From 386f2ad16836b1df357411b1aff14bf52436885b Mon Sep 17 00:00:00 2001 From: Steven Schattenberg Date: Thu, 15 Aug 2024 06:15:54 -0400 Subject: [PATCH 1/4] resolved conflicts --- roles/gateway/tasks/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/gateway/tasks/main.yml b/roles/gateway/tasks/main.yml index ba1060b..a38040c 100644 --- a/roles/gateway/tasks/main.yml +++ b/roles/gateway/tasks/main.yml @@ -173,7 +173,11 @@ - name: Create properties.yml using template based on the version ansible.builtin.template: src: "properties.{{ iag_release }}.yml.j2" +<<<<<<< Updated upstream:roles/gateway/tasks/main.yml dest: "{{ iag_properties_location }}/properties.yml" +======= + dest: "{{ iag_properties_location }}/properties.yaml" +>>>>>>> Stashed changes:roles/gateway/tasks/main.yaml owner: "{{ iag_user }}" group: "{{ iag_group }}" mode: "0600" From 1f0acec77fa9d6e1e12344290b581549e409febb Mon Sep 17 00:00:00 2001 From: Steven Schattenberg Date: Wed, 18 Sep 2024 14:57:04 -0400 Subject: [PATCH 2/4] Adding port var to mongo tasks to support non-standard ports --- roles/gateway/tasks/main.yml | 6 +----- roles/mongodb/tasks/configure-selinux.yml | 10 ++++++++++ roles/mongodb/tasks/main.yml | 3 +++ .../mongodb_common/tasks/check-auth-status.yml | 3 +++ .../tasks/determine-primary-server.yml | 2 ++ roles/mongodb_replication/tasks/main.yml | 18 ++++++++++++++---- 6 files changed, 33 insertions(+), 9 deletions(-) diff --git a/roles/gateway/tasks/main.yml b/roles/gateway/tasks/main.yml index a38040c..98dfdc4 100644 --- a/roles/gateway/tasks/main.yml +++ b/roles/gateway/tasks/main.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2024, Itential, Inc +Z# Copyright (c) 2024, Itential, Inc # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- - name: Include release vars @@ -173,11 +173,7 @@ - name: Create properties.yml using template based on the version ansible.builtin.template: src: "properties.{{ iag_release }}.yml.j2" -<<<<<<< Updated upstream:roles/gateway/tasks/main.yml dest: "{{ iag_properties_location }}/properties.yml" -======= - dest: "{{ iag_properties_location }}/properties.yaml" ->>>>>>> Stashed changes:roles/gateway/tasks/main.yaml owner: "{{ iag_user }}" group: "{{ iag_group }}" mode: "0600" diff --git a/roles/mongodb/tasks/configure-selinux.yml b/roles/mongodb/tasks/configure-selinux.yml index 542e65f..1b969e2 100644 --- a/roles/mongodb/tasks/configure-selinux.yml +++ b/roles/mongodb/tasks/configure-selinux.yml @@ -8,6 +8,16 @@ ansible.builtin.include_role: name: selinux + - name: Allow mongodb to listen on tcp port when using non-standard mongo port + when: + - ansible_selinux.status == "enabled" + - mongo_port != 27017 + community.general.seport: + ports: "{{ mongo_port }}" + proto: tcp + setype: mongod_port_t + state: present + # MongoDB is configured to use non-default paths for its data and log # directories. First, we need to update the SELinux policy to allow the # mongod service to use the new directory, it’s worth to note that we diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index 9f47eba..968633e 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -200,6 +200,7 @@ # This creates the admin user that has root access to the database - name: Add admin user to database community.mongodb.mongodb_user: + login_port: "{{ mongo_port }}" login_user: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary('admin', omit) }}" login_password: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary(mongo_user_admin_password, omit) }}" database: "{{ mongo_admin_db_name }}" @@ -218,6 +219,7 @@ # itential database. It is used by IAP to connect to the db. - name: Add itential user to database community.mongodb.mongodb_user: + login_port: "{{ mongo_port }}" login_user: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary('admin', omit) }}" login_password: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary(mongo_user_admin_password, omit) }}" database: "{{ mongo_itential_db_name }}" @@ -236,6 +238,7 @@ # LocalAAA database. It is used by the local AAA adapter to login to IAP. - name: Add localaaa user to database community.mongodb.mongodb_user: + login_port: "{{ mongo_port }}" login_user: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary('admin', omit) }}" login_password: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary(mongo_user_admin_password, omit) }}" database: "{{ mongo_localaaa_db_name }}" diff --git a/roles/mongodb_common/tasks/check-auth-status.yml b/roles/mongodb_common/tasks/check-auth-status.yml index 197dc2c..13f4b2f 100644 --- a/roles/mongodb_common/tasks/check-auth-status.yml +++ b/roles/mongodb_common/tasks/check-auth-status.yml @@ -10,6 +10,9 @@ - name: Check if auth is enabled community.mongodb.mongodb_shell: + login_user: "{{ mongo_auth_enabled is defined and mongo_auth_enabled | ternary('admin', omit) }}" + login_password: "{{ mongo_auth_enabled is defined and mongo_auth_enabled | ternary(mongo_user_admin_password, omit) }}" + login_port: "{{ mongo_port }}" mongo_cmd: auto db: admin eval: "db.getUsers()" diff --git a/roles/mongodb_common/tasks/determine-primary-server.yml b/roles/mongodb_common/tasks/determine-primary-server.yml index b06e43f..1fb6dd0 100644 --- a/roles/mongodb_common/tasks/determine-primary-server.yml +++ b/roles/mongodb_common/tasks/determine-primary-server.yml @@ -10,6 +10,7 @@ mongo_cmd: auto login_user: "{{ mongo_auth_enabled is defined and mongo_auth_enabled | ternary('admin', omit) }}" login_password: "{{ mongo_auth_enabled is defined and mongo_auth_enabled | ternary(mongo_user_admin_password, omit) }}" + login_port: "{{ mongo_port }}" eval: "rs.status()" register: rs_status_result changed_when: false @@ -29,6 +30,7 @@ community.mongodb.mongodb_status: login_user: "{{ mongo_auth_enabled is defined and mongo_auth_enabled | ternary('admin', omit) }}" login_password: "{{ mongo_auth_enabled is defined and mongo_auth_enabled | ternary(mongo_user_admin_password, omit) }}" + login_port: "{{ mongo_port }}" replica_set: rs0 register: mongodb_status_result diff --git a/roles/mongodb_replication/tasks/main.yml b/roles/mongodb_replication/tasks/main.yml index eacb57b..c38be64 100644 --- a/roles/mongodb_replication/tasks/main.yml +++ b/roles/mongodb_replication/tasks/main.yml @@ -28,17 +28,24 @@ tasks_from: restart-mongo.yml when: result1.changed or result2.changed +- name: Set empty array of mongo servers + ansible.builtin.set_fact: + mongodb_servers: [] + +# This task should always run, arbiter or not - name: Create the replicaset members list (no arbiter) ansible.builtin.set_fact: - mongodb_servers: "{{ groups.mongodb }}" + mongodb_servers: "{{ mongodb_servers + [item + ':' + mongo_port | string] }}" + with_items: "{{ groups.mongodb }}" when: - inventory_hostname in groups.mongodb - groups.mongodb.index(inventory_hostname) == 0 - - not groups.mongodb_arbiter is defined -- name: Create the replicaset members list (with arbiter) +# This task will only run when there is an arbiter defined in the hosts file +- name: Add the arbiter to the list of servers when there is one ansible.builtin.set_fact: - mongodb_servers: "{{ groups.mongodb + groups.mongodb_arbiter }}" + mongodb_servers: "{{ mongodb_servers + [item + ':' + mongo_port | string] }}" + with_items: "{{ groups.mongodb_arbiter }}" when: - inventory_hostname in groups.mongodb - groups.mongodb.index(inventory_hostname) == 0 @@ -48,6 +55,7 @@ community.mongodb.mongodb_replicaset: login_user: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary('admin', omit) }}" login_password: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary(mongo_user_admin_password, omit) }}" + login_port: "{{ mongo_port }}" replica_set: "{{ mongo_replset_name }}" members: "{{ mongodb_servers }}" arbiter_at_index: "{{ (groups.mongodb_arbiter | default([]) | length > 0) | ternary(mongodb_servers | length - 1, omit) }}" @@ -61,6 +69,7 @@ community.mongodb.mongodb_status: login_user: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary('admin', omit) }}" login_password: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary(mongo_user_admin_password, omit) }}" + login_port: "{{ mongo_port }}" login_database: admin poll: 3 interval: 10 @@ -113,6 +122,7 @@ mongo_cmd: auto login_user: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary('admin', omit) }}" login_password: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary(mongo_user_admin_password, omit) }}" + login_port: "{{ mongo_port }}" login_database: admin eval: db.adminCommand({"setDefaultRWConcern":1,"defaultWriteConcern":{"w":1}}) when: From b0d61c1bd94ea416a82b6ce6b34b2fd1c56876f0 Mon Sep 17 00:00:00 2001 From: Steven Schattenberg Date: Wed, 18 Sep 2024 15:04:44 -0400 Subject: [PATCH 3/4] Fixed typo --- roles/gateway/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gateway/tasks/main.yml b/roles/gateway/tasks/main.yml index 98dfdc4..ba1060b 100644 --- a/roles/gateway/tasks/main.yml +++ b/roles/gateway/tasks/main.yml @@ -1,4 +1,4 @@ -Z# Copyright (c) 2024, Itential, Inc +# Copyright (c) 2024, Itential, Inc # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- - name: Include release vars From 46434536b3e7bd7d522bdf38834589000fd17930 Mon Sep 17 00:00:00 2001 From: Steven Schattenberg Date: Wed, 18 Sep 2024 15:13:02 -0400 Subject: [PATCH 4/4] Resolved code review items --- roles/mongodb/tasks/configure-selinux.yml | 6 +++--- roles/mongodb/tasks/main.yml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/mongodb/tasks/configure-selinux.yml b/roles/mongodb/tasks/configure-selinux.yml index 1b969e2..beb346d 100644 --- a/roles/mongodb/tasks/configure-selinux.yml +++ b/roles/mongodb/tasks/configure-selinux.yml @@ -9,14 +9,14 @@ name: selinux - name: Allow mongodb to listen on tcp port when using non-standard mongo port - when: - - ansible_selinux.status == "enabled" - - mongo_port != 27017 community.general.seport: ports: "{{ mongo_port }}" proto: tcp setype: mongod_port_t state: present + when: + - ansible_selinux.status == "enabled" + - mongo_port != 27017 # MongoDB is configured to use non-default paths for its data and log # directories. First, we need to update the SELinux policy to allow the diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index 968633e..235f420 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -200,9 +200,9 @@ # This creates the admin user that has root access to the database - name: Add admin user to database community.mongodb.mongodb_user: - login_port: "{{ mongo_port }}" login_user: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary('admin', omit) }}" login_password: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary(mongo_user_admin_password, omit) }}" + login_port: "{{ mongo_port }}" database: "{{ mongo_admin_db_name }}" name: admin password: "{{ mongo_user_admin_password }}" @@ -219,9 +219,9 @@ # itential database. It is used by IAP to connect to the db. - name: Add itential user to database community.mongodb.mongodb_user: - login_port: "{{ mongo_port }}" login_user: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary('admin', omit) }}" login_password: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary(mongo_user_admin_password, omit) }}" + login_port: "{{ mongo_port }}" database: "{{ mongo_itential_db_name }}" user: itential password: "{{ mongo_user_itential_password }}" @@ -238,9 +238,9 @@ # LocalAAA database. It is used by the local AAA adapter to login to IAP. - name: Add localaaa user to database community.mongodb.mongodb_user: - login_port: "{{ mongo_port }}" login_user: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary('admin', omit) }}" login_password: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary(mongo_user_admin_password, omit) }}" + login_port: "{{ mongo_port }}" database: "{{ mongo_localaaa_db_name }}" user: localaaa password: "{{ mongo_user_localaaa_password }}"