_atlas_ldap_user
+short_description: Manage LDAP users in Atlas
+description:
+ - The mongodb_atlas_ldap_user module lets you create LDAP groups on the admin database by mapping LDAP groups to MongoDB roles on your Atlas databases.
+ - Each user or group has a set of roles that provide access to the project's databases.
+ - L(API Documentation,https://docs.atlas.mongodb.com/security-ldaps/)
+author: "Martin Schurz (@schurzi) / Derek Giri"
+extends_documentation_fragment: community.mongodb.atlas_options
+options:
+ database_name:
+ description:
+ - Database against which Atlas authenticates the user.
+ choices: ["admin", "$external"]
+ default: "admin"
+ type: str
+ aliases: [ "databaseName" ]
+ ldap_auth_type:
+ description:
+ - Type of LDAP authorization for the user i.e. USER or GROUP
+ choices: ["GROUP", "USER"]
+ default: "GROUP"
+ type: str
+ aliases: [ "ldapAuthType" ]
+ username:
+ description:
+ - Username for authenticating to MongoDB.
+ required: true
+ type: str
+ roles:
+ description:
+ - Array of this user's roles and the databases / collections on which the roles apply.
+ - A role must include folliwing elements
+ suboptions:
+ database_name:
+ required: true
+ type: str
+ description:
+ - Database on which the user has the specified role.
+ - A role on the admin database can include privileges that apply to the other databases.
+ aliases: [ "databaseName" ]
+ role_name:
+ required: true
+ type: str
+ description:
+ - Name of the role. This value can either be a built-in role or a custom role.
+ aliases: ["roleName" ]
+ required: true
+ type: list
+ elements: dict
+'''
+
+EXAMPLES = '''
+ - name: LDAP Group or Username
+ community.mongodb.mongodb_atlas_ldap_user:
+ api_username: "API_user"
+ api_password: "API_passwort_or_token"
+ atlas_ldap_user: "USER DN or GROUP DN"
+ group_id: "GROUP_ID"
+ database_name: "admin"
+ username: my_app_user
+ roles:
+ - database_name: private_info
+ role_name: read
+ - database_name: public_info
+ role_name: readWrite
+'''
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.community.mongodb.plugins.module_utils.mongodb_atlas import (
+ AtlasAPIObject,
+)
+
+
+# ===========================================
+# Module execution.
+#
+def main():
+ # add our own arguments
+ argument_spec = dict(
+ state=dict(default="present", choices=["absent", "present"]),
+ api_username=dict(required=True, aliases=['apiUsername']),
+ api_password=dict(required=True, no_log=True, aliases=['apiPassword']),
+ group_id=dict(required=True, aliases=['groupId']),
+ ldap_auth_type=dict(default="GROUP", choices=["GROUP", "USER"], aliases=["ldapAuthType"]),
+ database_name=dict(default="admin", choices=["admin", "$external"], aliases=["databaseName"]),
+ username=dict(required=True),
+ roles=dict(
+ required=True,
+ type="list",
+ elements="dict",
+ options=dict(
+ database_name=dict(required=True, aliases=["databaseName"]),
+ role_name=dict(required=True, aliases=["roleName"]),
+ ),
+ ),
+ )
+
+ # Define the main module
+ module = AnsibleModule(
+ argument_spec=argument_spec, supports_check_mode=True
+ )
+
+ data = {
+ "databaseName": module.params["database_name"],
+ "ldapAuthType": module.params["ldap_auth_type"],
+ "username": module.params["username"],
+ "roles": [],
+ }
+
+ # remap keys to API format
+ for role in module.params.get("roles"):
+ data["roles"].append({
+ "databaseName": role.get("database_name"),
+ "roleName": role.get("role_name")
+ })
+
+ try:
+ atlas = AtlasAPIObject(
+ module=module,
+ path="/databaseUsers",
+ object_name="username",
+ group_id=module.params["group_id"],
+ data=data,
+ )
+ except Exception as e:
+ module.fail_json(
+ msg="unable to connect to Atlas API. Exception message: %s" % e
+ )
+
+ changed, diff = atlas.update(module.params["state"])
+ module.exit_json(
+ changed=changed,
+ data=atlas.data,
+ diff=diff,
+ )
+
+
+# import module snippets
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_user.py b/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_user.py
new file mode 100644
index 000000000..ac8427b03
--- /dev/null
+++ b/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_user.py
@@ -0,0 +1,196 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Copyright (c) 2020 T-Systems MMS
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+#
+# This module is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This software is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this software. If not, see <http://www.gnu.org/licenses/>.
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: mongodb_atlas_user
+short_description: Manage database users in Atlas
+description:
+ - The mongodb_atlas_user module lets you create, modify and delete the database users in your cluster.
+ - Each user has a set of roles that provide access to the project's databases.
+ - A user's roles apply to all the clusters in the project
+ - if two clusters have a products database and a user has a role granting read access on the products database,
+ - the user has that access on both clusters.
+ - L(API Documentation,https://docs.atlas.mongodb.com/reference/api/database-users/)
+author: "Martin Schurz (@schurzi)"
+extends_documentation_fragment: community.mongodb.atlas_options
+options:
+ database_name:
+ description:
+ - Database against which Atlas authenticates the user.
+ choices: ["admin", "$external"]
+ default: "admin"
+ type: str
+ aliases: [ "databaseName" ]
+ username:
+ description:
+ - Username for authenticating to MongoDB.
+ required: true
+ type: str
+ password:
+ description:
+ - User's password.
+ required: true
+ type: str
+ roles:
+ description:
+ - Array of this user's roles and the databases / collections on which the roles apply.
+ - A role must include following elements
+ suboptions:
+ database_name:
+ required: true
+ type: str
+ description:
+ - Database on which the user has the specified role.
+ - A role on the admin database can include privileges that apply to the other databases.
+ aliases: [ "databaseName" ]
+ role_name:
+ required: true
+ type: str
+ description:
+ - Name of the role. This value can either be a built-in role or a custom role.
+ aliases: [ "roleName" ]
+ required: true
+ type: list
+ elements: dict
+ scopes:
+ description:
+ - List of clusters and Atlas Data Lakes that this user can access.
+ - Atlas grants database users access to all resources by default.
+ suboptions:
+ name:
+ required: true
+ type: str
+ description:
+ - Name of the cluster or Atlas Data Lake that the database user can access.
+ type:
+ type: str
+ choices: ["CLUSTER", "DATA_LAKE"]
+ default: "CLUSTER"
+ description:
+ - Type of resource that the database user can access.
+ required: false
+ default: []
+ type: list
+ elements: dict
+'''
+
+EXAMPLES = '''
+ - name: test user
+ community.mongodb.mongodb_atlas_user:
+ api_username: "API_user"
+ api_password: "API_passwort_or_token"
+ group_id: "GROUP_ID"
+ username: my_app_user
+ password: SuperSecret!
+ roles:
+ - database_name: private_info
+ role_name: read
+ - database_name: public_info
+ role_name: readWrite
+'''
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.community.mongodb.plugins.module_utils.mongodb_atlas import (
+ AtlasAPIObject,
+)
+
+
+# ===========================================
+# Module execution.
+#
+def main():
+ # add our own arguments
+ argument_spec = dict(
+ state=dict(default="present", choices=["absent", "present"]),
+ api_username=dict(required=True, aliases=['apiUsername']),
+ api_password=dict(required=True, no_log=True, aliases=['apiPassword']),
+ group_id=dict(required=True, aliases=['groupId']),
+ database_name=dict(default="admin", choices=["admin", "$external"], aliases=["databaseName"]),
+ username=dict(required=True),
+ password=dict(required=True, no_log=True),
+ roles=dict(
+ required=True,
+ type="list",
+ elements="dict",
+ options=dict(
+ database_name=dict(required=True, aliases=["databaseName"]),
+ role_name=dict(required=True, aliases=["roleName"]),
+ ),
+ ),
+ scopes=dict(
+ required=False,
+ type="list",
+ elements="dict",
+ options=dict(
+ name=dict(required=True),
+ type=dict(default="CLUSTER", choices=["CLUSTER", "DATA_LAKE"]),
+ ),
+ default=[],
+ ),
+ )
+
+ # Define the main module
+ module = AnsibleModule(
+ argument_spec=argument_spec, supports_check_mode=True
+ )
+
+ data = {
+ "databaseName": module.params["database_name"],
+ "username": module.params["username"],
+ "password": module.params["password"],
+ "roles": [],
+ "scopes": module.params["scopes"],
+ }
+
+ # remap keys to API format
+ for role in module.params.get("roles"):
+ data["roles"].append({
+ "databaseName": role.get("database_name"),
+ "roleName": role.get("role_name")
+ })
+
+ try:
+ atlas = AtlasAPIObject(
+ module=module,
+ path="/databaseUsers",
+ object_name="username",
+ group_id=module.params["group_id"],
+ data=data,
+ )
+ except Exception as e:
+ module.fail_json(
+ msg="unable to connect to Atlas API. Exception message: %s" % e
+ )
+
+ changed, diff = atlas.update(module.params["state"])
+ module.exit_json(
+ changed=changed,
+ data=atlas.data,
+ diff=diff,
+ )
+
+
+# import module snippets
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_whitelist.py b/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_whitelist.py
new file mode 100644
index 000000000..5354321a6
--- /dev/null
+++ b/ansible_collections/community/mongodb/plugins/modules/mongodb_atlas_whitelist.py
@@ -0,0 +1,111 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Copyright (c) 2020 T-Systems MMS
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+#
+# This module is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This software is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this software. If not, see <http://www.gnu.org/licenses/>.
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: mongodb_atlas_whitelist
+short_description: Manage IP whitelists in Atlas
+description:
+ - The mongodb_atlas_whitelist module manages a Atlas project's IP whitelist.
+ - L(API Documentation,https://docs.atlas.mongodb.com/reference/api/whitelist/)
+author: "Martin Schurz (@schurzi)"
+extends_documentation_fragment: community.mongodb.atlas_options
+options:
+ cidr_block:
+ description:
+ - Whitelist entry in Classless Inter-Domain Routing (CIDR) notation.
+ type: str
+ required: True
+ aliases: [ "cidrBlock" ]
+ comment:
+ description:
+ - Optional Comment associated with the whitelist entry.
+ type: str
+ default: "created by Ansible"
+'''
+
+EXAMPLES = '''
+ - name: test whitelist
+ community.mongodb.mongodb_atlas_whitelist:
+ api_username: "API_user"
+ api_password: "API_passwort_or_token"
+ group_id: "GROUP_ID"
+ cidr_block: "192.168.0.0/24"
+ comment: "test"
+'''
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.community.mongodb.plugins.module_utils.mongodb_atlas import (
+ AtlasAPIObject,
+)
+
+
+# ===========================================
+# Module execution.
+#
+def main():
+ # add our own arguments
+ argument_spec = dict(
+ state=dict(default="present", choices=["absent", "present"]),
+ api_username=dict(required=True, aliases=['apiUsername']),
+ api_password=dict(required=True, no_log=True, aliases=['apiPassword']),
+ group_id=dict(required=True, aliases=['groupId']),
+ cidr_block=dict(required=True, aliases=["cidrBlock"]),
+ comment=dict(default="created by Ansible"),
+ )
+
+ # Define the main module
+ module = AnsibleModule(
+ argument_spec=argument_spec, supports_check_mode=True
+ )
+
+ data = {
+ "cidrBlock": module.params["cidr_block"],
+ "comment": module.params["comment"],
+ }
+
+ try:
+ atlas = AtlasAPIObject(
+ module=module,
+ path="/whitelist",
+ object_name="cidrBlock",
+ group_id=module.params["group_id"],
+ data=data,
+ data_is_array=True,
+ )
+ except Exception as e:
+ module.fail_json(
+ msg="unable to connect to Atlas API. Exception message: %s" % e
+ )
+
+ changed, diff = atlas.update(module.params["state"])
+ module.exit_json(
+ changed=changed,
+ data=atlas.data,
+ diff=diff,
+ )
+
+
+# import module snippets
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/community/mongodb/plugins/modules/mongodb_balancer.py b/ansible_collections/community/mongodb/plugins/modules/mongodb_balancer.py
index 0e9b33a34..77ce37ed0 100644
--- a/ansible_collections/community/mongodb/plugins/modules/mongodb_balancer.py
+++ b/ansible_collections/community/mongodb/plugins/modules/mongodb_balancer.py
@@ -29,6 +29,8 @@ options:
autosplit:
description:
- Disable or enable the autosplit flag in the config.settings collection.
+ - From MongoDB 6.1 automatic chunk splitting is not performed so this parameter is not valid in this and later versions. See more see [enableAutoSplit](https://www.mongodb.com/docs/manual/reference/method/sh.enableAutoSplit/). # noqa: E501
+ - This parameter is deprecated and will be removed in a future release.
required: false
type: bool
chunksize:
diff --git a/ansible_collections/community/mongodb/plugins/modules/mongodb_monitoring.py b/ansible_collections/community/mongodb/plugins/modules/mongodb_monitoring.py
deleted file mode 100644
index d399a9907..000000000
--- a/ansible_collections/community/mongodb/plugins/modules/mongodb_monitoring.py
+++ /dev/null
@@ -1,197 +0,0 @@
-#!/usr/bin/python
-
-# Copyright: (c) 2021, Rhys Campbell rhyscampbell@blueiwn.ch
-# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
-
-from __future__ import absolute_import, division, print_function
-__metaclass__ = type
-
-
-DOCUMENTATION = r'''
----
-module: mongodb_monitoring
-short_description: Manages the free monitoring feature.
-description:
- - Manages the free monitoring feature.
- - Optionally return the monitoring url.
-author: Rhys Campbell (@rhysmeister)
-version_added: "1.3.0"
-
-extends_documentation_fragment:
- - community.mongodb.login_options
- - community.mongodb.ssl_options
-
-options:
- state:
- description: Manage the free monitoring feature.
- type: str
- choices:
- - "started"
- - "stopped"
- default: "started"
- return_url:
- description: When true return the monitoring url if available.
- type: bool
- default: false
-
-notes:
-- Requires the pymongo Python package on the remote host, version 2.4.2+. This
- can be installed using pip or the OS package manager. @see U(http://api.mongodb.org/python/current/installation.html)
-requirements:
- - pymongo
-'''
-
-EXAMPLES = r'''
-- name: Enable monitoring
- community.mongodb.mongodb_monitoring:
- state: "started"
-
-- name: Disable monitoring
- community.mongodb.mongodb_monitoring:
- state: "stopped"
-
-- name: Enable monitoring and return the monitoring url
- community.mongodb_monitoring:
- state: "started"
- return_url: "yes"
-'''
-
-RETURN = r'''
-changed:
- description: Whether the monitoring status changed.
- returned: success
- type: bool
-msg:
- description: A short description of what happened.
- returned: success
- type: str
-failed:
- description: If something went wrong
- returned: failed
- type: bool
-url:
- description: The MongoDB instance Monitoring url.
- returned: When requested and available.
- type: str
-'''
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils._text import to_native
-from ansible_collections.community.mongodb.plugins.module_utils.mongodb_common import (
- missing_required_lib,
- mongodb_common_argument_spec,
- PYMONGO_IMP_ERR,
- pymongo_found,
- mongo_auth,
- get_mongodb_client,
-)
-
-has_ordereddict = False
-try:
- from collections import OrderedDict
- has_ordereddict = True
-except ImportError as excep:
- try:
- from ordereddict import OrderedDict
- has_ordereddict = True
- except ImportError as excep:
- pass
-
-
-def stop_monitoring(client):
- '''
- Stops MongoDB Free Monitoring
- '''
- cmd_doc = OrderedDict([('setFreeMonitoring', 1),
- ('action', 'disable')])
- client['admin'].command(cmd_doc)
-
-
-def start_monitoring(client):
- '''
- Stops MongoDB Free Monitoring
- '''
- cmd_doc = OrderedDict([('setFreeMonitoring', 1),
- ('action', 'enable')])
- client['admin'].command(cmd_doc)
-
-
-def get_monitoring_status(client):
- '''
- Gets the state of MongoDB Monitoring.
- N.B. If Monitoring has never been enabled the
- free_monitoring record in admin.system.version
- will not yet exist.
- '''
- monitoring_state = None
- url = None
- result = client["admin"]['system.version'].find_one({"_id": "free_monitoring"})
- if not result:
- monitoring_state = "stopped"
- else:
- url = result["informationalURL"]
- if result["state"] == "enabled":
- monitoring_state = "started"
- else:
- monitoring_state = "stopped"
- return monitoring_state, url
-
-
-def main():
- argument_spec = mongodb_common_argument_spec()
- argument_spec.update(
- state=dict(type='str', default='started', choices=['started', 'stopped']),
- return_url=dict(type='bool', default=False)
- )
-
- module = AnsibleModule(
- argument_spec=argument_spec,
- supports_check_mode=True,
- required_together=[['login_user', 'login_password']],
- )
-
- if not has_ordereddict:
- module.fail_json(msg='Cannot import OrderedDict class. You can probably install with: pip install ordereddict')
-
- if not pymongo_found:
- module.fail_json(msg=missing_required_lib('pymongo'),
- exception=PYMONGO_IMP_ERR)
-
- state = module.params['state']
- return_url = module.params['return_url']
-
- try:
- client = get_mongodb_client(module, directConnection=True)
- client = mongo_auth(module, client, directConnection=True)
- except Exception as e:
- module.fail_json(msg='Unable to connect to database: %s' % to_native(e))
-
- current_monitoring_state, url = get_monitoring_status(client)
- result = {}
- if state == "started":
- if current_monitoring_state == "started":
- result['changed'] = False
- result['msg'] = "Free monitoring is already started"
- else:
- if module.check_mode is False:
- start_monitoring(client)
- result['changed'] = True
- result['msg'] = "Free monitoring has been started"
- else:
- if current_monitoring_state == "started":
- if module.check_mode is False:
- stop_monitoring(client)
- result['changed'] = True
- result['msg'] = "Free monitoring has been stopped"
- else:
- result['changed'] = False
- result['msg'] = "Free monitoring is already stopped"
-
- if return_url and url:
- result['url'] = url
-
- module.exit_json(**result)
-
-
-if __name__ == '__main__':
- main()
diff --git a/ansible_collections/community/mongodb/plugins/modules/mongodb_replicaset.py b/ansible_collections/community/mongodb/plugins/modules/mongodb_replicaset.py
index d0baf661e..d6cdaae26 100644
--- a/ansible_collections/community/mongodb/plugins/modules/mongodb_replicaset.py
+++ b/ansible_collections/community/mongodb/plugins/modules/mongodb_replicaset.py
@@ -554,8 +554,11 @@ def main():
debug = module.params['debug']
cluster_cmd = module.params['cluster_cmd']
+ # Count voting members
+ voting_members = sum([1 if not isinstance(m, dict) or m.get("votes", 1) == 1 else 0 for m in members])
+
if validate and reconfigure is False:
- if len(members) <= 2 or len(members) % 2 == 0:
+ if len(members) <= 2 or voting_members % 2 == 0:
module.fail_json(msg="MongoDB Replicaset validation failed. Invalid number of replicaset members.")
if arbiter_at_index is not None and len(members) - 1 < arbiter_at_index:
module.fail_json(msg="MongoDB Replicaset validation failed. Invalid arbiter index.")
diff --git a/ansible_collections/community/mongodb/plugins/modules/mongodb_role.py b/ansible_collections/community/mongodb/plugins/modules/mongodb_role.py
index 012f553a0..23f653c32 100644
--- a/ansible_collections/community/mongodb/plugins/modules/mongodb_role.py
+++ b/ansible_collections/community/mongodb/plugins/modules/mongodb_role.py
@@ -303,8 +303,8 @@ def check_if_role_changed(client, role, db_name, privileges, authenticationRestr
'roles' not in role_dict and roles != []):
changed = True
elif ('authenticationRestrictions' in role_dict and
- sorted(reformat_authenticationRestrictions, key=lambda x: (x['clientSource'], x['serverAddress'])) !=
- sorted(authenticationRestrictions, key=lambda x: (x['clientSource'], x['serverAddress'])) or
+ sorted(reformat_authenticationRestrictions, key=lambda x: (x.get('clientSource', ''), x.get('serverAddress', ''))) !=
+ sorted(authenticationRestrictions, key=lambda x: (x.get('clientSource', ''), x.get('serverAddress', ''))) or
'authenticationRestrictions' not in role_dict and authenticationRestrictions != []):
changed = True
else:
diff --git a/ansible_collections/community/mongodb/plugins/modules/mongodb_user.py b/ansible_collections/community/mongodb/plugins/modules/mongodb_user.py
index eab0d186c..fee4c48c1 100644
--- a/ansible_collections/community/mongodb/plugins/modules/mongodb_user.py
+++ b/ansible_collections/community/mongodb/plugins/modules/mongodb_user.py
@@ -189,7 +189,6 @@ user:
import os
import traceback
-from operator import itemgetter
from ansible.module_utils.basic import AnsibleModule, missing_required_lib
@@ -307,7 +306,7 @@ def check_if_roles_changed(uinfo, roles, db_name):
roles_as_list_of_dict = make_sure_roles_are_a_list_of_dict(roles, db_name)
uinfo_roles = uinfo.get('roles', [])
- if sorted(roles_as_list_of_dict, key=itemgetter('db')) == sorted(uinfo_roles, key=itemgetter('db')):
+ if sorted(roles_as_list_of_dict, key=lambda roles: sorted(roles.items())) == sorted(uinfo_roles, key=lambda roles: sorted(roles.items())):
return False
return True
diff --git a/ansible_collections/community/mongodb/roles/mongodb_auth/defaults/main.yml b/ansible_collections/community/mongodb/roles/mongodb_auth/defaults/main.yml
index c34225a2a..59049bde2 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_auth/defaults/main.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_auth/defaults/main.yml
@@ -26,3 +26,5 @@ mongodb_users: []
# Setting this to yes will result in 'changed' on every run, even if the password is the same.
# See the comment in tasks/main.yml for more details.
mongodb_force_update_password: no
+
+mongodb_use_tls: false \ No newline at end of file
diff --git a/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/molecule.yml
index 8b614fb6a..dfb11aac4 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/molecule.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/molecule.yml
@@ -15,8 +15,8 @@ platforms:
privileged: True
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- - name: ubuntu_18
- image: ubuntu:18.04
+ - name: ubuntu_22_04
+ image: ubuntu:22.04
command: /sbin/init
privileged: True
- name: ubuntu_22
diff --git a/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/playbook.yml b/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/playbook.yml
index 46c4e8e2e..efbb70469 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/playbook.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_auth/molecule/default/playbook.yml
@@ -9,7 +9,7 @@
# initially disable authorization on some hosts
hosts_with_auth_disabled:
- - ubuntu_18
+ - ubuntu_22_04
- ubuntu_22
# add some users for some of the hosts
@@ -52,6 +52,17 @@
include_role:
name: mongodb_auth
+ - name: Determine openssl version
+ command: openssl version
+ changed_when: false
+ register: openssl
+
+ - name: Set mongosh package version
+ set_fact:
+ mongosh_package: "{{ 'mongodb-mongosh-shared-openssl3' if openssl.stdout.startswith('OpenSSL 3') else 'mongodb-mongosh-shared-openssl11' }}"
+ when: mongosh_package is not defined
+
- name: Install MongoDB Shell
package:
- name: mongodb-mongosh
+ name:
+ - "{{ mongosh_package }}"
diff --git a/ansible_collections/community/mongodb/roles/mongodb_auth/tasks/main.yml b/ansible_collections/community/mongodb/roles/mongodb_auth/tasks/main.yml
index d3775a1b7..eff6e4f31 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_auth/tasks/main.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_auth/tasks/main.yml
@@ -94,6 +94,8 @@
database: admin
roles: "{{ mongodb_admin_roles }}"
+ ssl: "{{ mongodb_use_tls }}"
+ ssl_ca_certs: "{{ mongodb_certificate_ca_file if mongodb_use_tls else omit }}"
login_host: localhost
login_port: "{{ mongod_port | string }}" # silence implicit int->str conversion warning
create_for_localhost_exception: /root/mongodb_admin.success
diff --git a/ansible_collections/community/mongodb/roles/mongodb_auth/tasks/mongodb_auth_user.yml b/ansible_collections/community/mongodb/roles/mongodb_auth/tasks/mongodb_auth_user.yml
index e21dec073..5c0c930ba 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_auth/tasks/mongodb_auth_user.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_auth/tasks/mongodb_auth_user.yml
@@ -18,6 +18,8 @@
database: "{{ _mongodb_user.db }}"
roles: "{{ _mongodb_user.roles|default('readWrite') }}"
+ ssl: "{{ mongodb_use_tls }}"
+ ssl_ca_certs: "{{ mongodb_certificate_ca_file if mongodb_use_tls else omit }}"
login_host: localhost
login_port: "{{ mongod_port | string }}" # silence implicit int->str conversion warning
login_user: "{{ mongodb_admin_user }}"
diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/README.md b/ansible_collections/community/mongodb/roles/mongodb_config/README.md
index 4ab33efcb..b5cd560a5 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_config/README.md
+++ b/ansible_collections/community/mongodb/roles/mongodb_config/README.md
@@ -6,25 +6,27 @@ A simple role to aid in setting up a CSRS Config Server Replicaset for a MongoDB
Role Variables
--------------
-* `config_port`: The port used by the mongos process. Default 27019.
-* `mongod_service`: The name of the mongod service. Default mongod.
-* `mongodb_user`: The Linux OS user for MongoDB. Default mongod.
-* `mongodb_group`: The Linux OS user group for MongoDB. Default mongod.
-* `pid_file`: The pid file for mongos. Default /run/mongodb/mongos.pid.
-* `log_path`: Path of the log file. Default /var/log/mongodb/mongod.log.
-* `bind_ip`: The IP address mongod will bind to. Default 0.0.0.0.
-* `bind_ip_all`: Have mongod bind to all IP addresses instead of specifying `bind_ip`. Default false.
-* `config_repl_set_name`: The replicaset name for the config servers. Default cfg.
-* `authorization`: Enable authorization. Default enabled.
+* `config_port`: The port used by the mongos process. Default `27019`.
+* `mongod_service`: The name of the mongod service. Default `mongod`.
+* `mongodb_user`: The Linux OS user for MongoDB. Default `mongod`.
+* `mongodb_group`: The Linux OS user group for MongoDB. Default `mongod`.
+* `pid_file`: The pid file for mongos. Default `/run/mongodb/mongos.pid`.
+* `log_path`: Path of the log file. Default `/var/log/mongodb/mongod.log`.
+* `bind_ip`: The IP address mongod will bind to. Default `0.0.0.0`.
+* `bind_ip_all`: Have mongod bind to all IP addresses instead of specifying `bind_ip`. Default `false`.
+* `config_repl_set_name`: The replicaset name for the config servers. Default `cfg`.
+* `authorization`: Enable authorization. Default `enabled`.
* `openssl_keyfile_content`: The kexfile content that MongoDB uses to authenticate within a replicaset. Generate with cmd: openssl rand -base64 756.
-* `openssl_keyfile_path`: Put the openssl_keyfile at this path. Default: /etc/keyfile
-* `mongod_package`: The name of the mongod installation package. Default mongodb-org-server.
-replicaset: When enabled add a replication section to the configuration. Default true.
+* `openssl_keyfile_path`: Put the openssl_keyfile at this path. Default: `/etc/keyfile`.
+* `mongod_package`: The name of the mongod installation package. Default `mongodb-org-server`.
+replicaset: When enabled add a replication section to the configuration. Default `true`.
* `net_compressors`: If this is set, this sets `net.compression.compressors` in mongod.conf.
-* `mongod_config_template`: If defined allows to override path to mongod config template with custom configuration. Default "mongod.conf.j2"
+* `mongod_config_template`: If defined allows to override path to mongod config template with custom configuration. Default `mongod.conf.j2`.
* `skip_restart`: If set to `true` will skip restarting mongod service when config file or the keyfile content changes. Default `true`.
* `db_path`: Path to database data location. Default `/var/lib/mongodb` on Debian based distributions, `/var/lib/mongo` for others.
-* `mongodb_use_tls`: Wether to use tls. Default false.
+* `mongodb_use_tls`: Whether to use tls. Default `false`.
+* `mongodb_disabled_tls_protocols`: The tls protocols to be disabled. Leave blank to let MongoDB decide which protocols to allow according to the ones available on the system; check the [official docs](https://www.mongodb.com/docs/v6.0/reference/configuration-options/#mongodb-setting-net.tls.disabledProtocols) for details. Default "".
+* `mongodb_allow_connections_without_certificates`: When enabled allows to bypass the certificate validation for clients that do not present a certificate, if a certificate is provided it _must_ be valid. Default `false`.
* `mongodb_certificate_key_file`: Path to the PEM-file containing the certficate and private key.
* `mongodb_certificate_ca_file`: Path to the CA-file.
diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/defaults/main.yml b/ansible_collections/community/mongodb/roles/mongodb_config/defaults/main.yml
index 0460a8bd6..916d06725 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_config/defaults/main.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_config/defaults/main.yml
@@ -32,3 +32,5 @@ mongod_config_template: "configsrv.conf.j2"
skip_restart: true
db_path: "{{ '/var/lib/mongodb' if ansible_os_family == 'Debian' else '/var/lib/mongo' if ansible_os_family == 'RedHat' else '/var/lib/mongo' }}"
mongodb_use_tls: false
+mongodb_disabled_tls_protocols: ""
+mongodb_allow_connections_without_certificates: false
diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/molecule.yml
index 3dc8132e1..e9d686e54 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/molecule.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/molecule.yml
@@ -19,9 +19,9 @@ platforms:
networks:
- name: "mymongo"
network_mode: "mymongo"
- - name: ubuntu_18
- hostname: ubuntu_18
- image: ubuntu:18.04
+ - name: ubuntu_22_04
+ hostname: ubuntu_22_04
+ image: ubuntu:22.04
command: /sbin/init
privileged: True
networks:
diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/playbook.yml b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/playbook.yml
index eceb73444..bf89e498d 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/playbook.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/playbook.yml
@@ -15,9 +15,20 @@
name: "{{ 'pymongo==3.12.*' if ansible_python_version[0:3] | float < 3.6 else 'pymongo' }}"
when: ansible_hostname == "fedora"
+ - name: Determine openssl version
+ command: openssl version
+ changed_when: false
+ register: openssl
+
+ - name: Set mongosh package version
+ set_fact:
+ mongosh_package: "{{ 'mongodb-mongosh-shared-openssl3' if openssl.stdout.startswith('OpenSSL 3') else 'mongodb-mongosh-shared-openssl11' }}"
+ when: mongosh_package is not defined
+
- name: Install MongoDB Shell
package:
- name: mongodb-mongosh
+ name:
+ - "{{ mongosh_package }}"
- name: Init config server replicaset
community.mongodb.mongodb_replicaset:
@@ -28,7 +39,7 @@
members:
- almalinux_8:27019
- fedora:27019
- - ubuntu_18:27019
+ - ubuntu_22_04:27019
- debian_bullseye:27019
- ubuntu_22:27019
when: ansible_hostname == "fedora"
diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/tests/test_default.py b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/tests/test_default.py
index 99a541fd1..823197ea5 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/tests/test_default.py
+++ b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/custom_db_path/tests/test_default.py
@@ -60,7 +60,7 @@ def test_mongod_replicaset(host):
assert "cfg" in r.stdout
assert "almalinux_8:{0}".format(port) in r.stdout
assert "fedora:{0}".format(port) in r.stdout
- assert "ubuntu_18:{0}".format(port) in r.stdout
+ assert "ubuntu_22_04:{0}".format(port) in r.stdout
assert "ubuntu_22:{0}".format(port) in r.stdout
assert "debian_bullseye:{0}".format(port) in r.stdout
diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/molecule.yml
index 3dc8132e1..e9d686e54 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/molecule.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/molecule.yml
@@ -19,9 +19,9 @@ platforms:
networks:
- name: "mymongo"
network_mode: "mymongo"
- - name: ubuntu_18
- hostname: ubuntu_18
- image: ubuntu:18.04
+ - name: ubuntu_22_04
+ hostname: ubuntu_22_04
+ image: ubuntu:22.04
command: /sbin/init
privileged: True
networks:
diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/playbook.yml b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/playbook.yml
index 42c89bad2..4f9d6ce29 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/playbook.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/playbook.yml
@@ -13,9 +13,20 @@
name: "{{ 'pymongo==3.12.*' if ansible_python_version[0:3] | float < 3.6 else 'pymongo' }}"
when: ansible_hostname == "fedora"
+ - name: Determine openssl version
+ command: openssl version
+ changed_when: false
+ register: openssl
+
+ - name: Set mongosh package version
+ set_fact:
+ mongosh_package: "{{ 'mongodb-mongosh-shared-openssl3' if openssl.stdout.startswith('OpenSSL 3') else 'mongodb-mongosh-shared-openssl11' }}"
+ when: mongosh_package is not defined
+
- name: Install MongoDB Shell
package:
- name: mongodb-mongosh
+ name:
+ - "{{ mongosh_package }}"
- name: Init config server replicaset
community.mongodb.mongodb_replicaset:
@@ -26,7 +37,7 @@
members:
- almalinux_8:27019
- fedora:27019
- - ubuntu_18:27019
+ - ubuntu_22_04:27019
- debian_bullseye:27019
- ubuntu_22:27019
when: ansible_hostname == "fedora"
diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/tests/test_default.py b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/tests/test_default.py
index fe7aecf16..89b86c207 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/tests/test_default.py
+++ b/ansible_collections/community/mongodb/roles/mongodb_config/molecule/default/tests/test_default.py
@@ -60,7 +60,7 @@ def test_mongod_replicaset(host):
assert "cfg" in r.stdout
assert "almalinux_8:{0}".format(port) in r.stdout
assert "fedora:{0}".format(port) in r.stdout
- assert "ubuntu_18:{0}".format(port) in r.stdout
+ assert "ubuntu_22_04:{0}".format(port) in r.stdout
assert "ubuntu_22:{0}".format(port) in r.stdout
assert "debian_bullseye:{0}".format(port) in r.stdout
diff --git a/ansible_collections/community/mongodb/roles/mongodb_config/templates/configsrv.conf.j2 b/ansible_collections/community/mongodb/roles/mongodb_config/templates/configsrv.conf.j2
index afb06f641..192b3cbae 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_config/templates/configsrv.conf.j2
+++ b/ansible_collections/community/mongodb/roles/mongodb_config/templates/configsrv.conf.j2
@@ -41,6 +41,12 @@ net:
mode: requireTLS
certificateKeyFile: {{ mongodb_certificate_key_file }}
CAFile: {{ mongodb_certificate_ca_file }}
+{% if mongodb_disabled_tls_protocols != "" %}
+ disabledProtocols: {{ mongodb_disabled_tls_protocols }}
+{% endif %}
+{% if mongodb_allow_connections_without_certificates %}
+ allowConnectionsWithoutCertificates: true
+{% endif %}
{% endif %}
{% if authorization == "enabled" %}
diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/files/lock_mongodb_packages.sh b/ansible_collections/community/mongodb/roles/mongodb_install/files/lock_mongodb_packages.sh
index 0c3e8e6f5..bbfff55c8 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_install/files/lock_mongodb_packages.sh
+++ b/ansible_collections/community/mongodb/roles/mongodb_install/files/lock_mongodb_packages.sh
@@ -8,13 +8,19 @@ HOLD="$1";
PACKAGE_NAME="mongodb-org*"
if [[ "$HOLD" == "HOLD" ]]; then
- if command -v yum &> /dev/null; then
+ if command -v dnf &> /dev/null; then
+ dnf install "dnf-command(versionlock)"
+ dnf versionlock "$PACKAGE_NAME" && touch /root/mongo_version_lock.success;
+ elif command -v yum &> /dev/null; then
yum versionlock "$PACKAGE_NAME" && touch /root/mongo_version_lock.success;
elif command -v apt-mark &> /dev/null; then
apt-mark hold "$PACKAGE_NAME" && touch /root/mongo_version_lock.success;
fi;
elif [[ "$HOLD" == "NOHOLD" ]]; then
- if command -v yum &> /dev/null; then
+ if command -v dnf &> /dev/null; then
+ dnf install "dnf-command(versionlock)"
+ dnf versionlock delete "$PACKAGE_NAME" || true && rm -rf /root/mongo_version_lock.success;
+ elif command -v yum &> /dev/null; then
yum versionlock delete "$PACKAGE_NAME" || true && rm -rf /root/mongo_version_lock.success;
elif command -v apt-mark &> /dev/null; then
apt-mark unhold "$PACKAGE_NAME" && rm -rf /root/mongo_version_lock.success;
diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/molecule.yml
index 5258056e7..aab979c46 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/molecule.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/molecule.yml
@@ -11,8 +11,8 @@ lint:
platforms:
- name: almalinux_8
image: almalinux:8
- - name: ubuntu_18
- image: ubuntu:18.04
+ - name: ubuntu_22_04
+ image: ubuntu:22.04
privileged: yes
command: "/sbin/init"
- name: ubuntu_22
diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/prepare.yml b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/prepare.yml
new file mode 100644
index 000000000..1eec53a5c
--- /dev/null
+++ b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/default/prepare.yml
@@ -0,0 +1,10 @@
+---
+- name: Prepare
+ hosts: all
+ become: yes
+
+ tasks:
+
+ - name: Install openssl
+ package:
+ name: "openssl" \ No newline at end of file
diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/molecule.yml
index 4266ee65b..2767eee61 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/molecule.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/molecule.yml
@@ -13,8 +13,8 @@ platforms:
image: almalinux:8
- name: fedora
image: fedora:37
- - name: ubuntu_18
- image: ubuntu:18.04
+ - name: ubuntu_22_04
+ image: ubuntu:22.04
- name: ubuntu_22
image: ubuntu:22.04
- name: debian_bullseye
diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/prepare.yml b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/prepare.yml
index 8a94ca7eb..bcc16f3f1 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/prepare.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/prepare.yml
@@ -10,3 +10,7 @@
name: yum-plugin-versionlock
state: present
when: ansible_facts.os_family == "RedHat"
+
+ - name: Install openssl
+ package:
+ name: "openssl" \ No newline at end of file
diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/tests/test_default.py b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/tests/test_default.py
index 381a5823a..72893a0aa 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/tests/test_default.py
+++ b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_hold_packages/tests/test_default.py
@@ -17,8 +17,6 @@ def test_mongodb_packages_not_installed(host):
assert p.is_installed
p = host.package("mongodb-org-server")
assert p.is_installed
- p = host.package("mongodb-mongosh")
- assert p.is_installed
p = host.package("mongodb-org-mongos")
assert p.is_installed
p = host.package("mongodb-org-tools")
diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/molecule.yml
index 4266ee65b..2767eee61 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/molecule.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/molecule.yml
@@ -13,8 +13,8 @@ platforms:
image: almalinux:8
- name: fedora
image: fedora:37
- - name: ubuntu_18
- image: ubuntu:18.04
+ - name: ubuntu_22_04
+ image: ubuntu:22.04
- name: ubuntu_22
image: ubuntu:22.04
- name: debian_bullseye
diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/prepare.yml b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/prepare.yml
index 325651e03..bcc16f3f1 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/prepare.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/prepare.yml
@@ -9,4 +9,8 @@
yum:
name: yum-plugin-versionlock
state: present
- when: ansible_facts.os_family == "RedHat" \ No newline at end of file
+ when: ansible_facts.os_family == "RedHat"
+
+ - name: Install openssl
+ package:
+ name: "openssl" \ No newline at end of file
diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/tests/test_default.py b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/tests/test_default.py
index cd1fc5f79..2fc340c43 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/tests/test_default.py
+++ b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/mongodb_nohold_packages/tests/test_default.py
@@ -17,8 +17,6 @@ def test_mongodb_packages_installed(host):
assert p.is_installed
p = host.package("mongodb-org-server")
assert p.is_installed
- p = host.package("mongodb-mongosh")
- assert p.is_installed
p = host.package("mongodb-org-mongos")
assert p.is_installed
p = host.package("mongodb-org-tools")
diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/molecule.yml
index 3fdeb9123..6ee9a3814 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/molecule.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/molecule.yml
@@ -9,14 +9,14 @@ lint:
config-data:
line-length: disable
platforms:
- #- name: almalinux_8
- # image: almalinux:8 yum seems broken for wildcard/version install for AL8
+ - name: almalinux_8
+ image: almalinux:8
#- name: fedora
# image: fedora:37 ditto
- - name: centos7
- image: centos:7 # Just here while the above two are broken
- - name: ubuntu_18
- image: ubuntu:18.04
+ #- name: centos7
+ # image: centos:7 # Just here while the above two are broken
+ - name: ubuntu_22_04
+ image: ubuntu:22.04
- name: ubuntu_22
image: ubuntu:22.04
- name: debian_bullseye
diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/prepare.yml b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/prepare.yml
new file mode 100644
index 000000000..1eec53a5c
--- /dev/null
+++ b/ansible_collections/community/mongodb/roles/mongodb_install/molecule/specific_mongodb_version/prepare.yml
@@ -0,0 +1,10 @@
+---
+- name: Prepare
+ hosts: all
+ become: yes
+
+ tasks:
+
+ - name: Install openssl
+ package:
+ name: "openssl" \ No newline at end of file
diff --git a/ansible_collections/community/mongodb/roles/mongodb_install/tasks/main.yml b/ansible_collections/community/mongodb/roles/mongodb_install/tasks/main.yml
index d43174fd3..02b71f82d 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_install/tasks/main.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_install/tasks/main.yml
@@ -1,8 +1,23 @@
---
+- name: Determine openssl version
+ command: openssl version
+ changed_when: false
+ register: openssl
+
+- name: Set mongosh package version
+ set_fact:
+ mongosh_package: "{{ 'mongodb-mongosh-shared-openssl3' if openssl.stdout.startswith('OpenSSL 3') else 'mongodb-mongosh-shared-openssl11' }}"
+ when: mongosh_package is not defined
+
# tasks file for mongodb_install
- name: Install MongoDB Packages
package:
- name: mongodb-org
+ name:
+ - "mongodb-org"
+ - "mongodb-org-server"
+ - "{{ mongosh_package }}" # variablized due to tls issue
+ - "mongodb-org-mongos"
+ - "mongodb-org-tools"
state: present
when: specific_mongodb_version is not defined
register: _pkg
@@ -15,7 +30,12 @@
- name: Install MongoDB Packages (Specific version)
package:
- name: "mongodb-org*{{ specific_mongodb_version }}"
+ name:
+ - "mongodb-org-{{ specific_mongodb_version }}"
+ - "mongodb-org-server-{{ specific_mongodb_version }}"
+ - "{{ mongosh_package }}" # variablized due to tls issue
+ - "mongodb-org-mongos-{{ specific_mongodb_version }}"
+ - "mongodb-org-tools-{{ specific_mongodb_version }}"
state: present
when:
- specific_mongodb_version is defined
@@ -37,7 +57,7 @@
name:
- "mongodb-org={{ specific_mongodb_version }}"
- "mongodb-org-server={{ specific_mongodb_version }}"
- - "mongodb-mongosh" # mongosh package uses a new versioning number schema
+ - "{{ mongosh_package }}" # variablized due to tls issue
- "mongodb-org-mongos={{ specific_mongodb_version }}"
- "mongodb-org-tools={{ specific_mongodb_version }}"
state: present
diff --git a/ansible_collections/community/mongodb/roles/mongodb_linux/README.md b/ansible_collections/community/mongodb/roles/mongodb_linux/README.md
index 7cc37be47..5a948d5c9 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_linux/README.md
+++ b/ansible_collections/community/mongodb/roles/mongodb_linux/README.md
@@ -17,8 +17,9 @@ Role Variables
--------------
swappiness: OS swappiness value. Default "1".
-ntp_package: Name of ntp package. Default ntp.
-ntp_service: Name of ntp service. Default ntpd.
+mongodb_ntp_package: Name of ntp package. Default depends on OS-specific vars.
+mongodb_ntp_service: Name of ntp service. Default depends on OS-specific vars.
+mongodb_gnu_c_lib: Name of the GNU C lib. Default depends on OS-specific vars.
* On RedHat 8 and higher systems ntp_package and ntp_service are set to chrony and chronyd respectively.
diff --git a/ansible_collections/community/mongodb/roles/mongodb_linux/defaults/main.yml b/ansible_collections/community/mongodb/roles/mongodb_linux/defaults/main.yml
index 7b2a0a68b..14659e137 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_linux/defaults/main.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_linux/defaults/main.yml
@@ -8,3 +8,7 @@ swappiness: "1"
nproc_and_nofile_limit: 64000
# TODO: mongo suggests infinity here
memlock_limit: 1024
+
+mongodb_ntp_package:
+mongodb_ntp_service:
+mongodb_gnu_c_lib:
diff --git a/ansible_collections/community/mongodb/roles/mongodb_linux/files/thp-disable.service b/ansible_collections/community/mongodb/roles/mongodb_linux/files/thp-disable.service
index 3602ed7b4..b8b6ba38b 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_linux/files/thp-disable.service
+++ b/ansible_collections/community/mongodb/roles/mongodb_linux/files/thp-disable.service
@@ -1,5 +1,6 @@
[Unit]
Description=Disable Transparent Huge Pages
+ConditionPathIsDirectory=/sys/kernel/mm/transparent_hugepage
[Service]
Type=oneshot
diff --git a/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/molecule.yml
index 5d12cbb04..712209f4e 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/molecule.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_linux/molecule/default/molecule.yml
@@ -18,8 +18,8 @@ platforms:
networks:
- name: "mongodb_linux"
network_mode: "mongodb_linux"
- - name: ubuntu_18
- image: ubuntu:18.04
+ - name: ubuntu_22_04
+ image: ubuntu:22.04
command: /sbin/init
privileged: True
networks:
diff --git a/ansible_collections/community/mongodb/roles/mongodb_linux/tasks/main.yml b/ansible_collections/community/mongodb/roles/mongodb_linux/tasks/main.yml
index e8a61a394..70b223127 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_linux/tasks/main.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_linux/tasks/main.yml
@@ -17,6 +17,12 @@
tags:
- "vars"
+- name: "Override variables from OS-specific configuration"
+ set_fact:
+ ntp_package: "{{ mongodb_ntp_package | default(ntp_package, true) }}"
+ ntp_service: "{{ mongodb_ntp_service | default(ntp_service, true) }}"
+ gnu_c_lib: "{{ mongodb_gnu_c_lib | default(gnu_c_lib, true) }}"
+
- name: See if we are in docker
when:
- "ansible_facts.virtualization_role == 'guest'"
@@ -126,8 +132,14 @@
- "setup"
- "service"
+- name: Check if transparent_hugepage is enabled in the kernel
+ stat:
+ path: /sys/kernel/mm/transparent_hugepage
+ register: sys_thp
+
- name: Check if disable-transparent-huge-pages service is already run
shell: cat /sys/kernel/mm/transparent_hugepage/enabled | grep -o '[never]'
+ when: sys_thp.stat.exists
register: _huge_page_status
ignore_errors: yes
changed_when: _huge_page_status.stdout == ""
@@ -141,7 +153,7 @@
name: disable-transparent-huge-pages
state: started
enabled: yes
- when: (not in_docker|bool) and (_huge_page_status.stdout == "")
+ when: (not in_docker|bool) and (sys_thp.stat.exists) and (_huge_page_status.stdout == "")
tags:
- "linux"
- "service"
@@ -190,6 +202,7 @@
# TODO: These may need to be configurable for different usage patterns.
- { "name": "vm.dirty_ratio", "value": "15" }
- { "name": "vm.dirty_background_ratio", "value": "5" }
+ - { "name": "vm.max_map_count", "value": "128000" }
- { "name": "net.core.somaxconn ", "value": "4096" }
- { "name": "net.ipv4.tcp_fin_timeout", "value": "30" }
- { "name": "net.ipv4.tcp_keepalive_intvl", "value": "30" }
diff --git a/ansible_collections/community/mongodb/roles/mongodb_linux/vars/Debian-12.yml b/ansible_collections/community/mongodb/roles/mongodb_linux/vars/Debian-12.yml
new file mode 100644
index 000000000..364a59345
--- /dev/null
+++ b/ansible_collections/community/mongodb/roles/mongodb_linux/vars/Debian-12.yml
@@ -0,0 +1,5 @@
+---
+# Packages for Debian distros
+ntp_package: systemd-timesyncd
+ntp_service: systemd-timesyncd
+gnu_c_lib: libc6
diff --git a/ansible_collections/community/mongodb/roles/mongodb_linux/vars/RedHat-9.yml b/ansible_collections/community/mongodb/roles/mongodb_linux/vars/RedHat-9.yml
new file mode 100644
index 000000000..7e8077261
--- /dev/null
+++ b/ansible_collections/community/mongodb/roles/mongodb_linux/vars/RedHat-9.yml
@@ -0,0 +1,5 @@
+---
+# Packages for RedHat-9 distros
+ntp_package: chrony
+ntp_service: chronyd
+gnu_c_lib: glibc
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/README.md b/ansible_collections/community/mongodb/roles/mongodb_mongod/README.md
index 51a801296..f2bf1d935 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_mongod/README.md
+++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/README.md
@@ -6,29 +6,34 @@ A simple role to aid in the setup of a MongoDB replicaset.
Role Variables
--------------
-* `mongod_port`: The port used by the mongod process. Default 27017.
-* `mongod_service`: The name of the mongod service. Default mongod.
-* `mongodb_user`: The Linux OS user for MongoDB. Default mongod.
-* `mongodb_group`: The Linux OS user group for MongoDB. Default mongod.
-* `bind_ip`: The IP address mongod will bind to. Default 0.0.0.0.
-* `bind_ip_all`: Have mongod bind to all IP addresses instead of specifying `bind_ip`. Default false.
-* `log_path`: Path of the log file. Default: /var/log/mongodb/mongod.log.
-* `repl_set_name`: The name of the replicaset the member will participate in. Default rs0.
-* `authorization`: Enable authorization. Default enabled.
+* `mongod_port`: The port used by the mongod process. Default `27017`.
+* `mongod_service`: The name of the mongod service. Default `mongod`.
+* `mongodb_user`: The Linux OS user for MongoDB. Default `mongod`.
+* `mongodb_group`: The Linux OS user group for MongoDB. Default `mongod`.
+* `bind_ip`: The IP address mongod will bind to. Default `0.0.0.0`.
+* `bind_ip_all`: Have mongod bind to all IP addresses instead of specifying `bind_ip`. Default `false`.
+* `log_path`: Path of the log file. Default: `/var/log/mongodb/mongod.log`.
+* `repl_set_name`: The name of the replicaset the member will participate in. Default `rs0`.
+* `authorization`: Enable authorization. Default `enabled`.
* `openssl_keyfile_content`: The keyfile content that MongoDB uses to authenticate within a replicaset. Generate with cmd: openssl rand -base64 756.
-* `openssl_keyfile_path`: Put the openssl_keyfile at this path. Default: /etc/keyfile
-* `mongodb_admin_user`: MongoDB admin username. Default admin.
-* `mongodb_admin_pwd`: MongoDB admin password. Default admin.
-* `mongod_package`: The mongod package to install. Default mongodb-org-server.
-* `replicaset`: When enabled add a replication section to the configuration. Default true.
-* `sharding`: If this replicaset member will form part of a sharded cluster. Default false.
+* `openssl_keyfile_path`: Put the openssl_keyfile at this path. Default: `/etc/keyfile`.
+* `mongodb_admin_user`: MongoDB admin username. Default `admin`.
+* `mongodb_admin_pwd`: MongoDB admin password. Default `admin`.
+* `mongod_package`: The mongod package to install. Default `mongodb-org-server`.
+* `replicaset`: When enabled add a replication section to the configuration. Default `true`.
+* `sharding`: If this replicaset member will form part of a sharded cluster. Default `false`.
* `net_compressors`: If this is set, this sets `net.compression.compressors` in mongod.conf.
-* `mongod_config_template`: If defined allows to override path to mongod config template with custom configuration. Default "mongod.conf.j2"
+* `mongod_config_template`: If defined allows to override path to mongod config template with custom configuration. Default `mongod.conf.j2`.
* `skip_restart`: If set to `true` will skip restarting mongod service when config file or the keyfile content changes. Default `true`.
* `db_path`: Path to database data location. Default `/var/lib/mongodb` on Debian based distributions, `/var/lib/mongo` for others.
-* `mongodb_use_tls`: Wether to use tls. Default false.
+* `mongodb_use_tls`: Whether to use tls. Default `false`.
+* `mongodb_disabled_tls_protocols`: The tls protocols to be disabled. Leave blank to let MongoDB decide which protocols to allow according to the ones available on the system; check the [official docs](https://www.mongodb.com/docs/v6.0/reference/configuration-options/#mongodb-setting-net.tls.disabledProtocols) for details. Default "".
+* `mongodb_allow_connections_without_certificates`: When enabled allows to bypass the certificate validation for clients that do not present a certificate, if a certificate is provided it _must_ be valid. Default `false`.
* `mongodb_certificate_key_file`: Path to the PEM-file containing the certficate and private key.
* `mongodb_certificate_ca_file`: Path to the CA-file.
+* `mongodb_logrotate_enabled`: Add logrotate configuration. Default: `false`.
+* `mongodb_logrotate_template`: Jinja template for the logrotate configuration. Default `mongodb.logrotate.j2`.
+* `mongodb_systemd_service_override`: Content of a file to override systemd configuration.
IMPORTANT NOTE: It is expected that `mongodb_admin_user` & `mongodb_admin_pwd` values be overridden in your own file protected by Ansible Vault. These values are primary included here for Molecule/Travis CI integration. Any production environments should protect these values. For more information see [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html)
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/defaults/main.yml b/ansible_collections/community/mongodb/roles/mongodb_mongod/defaults/main.yml
index b0d9da221..3fd788ec2 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_mongod/defaults/main.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/defaults/main.yml
@@ -34,3 +34,15 @@ mongod_config_template: "mongod.conf.j2"
skip_restart: true
db_path: "{{ '/var/lib/mongodb' if ansible_os_family == 'Debian' else '/var/lib/mongo' if ansible_os_family == 'RedHat' else '/var/lib/mongo' }}"
mongodb_use_tls: false
+mongodb_disabled_tls_protocols: ""
+mongodb_allow_connections_without_certificates: false
+mongodb_logrotate_enabled: false
+mongodb_logrotate_template: "mongodb.logrotate.j2"
+
+# Override systemd default configuration
+# Some properties are not overridden: https://askubuntu.com/questions/659267/how-do-i-override-or-configure-systemd-services
+# Examples:
+# mongodb_systemd_service_override: |
+# [Service]
+# Restart=on-failure # Mongod will restart on-failure (by default mongod don't restart)
+mongodb_systemd_service_override: ""
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/handlers/main.yml b/ansible_collections/community/mongodb/roles/mongodb_mongod/handlers/main.yml
index 026817530..6653f9651 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_mongod/handlers/main.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/handlers/main.yml
@@ -12,3 +12,8 @@
host: "{{ bind_ip | split(',') | first }}"
port: "{{ mongod_port }}"
when: not skip_restart
+
+- name: Reload systemd configuration
+ listen: daemon-reload
+ systemd:
+ daemon_reload: true
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/molecule.yml
index e98e993dc..e3b8a0288 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/molecule.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/molecule.yml
@@ -18,8 +18,8 @@ platforms:
networks:
- name: "mongod"
network_mode: "mongod"
- - name: ubuntu_18
- image: ubuntu:18.04
+ - name: ubuntu_22_04
+ image: ubuntu:22.04
command: /sbin/init
privileged: True
networks:
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/playbook.yml b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/playbook.yml
index e0bee962e..6e7f5cbc7 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/playbook.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/playbook.yml
@@ -15,9 +15,20 @@
name: "{{ 'pymongo==3.12.*' if ansible_python_version[0:3] | float < 3.6 else 'pymongo' }}"
when: ansible_hostname == "fedora"
+ - name: Determine openssl version
+ command: openssl version
+ changed_when: false
+ register: openssl
+
+ - name: Set mongosh package version
+ set_fact:
+ mongosh_package: "{{ 'mongodb-mongosh-shared-openssl3' if openssl.stdout.startswith('OpenSSL 3') else 'mongodb-mongosh-shared-openssl11' }}"
+ when: mongosh_package is not defined
+
- name: Install MongoDB Shell
package:
- name: mongodb-mongosh
+ name:
+ - "{{ mongosh_package }}"
- name: Initialise replicaset
community.mongodb.mongodb_replicaset:
@@ -27,7 +38,7 @@
members:
- almalinux_8:27017
- fedora:27017
- - ubuntu_18:27017
+ - ubuntu_22_04:27017
- debian_bullseye:27017
- ubuntu_22:27017
when: ansible_hostname == "fedora"
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/tests/test_default.py b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/tests/test_default.py
index 9aca8518e..4376de40c 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/tests/test_default.py
+++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/custom_db_path/tests/test_default.py
@@ -64,7 +64,7 @@ def test_mongod_replicaset(host):
assert "rs0" in r.stdout
assert "almalinux_8:{0}".format(port) in r.stdout
assert "fedora:{0}".format(port) in r.stdout
- assert "ubuntu_18:{0}".format(port) in r.stdout
+ assert "ubuntu_22_04:{0}".format(port) in r.stdout
assert "ubuntu_22:{0}".format(port) in r.stdout
assert "debian_bullseye:{0}".format(port) in r.stdout
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/molecule.yml
index 2cbd158c4..deb681763 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/molecule.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/molecule.yml
@@ -18,8 +18,8 @@ platforms:
networks:
- name: "mongod"
network_mode: "mongod"
- - name: ubuntu_18
- image: ubuntu:18.04
+ - name: ubuntu_22_04
+ image: ubuntu:22.04
command: /sbin/init
privileged: True
networks:
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/playbook.yml b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/playbook.yml
index 54b4def97..0ef97010b 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/playbook.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/playbook.yml
@@ -13,9 +13,20 @@
name: "{{ 'pymongo==3.12.*' if ansible_python_version[0:3] | float < 3.6 else 'pymongo' }}"
when: ansible_hostname == "fedora"
+ - name: Determine openssl version
+ command: openssl version
+ changed_when: false
+ register: openssl
+
+ - name: Set mongosh package version
+ set_fact:
+ mongosh_package: "{{ 'mongodb-mongosh-shared-openssl3' if openssl.stdout.startswith('OpenSSL 3') else 'mongodb-mongosh-shared-openssl11' }}"
+ when: mongosh_package is not defined
+
- name: Install MongoDB Shell
package:
- name: mongodb-mongosh
+ name:
+ - "{{ mongosh_package }}"
- name: Initialise replicaset
community.mongodb.mongodb_replicaset:
@@ -25,7 +36,7 @@
members:
- almalinux_8:27017
- fedora:27017
- - ubuntu_18:27017
+ - ubuntu_22_04:27017
- debian_bullseye:27017
- ubuntu_22:27017
when: ansible_hostname == "fedora"
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/tests/test_default.py b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/tests/test_default.py
index 896f0ee58..6a68ce52c 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/tests/test_default.py
+++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/default/tests/test_default.py
@@ -64,7 +64,7 @@ def test_mongod_replicaset(host):
assert "rs0" in r.stdout
assert "almalinux_8:{0}".format(port) in r.stdout
assert "fedora:{0}".format(port) in r.stdout
- assert "ubuntu_18:{0}".format(port) in r.stdout
+ assert "ubuntu_22_04:{0}".format(port) in r.stdout
assert "ubuntu_22:{0}".format(port) in r.stdout
assert "debian_bullseye:{0}".format(port) in r.stdout
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/molecule.yml
index b3f2e1199..20a80cfc7 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/molecule.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/molecule.yml
@@ -18,8 +18,8 @@ platforms:
networks:
- name: "mongod"
network_mode: "mongod"
- - name: ubuntu_18
- image: ubuntu:18.04
+ - name: ubuntu_22_04
+ image: ubuntu:22.04
command: /sbin/init
privileged: True
networks:
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/playbook.yml b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/playbook.yml
index ba1a7f28a..7593d0781 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/playbook.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/playbook.yml
@@ -16,9 +16,20 @@
name: "{{ 'pymongo==3.12.*' if ansible_python_version[0:3] | float < 3.6 else 'pymongo' }}"
when: ansible_hostname == "fedora"
+ - name: Determine openssl version
+ command: openssl version
+ changed_when: false
+ register: openssl
+
+ - name: Set mongosh package version
+ set_fact:
+ mongosh_package: "{{ 'mongodb-mongosh-shared-openssl3' if openssl.stdout.startswith('OpenSSL 3') else 'mongodb-mongosh-shared-openssl11' }}"
+ when: mongosh_package is not defined
+
- name: Install MongoDB Shell
package:
- name: mongodb-mongosh
+ name:
+ - "{{ mongosh_package }}"
- name: Initialise replicaset
community.mongodb.mongodb_replicaset:
@@ -28,7 +39,7 @@
members:
- almalinux_8:27017
- fedora:27017
- - ubuntu_18:27017
+ - ubuntu_22_04:27017
- debian_bullseye:27017
- ubuntu_22:27017
when: ansible_hostname == "fedora"
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/tests/test_default.py b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/tests/test_default.py
index 6f54d5aad..adc23cda5 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/tests/test_default.py
+++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/molecule/multiple_bind_ip/tests/test_default.py
@@ -64,7 +64,7 @@ def test_mongod_replicaset(host):
assert "rs0" in r.stdout
assert "almalinux_8:{0}".format(port) in r.stdout
assert "fedora:{0}".format(port) in r.stdout
- assert "ubuntu_18:{0}".format(port) in r.stdout
+ assert "ubuntu_22_04:{0}".format(port) in r.stdout
assert "ubuntu_22:{0}".format(port) in r.stdout
assert "debian_bullseye:{0}".format(port) in r.stdout
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/tasks/logrotate.yml b/ansible_collections/community/mongodb/roles/mongodb_mongod/tasks/logrotate.yml
new file mode 100644
index 000000000..e72fa33d2
--- /dev/null
+++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/tasks/logrotate.yml
@@ -0,0 +1,9 @@
+---
+- name: Install logrotate configuration
+ ansible.builtin.template:
+ src: "{{ mongodb_logrotate_template }}"
+ dest: /etc/logrotate.d/mongod
+ tags:
+ - "mongodb"
+ - "setup"
+ - "service"
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/tasks/main.yml b/ansible_collections/community/mongodb/roles/mongodb_mongod/tasks/main.yml
index bd1eb944d..1f1072a63 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_mongod/tasks/main.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/tasks/main.yml
@@ -64,6 +64,30 @@
- "mongodb"
- "setup"
+- name: Override mongod service
+ when: mongodb_systemd_service_override | length > 0
+ tags:
+ - "mongodb"
+ - "setup"
+ - "service"
+ block:
+ - name: "Create {{ mongod_service }}.service.d directory"
+ file:
+ path: "/etc/systemd/system/{{ mongod_service }}.service.d/"
+ state: directory
+ owner: root
+ group: root
+ mode: 0755
+
+ - name: Override mongod service from provided content
+ copy:
+ content: "{{ mongodb_systemd_service_override }}"
+ dest: "/etc/systemd/system/{{ mongod_service }}.service.d/override.conf"
+ owner: root
+ group: root
+ mode: 0644
+ notify: daemon-reload
+
- name: Check for github override
set_fact:
x_github_override: "{{ lookup('env', 'X_GITHUB_OVERRIDE') | default('0', True) }}"
@@ -79,6 +103,15 @@
- "mongodb"
- "setup"
- "service"
+
+- name: Configure logrotate if enabled
+ when: mongodb_logrotate_enabled
+ ansible.builtin.include_tasks: logrotate.yml
+ tags:
+ - "mongodb"
+ - "setup"
+ - "service"
+
# debug section
- pause:
seconds: 5
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/templates/mongod.conf.j2 b/ansible_collections/community/mongodb/roles/mongodb_mongod/templates/mongod.conf.j2
index 9ff5a5dec..cd2d1f0fc 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_mongod/templates/mongod.conf.j2
+++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/templates/mongod.conf.j2
@@ -8,6 +8,9 @@ systemLog:
destination: file
logAppend: true
path: {{ log_path }}
+{% if mongodb_logrotate_enabled %}
+ logRotate: reopen
+{% endif %}
# Where and how to store data.
storage:
@@ -41,6 +44,12 @@ net:
mode: requireTLS
certificateKeyFile: {{ mongodb_certificate_key_file }}
CAFile: {{ mongodb_certificate_ca_file }}
+{% if mongodb_disabled_tls_protocols != "" %}
+ disabledProtocols: {{ mongodb_disabled_tls_protocols }}
+{% endif %}
+{% if mongodb_allow_connections_without_certificates %}
+ allowConnectionsWithoutCertificates: true
+{% endif %}
{% endif %}
{% if authorization == "enabled" %}
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongod/templates/mongodb.logrotate.j2 b/ansible_collections/community/mongodb/roles/mongodb_mongod/templates/mongodb.logrotate.j2
new file mode 100644
index 000000000..4cecbcadd
--- /dev/null
+++ b/ansible_collections/community/mongodb/roles/mongodb_mongod/templates/mongodb.logrotate.j2
@@ -0,0 +1,14 @@
+{{ log_path }} {
+ daily
+ size 100M
+ rotate 5
+ missingok
+ compress
+ delaycompress
+ notifempty
+ create 640 {{ mongodb_user }} {{ mongodb_group }}
+ sharedscripts
+ postrotate
+ /bin/kill -SIGUSR1 `pidof {{ mongod_service }} 2>/dev/null` >/dev/null 2>&1
+ endscript
+}
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/README.md b/ansible_collections/community/mongodb/roles/mongodb_mongos/README.md
index 414246781..de935f0b6 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_mongos/README.md
+++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/README.md
@@ -13,24 +13,26 @@ good idea to mention in this section that the boto package is required.
Role Variables
--------------
-* `mongos_port`: The port used by the mongos process. Default 27017.
-* `mongos_service`: The name of the mongos service. Default mongos.
-* `mongodb_user`: The Linux OS user for MongoDB. Default mongod.
-* `mongodb_group`: The Linux OS user group for MongoDB. Default mongod.
-* `pid_file`: The pid file for mongos. Default /run/mongodb/mongos.pid.
-* `bind_ip`: The IP address mongos will bind to. Default 0.0.0.0.
-* `bind_ip_all`: Have mongos bind to all IP addresses instead of specifying `bind_ip`. Default false.
-* `log_path`: Path of the log file. Default: /var/log/mongodb/mongos.log.
-* `mypy`: Python interpretor. Default python
-* `mongos_package`: The name of the mongos installation package. Default mongodb-org-mongos.
-* `config_repl_set_name`: The name of the config server replicaset. Default cfg.
+* `mongos_port`: The port used by the mongos process. Default `27017`.
+* `mongos_service`: The name of the mongos service. Default `mongos`.
+* `mongodb_user`: The Linux OS user for MongoDB. Default `mongod`.
+* `mongodb_group`: The Linux OS user group for MongoDB. Default `mongod`.
+* `pid_file`: The pid file for mongos. Default `/run/mongodb/mongos.pid`.
+* `bind_ip`: The IP address mongos will bind to. Default `0.0.0.0`.
+* `bind_ip_all`: Have mongos bind to all IP addresses instead of specifying `bind_ip`. Default `false`.
+* `log_path`: Path of the log file. Default: `/var/log/mongodb/mongos.log`.
+* `mypy`: Python interpretor. Default `python`.
+* `mongos_package`: The name of the mongos installation package. Default `mongodb-org-mongos`.
+* `config_repl_set_name`: The name of the config server replicaset. Default `cfg`.
* `config_servers`: "config1:27019, config2:27019, config3:27019"
* `openssl_keyfile_content`: The kexfile content that MongoDB uses to authenticate within a replicaset. Generate with cmd: openssl rand -base64 756.
-* `openssl_keyfile_path`: Put the openssl_keyfile at this path. Default: /etc/keyfile
+* `openssl_keyfile_path`: Put the openssl_keyfile at this path. Default: `/etc/keyfile`.
* `net_compressors`: If this is set, this sets `net.compression.compressors` in mongos.conf.
-* `mongos_config_template`: If defined allows to override path to mongod config template with custom configuration. Default "mongos.conf.j2"
+* `mongos_config_template`: If defined allows to override path to mongod config template with custom configuration. Default `mongos.conf.j2`.
* `skip_restart`: If set to `true` will skip restarting mongos service when config file or the keyfile content changes. Default `true`.
-* `mongodb_use_tls`: Wether to use tls. Default false.
+* `mongodb_use_tls`: Whether to use tls. Default `false`.
+* `mongodb_disabled_tls_protocols`: The tls protocols to be disabled. Leave blank to let MongoDB decide which protocols to allow according to the ones available on the system; check the [official docs](https://www.mongodb.com/docs/v6.0/reference/configuration-options/#mongodb-setting-net.tls.disabledProtocols) for details. Default "".
+* `mongodb_allow_connections_without_certificates`: When enabled allows to bypass the certificate validation for clients that do not present a certificate, if a certificate is provided it _must_ be valid. Default `false`.
* `mongodb_certificate_key_file`: Path to the PEM-file containing the certficate and private key.
* `mongodb_certificate_ca_file`: Path to the CA-file.
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/defaults/main.yml b/ansible_collections/community/mongodb/roles/mongodb_mongos/defaults/main.yml
index 6d91e8814..0ca7f0371 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_mongos/defaults/main.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/defaults/main.yml
@@ -31,3 +31,5 @@ net_compressors: null
mongos_config_template: "mongos.conf.j2"
skip_restart: true
mongodb_use_tls: false
+mongodb_disabled_tls_protocols: ""
+mongodb_allow_connections_without_certificates: false
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/molecule.yml
index b361e644c..f1e8d4999 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/molecule.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/molecule.yml
@@ -28,8 +28,8 @@ platforms:
networks:
- name: "mymongos"
network_mode: "mymongos"
- - name: ubuntu_18
- image: ubuntu:18.04
+ - name: ubuntu_22_04
+ image: ubuntu:22.04
command: /sbin/init
privileged: True
networks:
@@ -50,7 +50,7 @@ platforms:
# - name: "mymongos"
# network_mode: "mymongos"
- name: config1
- image: ubuntu:18.04
+ image: ubuntu:22.04
command: /sbin/init
privileged: True
networks:
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/playbook.yml b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/playbook.yml
index de0e856ba..cee69734a 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/playbook.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/playbook.yml
@@ -26,9 +26,20 @@
name: "{{ 'pymongo==3.12.*' if ansible_python_version[0:3] | float < 3.6 else 'pymongo' }}"
when: ansible_hostname == "config1"
+ - name: Determine openssl version
+ command: openssl version
+ changed_when: false
+ register: openssl
+
+ - name: Set mongosh package version
+ set_fact:
+ mongosh_package: "{{ 'mongodb-mongosh-shared-openssl3' if openssl.stdout.startswith('OpenSSL 3') else 'mongodb-mongosh-shared-openssl11' }}"
+ when: mongosh_package is not defined
+
- name: Install MongoDB Shell
package:
- name: mongodb-mongosh
+ name:
+ - "{{ mongosh_package }}"
- name: Init config server replicaset
community.mongodb.mongodb_replicaset:
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/prepare.yml b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/prepare.yml
index 40efdd033..d9a4dd252 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/prepare.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/molecule/default/prepare.yml
@@ -20,4 +20,8 @@
ansible.builtin.package:
name: "{{ redhat_packages }}"
state: present
- when: ansible_os_family == "RedHat" \ No newline at end of file
+ when: ansible_os_family == "RedHat"
+
+ - name: Install openssl
+ package:
+ name: openssl \ No newline at end of file
diff --git a/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos.conf.j2 b/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos.conf.j2
index 6c61b8716..f9726f2f5 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos.conf.j2
+++ b/ansible_collections/community/mongodb/roles/mongodb_mongos/templates/mongos.conf.j2
@@ -19,6 +19,12 @@ net:
mode: requireTLS
certificateKeyFile: {{ mongodb_certificate_key_file }}
CAFile: {{ mongodb_certificate_ca_file }}
+{% if mongodb_disabled_tls_protocols != "" %}
+ disabledProtocols: {{ mongodb_disabled_tls_protocols }}
+{% endif %}
+{% if mongodb_allow_connections_without_certificates %}
+ allowConnectionsWithoutCertificates: true
+{% endif %}
{% endif %}
sharding:
configDB: "{{ config_repl_set_name }}/{{ config_servers }}"
diff --git a/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/default/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/default/molecule.yml
index a750255f9..18ab8e812 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/default/molecule.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_repository/molecule/default/molecule.yml
@@ -11,8 +11,8 @@ lint:
platforms:
- name: almalinux_8
image: almalinux:8
- - name: ubuntu_18
- image: ubuntu:18.04
+ - name: ubuntu_22_04
+ image: ubuntu:22.04
- name: ubuntu_22
image: ubuntu:22.04
- name: debian_bullseye
diff --git a/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/default/molecule.yml b/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/default/molecule.yml
index 907a32abc..c54825da3 100644
--- a/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/default/molecule.yml
+++ b/ansible_collections/community/mongodb/roles/mongodb_selinux/molecule/default/molecule.yml
@@ -11,8 +11,8 @@ lint:
platforms:
- name: almalinux_8
image: almalinux:8
- - name: ubuntu_18
- image: ubuntu:18.04
+ - name: ubuntu_22_04
+ image: ubuntu:22.04
- name: ubuntu_22
image: ubuntu:22.04
- name: debian_bullseye