Support non-standard mongo port (itential#65)

* resolved conflicts * Adding port var to mongo tasks to support non-standard ports * Fixed typo * Resolved code review items
kvelarde-itential · Sep 21, 2024 · 6fc1c03 · 6fc1c03
1 parent bd588c3
commit 6fc1c03
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 4 deletions.
diff --git a/roles/mongodb/tasks/configure-selinux.yml b/roles/mongodb/tasks/configure-selinux.yml
@@ -8,6 +8,16 @@
       ansible.builtin.include_role:
         name: selinux
 
+    - name: Allow mongodb to listen on tcp port when using non-standard mongo port
+      community.general.seport:
+        ports: "{{ mongo_port }}"
+        proto: tcp
+        setype: mongod_port_t
+        state: present
+      when:
+        - ansible_selinux.status == "enabled"
+        - mongo_port != 27017
+
     # MongoDB is configured to use non-default paths for its data and log
     # directories. First, we need to update the SELinux policy to allow the
     # mongod service to use the new directory, it’s worth to note that we

diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml
@@ -202,6 +202,7 @@
       community.mongodb.mongodb_user:
         login_user: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary('admin', omit) }}"
         login_password: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary(mongo_user_admin_password, omit) }}"
+        login_port: "{{ mongo_port }}"
         database: "{{ mongo_admin_db_name }}"
         name: admin
         password: "{{ mongo_user_admin_password }}"
@@ -220,6 +221,7 @@
       community.mongodb.mongodb_user:
         login_user: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary('admin', omit) }}"
         login_password: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary(mongo_user_admin_password, omit) }}"
+        login_port: "{{ mongo_port }}"
         database: "{{ mongo_itential_db_name }}"
         user: itential
         password: "{{ mongo_user_itential_password }}"
@@ -238,6 +240,7 @@
       community.mongodb.mongodb_user:
         login_user: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary('admin', omit) }}"
         login_password: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary(mongo_user_admin_password, omit) }}"
+        login_port: "{{ mongo_port }}"
         database: "{{ mongo_localaaa_db_name }}"
         user: localaaa
         password: "{{ mongo_user_localaaa_password }}"

diff --git a/roles/mongodb_common/tasks/check-auth-status.yml b/roles/mongodb_common/tasks/check-auth-status.yml
@@ -10,6 +10,9 @@
 
     - name: Check if auth is enabled
       community.mongodb.mongodb_shell:
+        login_user: "{{ mongo_auth_enabled is defined and mongo_auth_enabled | ternary('admin', omit) }}"
+        login_password: "{{ mongo_auth_enabled is defined and mongo_auth_enabled | ternary(mongo_user_admin_password, omit) }}"
+        login_port: "{{ mongo_port }}"
         mongo_cmd: auto
         db: admin
         eval: "db.getUsers()"

diff --git a/roles/mongodb_common/tasks/determine-primary-server.yml b/roles/mongodb_common/tasks/determine-primary-server.yml
@@ -10,6 +10,7 @@
     mongo_cmd: auto
     login_user: "{{ mongo_auth_enabled is defined and mongo_auth_enabled | ternary('admin', omit) }}"
     login_password: "{{ mongo_auth_enabled is defined and mongo_auth_enabled | ternary(mongo_user_admin_password, omit) }}"
+    login_port: "{{ mongo_port }}"
     eval: "rs.status()"
   register: rs_status_result
   changed_when: false
@@ -29,6 +30,7 @@
       community.mongodb.mongodb_status:
         login_user: "{{ mongo_auth_enabled is defined and mongo_auth_enabled | ternary('admin', omit) }}"
         login_password: "{{ mongo_auth_enabled is defined and mongo_auth_enabled | ternary(mongo_user_admin_password, omit) }}"
+        login_port: "{{ mongo_port }}"
         replica_set: rs0
       register: mongodb_status_result
 

diff --git a/roles/mongodb_replication/tasks/main.yml b/roles/mongodb_replication/tasks/main.yml
@@ -28,17 +28,24 @@
     tasks_from: restart-mongo.yml
   when: result1.changed or result2.changed
 
+- name: Set empty array of mongo servers
+  ansible.builtin.set_fact:
+    mongodb_servers: []
+
+# This task should always run, arbiter or not
 - name: Create the replicaset members list (no arbiter)
   ansible.builtin.set_fact:
-    mongodb_servers: "{{ groups.mongodb }}"
+    mongodb_servers: "{{ mongodb_servers + [item + ':' + mongo_port | string] }}"
+  with_items: "{{ groups.mongodb }}"
   when:
     - inventory_hostname in groups.mongodb
     - groups.mongodb.index(inventory_hostname) == 0
-    - not groups.mongodb_arbiter is defined
 
-- name: Create the replicaset members list (with arbiter)
+# This task will only run when there is an arbiter defined in the hosts file
+- name: Add the arbiter to the list of servers when there is one
   ansible.builtin.set_fact:
-    mongodb_servers: "{{ groups.mongodb + groups.mongodb_arbiter }}"
+    mongodb_servers: "{{ mongodb_servers + [item + ':' + mongo_port | string] }}"
+  with_items: "{{ groups.mongodb_arbiter }}"
   when:
     - inventory_hostname in groups.mongodb
     - groups.mongodb.index(inventory_hostname) == 0
@@ -48,6 +55,7 @@
   community.mongodb.mongodb_replicaset:
     login_user: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary('admin', omit) }}"
     login_password: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary(mongo_user_admin_password, omit) }}"
+    login_port: "{{ mongo_port }}"
     replica_set: "{{ mongo_replset_name }}"
     members: "{{ mongodb_servers }}"
     arbiter_at_index: "{{ (groups.mongodb_arbiter | default([]) | length > 0) | ternary(mongodb_servers | length - 1, omit) }}"
@@ -61,6 +69,7 @@
   community.mongodb.mongodb_status:
     login_user: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary('admin', omit) }}"
     login_password: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary(mongo_user_admin_password, omit) }}"
+    login_port: "{{ mongo_port }}"
     login_database: admin
     poll: 3
     interval: 10
@@ -113,6 +122,7 @@
     mongo_cmd: auto
     login_user: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary('admin', omit) }}"
     login_password: "{{ mongodb_auth_enabled is defined and mongodb_auth_enabled | ternary(mongo_user_admin_password, omit) }}"
+    login_port: "{{ mongo_port }}"
     login_database: admin
     eval: db.adminCommand({"setDefaultRWConcern":1,"defaultWriteConcern":{"w":1}})
   when: