Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support non-standard mongo port #65

Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion roles/gateway/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright (c) 2024, Itential, Inc
Z# Copyright (c) 2024, Itential, Inc
# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
kvelarde-itential marked this conversation as resolved.
Show resolved Hide resolved
---
- name: Include release vars
Expand Down
10 changes: 10 additions & 0 deletions roles/mongodb/tasks/configure-selinux.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,16 @@
ansible.builtin.include_role:
name: selinux

- name: Allow mongodb to listen on tcp port when using non-standard mongo port
when:
- ansible_selinux.status == "enabled"
- mongo_port != 27017
community.general.seport:
ports: "{{ mongo_port }}"
proto: tcp
setype: mongod_port_t
state: present

steven-schattenberg-itential marked this conversation as resolved.
Show resolved Hide resolved
# MongoDB is configured to use non-default paths for its data and log
# directories. First, we need to update the SELinux policy to allow the
# mongod service to use the new directory, it’s worth to note that we
Expand Down
3 changes: 3 additions & 0 deletions roles/mongodb/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -200,6 +200,7 @@
# This creates the admin user that has root access to the database
- name: Add admin user to database
community.mongodb.mongodb_user:
login_port: "{{ mongo_port }}"
login_user: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary('admin', omit) }}"
login_password: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary(mongo_user_admin_password, omit) }}"
steven-schattenberg-itential marked this conversation as resolved.
Show resolved Hide resolved
database: "{{ mongo_admin_db_name }}"
Expand All @@ -218,6 +219,7 @@
# itential database. It is used by IAP to connect to the db.
- name: Add itential user to database
community.mongodb.mongodb_user:
login_port: "{{ mongo_port }}"
login_user: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary('admin', omit) }}"
login_password: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary(mongo_user_admin_password, omit) }}"
steven-schattenberg-itential marked this conversation as resolved.
Show resolved Hide resolved
database: "{{ mongo_itential_db_name }}"
Expand All @@ -236,6 +238,7 @@
# LocalAAA database. It is used by the local AAA adapter to login to IAP.
- name: Add localaaa user to database
community.mongodb.mongodb_user:
login_port: "{{ mongo_port }}"
login_user: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary('admin', omit) }}"
login_password: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary(mongo_user_admin_password, omit) }}"
steven-schattenberg-itential marked this conversation as resolved.
Show resolved Hide resolved
database: "{{ mongo_localaaa_db_name }}"
Expand Down
3 changes: 3 additions & 0 deletions roles/mongodb_common/tasks/check-auth-status.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@

- name: Check if auth is enabled
community.mongodb.mongodb_shell:
login_user: "{{ mongo_auth_enabled is defined and mongo_auth_enabled | ternary('admin', omit) }}"
login_password: "{{ mongo_auth_enabled is defined and mongo_auth_enabled | ternary(mongo_user_admin_password, omit) }}"
login_port: "{{ mongo_port }}"
mongo_cmd: auto
db: admin
eval: "db.getUsers()"
Expand Down
2 changes: 2 additions & 0 deletions roles/mongodb_common/tasks/determine-primary-server.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
mongo_cmd: auto
login_user: "{{ mongo_auth_enabled is defined and mongo_auth_enabled | ternary('admin', omit) }}"
login_password: "{{ mongo_auth_enabled is defined and mongo_auth_enabled | ternary(mongo_user_admin_password, omit) }}"
login_port: "{{ mongo_port }}"
eval: "rs.status()"
register: rs_status_result
changed_when: false
Expand All @@ -29,6 +30,7 @@
community.mongodb.mongodb_status:
login_user: "{{ mongo_auth_enabled is defined and mongo_auth_enabled | ternary('admin', omit) }}"
login_password: "{{ mongo_auth_enabled is defined and mongo_auth_enabled | ternary(mongo_user_admin_password, omit) }}"
login_port: "{{ mongo_port }}"
replica_set: rs0
register: mongodb_status_result

Expand Down
18 changes: 14 additions & 4 deletions roles/mongodb_replication/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,17 +28,24 @@
tasks_from: restart-mongo.yml
when: result1.changed or result2.changed

- name: Set empty array of mongo servers
ansible.builtin.set_fact:
mongodb_servers: []

# This task should always run, arbiter or not
- name: Create the replicaset members list (no arbiter)
ansible.builtin.set_fact:
mongodb_servers: "{{ groups.mongodb }}"
mongodb_servers: "{{ mongodb_servers + [item + ':' + mongo_port | string] }}"
with_items: "{{ groups.mongodb }}"
when:
- inventory_hostname in groups.mongodb
- groups.mongodb.index(inventory_hostname) == 0
- not groups.mongodb_arbiter is defined

- name: Create the replicaset members list (with arbiter)
# This task will only run when there is an arbiter defined in the hosts file
- name: Add the arbiter to the list of servers when there is one
ansible.builtin.set_fact:
mongodb_servers: "{{ groups.mongodb + groups.mongodb_arbiter }}"
mongodb_servers: "{{ mongodb_servers + [item + ':' + mongo_port | string] }}"
with_items: "{{ groups.mongodb_arbiter }}"
when:
- inventory_hostname in groups.mongodb
- groups.mongodb.index(inventory_hostname) == 0
Expand All @@ -48,6 +55,7 @@
community.mongodb.mongodb_replicaset:
login_user: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary('admin', omit) }}"
login_password: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary(mongo_user_admin_password, omit) }}"
login_port: "{{ mongo_port }}"
replica_set: "{{ mongo_replset_name }}"
members: "{{ mongodb_servers }}"
arbiter_at_index: "{{ (groups.mongodb_arbiter | default([]) | length > 0) | ternary(mongodb_servers | length - 1, omit) }}"
Expand All @@ -61,6 +69,7 @@
community.mongodb.mongodb_status:
login_user: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary('admin', omit) }}"
login_password: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary(mongo_user_admin_password, omit) }}"
login_port: "{{ mongo_port }}"
login_database: admin
poll: 3
interval: 10
Expand Down Expand Up @@ -113,6 +122,7 @@
mongo_cmd: auto
login_user: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary('admin', omit) }}"
login_password: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary(mongo_user_admin_password, omit) }}"
login_port: "{{ mongo_port }}"
login_database: admin
eval: db.adminCommand({"setDefaultRWConcern":1,"defaultWriteConcern":{"w":1}})
when:
Expand Down
Loading