Ansible role to install and configure a MongoDB object/document-oriented database.
Building and improving this Ansible role have been sponsored by my current and previous employers like Cloudpunks GmbH and Proact Deutschland GmbH.
- Requirements
- Default Variables
- mongodb_admin_update_password
- mongodb_backup_addition_script
- mongodb_backup_cron
- mongodb_backup_enabled
- mongodb_backup_formatting
- mongodb_backup_ignore
- mongodb_backup_path
- mongodb_backup_retention
- mongodb_cloud_monitoring_free_state
- mongodb_exporter_args
- mongodb_exporter_collect_collection
- mongodb_exporter_collect_database
- mongodb_exporter_collect_indexusage
- mongodb_exporter_collect_replicaset
- mongodb_exporter_collect_topmetrics
- mongodb_exporter_connection
- mongodb_exporter_download
- mongodb_exporter_enabled
- mongodb_exporter_password
- mongodb_exporter_username
- mongodb_exporter_version
- mongodb_extra_users
- mongodb_general_users
- mongodb_group
- mongodb_keyfile_content
- mongodb_keyfile_path
- mongodb_keyring
- mongodb_limit_files
- mongodb_limit_procs
- mongodb_logrotate_retention
- mongodb_master_node
- mongodb_metrics_password
- mongodb_metrics_update_password
- mongodb_metrics_username
- mongodb_net_bindip
- mongodb_net_http_enabled
- mongodb_net_ipv6
- mongodb_net_maxconns
- mongodb_net_port
- mongodb_numa_enabled
- mongodb_operation_profiling_mode
- mongodb_operation_profiling_slow_op_threshold_ms
- mongodb_oplog_users
- mongodb_packages
- mongodb_pidfile_path
- mongodb_pymongo_version
- mongodb_recursive_enforce_owner
- mongodb_replication_enable_majority_read_concern
- mongodb_replication_oplogsize
- mongodb_replication_params
- mongodb_replication_replindexprefetch
- mongodb_replication_replset
- mongodb_root_admin_password
- mongodb_root_admin_username
- mongodb_root_update_password
- mongodb_security_authorization
- mongodb_security_javascript_enabled
- mongodb_server_version
- mongodb_set_parameters
- mongodb_storage_dirperdb
- mongodb_storage_engine
- mongodb_storage_journal_enabled
- mongodb_storage_path
- mongodb_storage_quota_enforced
- mongodb_storage_quota_maxfiles
- mongodb_storage_smallfiles
- mongodb_systemlog_logappend
- mongodb_systemlog_logrotate
- mongodb_systemlog_path
- mongodb_user
- mongodb_user_admin_password
- mongodb_user_admin_username
- mongodb_user_update_password
- mongodb_volumes
- mongodb_wirdtiger_config_string
- mongodb_wiredtiger_cache_size
- mongodb_wiredtiger_config_string
- mongodb_wiredtiger_directory_for_indexes
- Discovered Tags
- Dependencies
- License
- Author
- Minimum Ansible version:
2.10
Define when root admin password should be changed
mongodb_admin_update_password: always
Additional commands at the end of the script
mongodb_backup_addition_script:
A simple cron timing definition like hourly, daily or weekly
mongodb_backup_cron: daily
Enable or disable the backup script
mongodb_backup_enabled: false
Date format for the backup folder name
mongodb_backup_formatting: '%F'
Ignoring this filter via grep on database selection
mongodb_backup_ignore: (admin|local)
Path to store the backups
mongodb_backup_path: '{{ mongodb_storage_path }}/_backup'
Retention period to keep backups
mongodb_backup_retention: 7
Define parameters for mongod config
mongodb_cloud_monitoring_free_state: off
List of arguments joined for the executable
mongodb_exporter_args: []
Enable collector for collections
mongodb_exporter_collect_collection: false
Enable collector for databases
mongodb_exporter_collect_database: true
Enable collector for index usage
mongodb_exporter_collect_indexusage: false
mongodb_exporter_collect_replicaset: true
Enable collector for top metrics
mongodb_exporter_collect_topmetrics: true
Connection URI to access the MongoDB
mongodb_exporter_connection: mongodb://{% if mongodb_security_authorization == 'enabled'
%}{{ mongodb_metrics_username }}:{{ mongodb_metrics_password }}@{% endif %}localhost:27017
mongodb_exporter_connection: mongodb://localhost:27017
URL to the archive of the release to install
mongodb_exporter_download: https://github.com/percona/mongodb_exporter/releases/download/v{{
mongodb_exporter_version }}/mongodb_exporter-{{ mongodb_exporter_version }}.linux-amd64.tar.gz
Enable the mongodb exporter
mongodb_exporter_enabled: true
mongodb_exporter_password:
Password to secure the metrics endpoint
mongodb_exporter_username:
Version of the release to install
mongodb_exporter_version: 0.43.1
List of extra users to create
mongodb_extra_users: []
mongodb_extra_users:
- username: username1
password: p455w0rd
roles: userAdminAnyDatabase
- username: username2
password: p455w0rd
roles:
- db: cool-app
role: read
update_password: on_create
List of general users to create
mongodb_general_users: []
mongodb_general_users:
- username: username1
password: p455w0rd
roles: userAdminAnyDatabase
- username: username2
password: p455w0rd
roles:
- db: cool-app
role: read
update_password: on_create
Name of the group owning MongoDB
mongodb_group: mongodb
Key for inter-process auth, generate it with "openssl rand -base64 741"
mongodb_keyfile_content: |
dtHmRo7L02cY5WnMl/mrn6mjLkXpepzV39VQzulNJyglcYu9XW+tph8uI/dku082
IPf0tGttUb9KiogspyOyzVk+T1r3apLIGktu6YycdyHMqAzVrsS08cb7VecbcUKW
aODcxfRUYUGWCYjjVl8jm2x25hR4otakdHhxYi/B3eFEu2zWxvX3zgq78U0djQbl
qp9I7uyCsireT5SNj/A0H5QoCN6zMb7stNveas8W0N6+HfFVBD5brvVXGf5Td9Bz
EZ6e/69c7OtaNvbxEZP2SpkyZb7m0Q5vWs+YZyFWw7u9SBGXkUwTPVmVl0JLgHxA
ADOS2lYUdQCWTS1WT3D4nqfFn6xGikC6HK9SYVp5RG0EkRGRDJ9YiFa7lYRQmzJC
D+y2QECYXGT3pjl0u8B4AW8YgBkzcPCdD86PaZFxbycg6bvgSiwTJ/VfROnQ8crA
tBuYdy0r5fqshT7VOPw7dezhYjFiUYv2IspVGTB87ZkQxJ4GhKQIZB/31Rz216X7
944M6o7priJwWy9rJGk9YwSA18RoTlYNTXCdXQiUNmQl6Qd/zIVNDJ+cu1c7CwgF
zv//L5yDdTeP5YYEPf0DHW7gX2OGfdLjgkvXibpPPll3D6p5kwvRIcyOvVaCapSH
XJwrLJOidIjGC3UDS3+e17lNHHrw+/0ppYqh/0kfAMyZ2Si77T4jL5U3vSl3xAou
FFCMWXCyNE5/sngFIn5PDWZssQbel7mI5x9i4EZxreaSry0BUJK2ZUbPLGdW6F+I
tZiel1zZrVHPce+BAJCsjOIxB8jlnEd3FTjhgm8fDIrWCuRCdQ6hBL7KluqZBU/g
6tp4/YjUC98GNQK4w52+8BzU07b/OM54JB6Q+fPhQc1VK9S4sUnG5YoB+NN426ji
Hj5YyWm1PLtbeXqSATUEuUR47KGnJxt5YZn0wnOPhEvTWZw+X0EfDahOj5HllSli
Y9dhyzeXLgAay/bKLUNaudEMNQYh
Path to store the keyfile content
mongodb_keyfile_path: /etc/mongod.key
Path for the repository keyring
mongodb_keyring: /usr/share/keyrings/mongodb-{{ mongodb_server_version }}-archive-keyring.gpg
Limit for open files for the mongod service
mongodb_limit_files: 1048576
Limit for processes for the mongod service
mongodb_limit_procs: 524288
Retention for log rotation
mongodb_logrotate_retention: 14
Define the inventory name of the master node, used for users and replset init
mongodb_master_node:
Password used for metrics exports
mongodb_metrics_password: p455w0rd
Define when metrics user password should be changed
mongodb_metrics_update_password: always
Username used for metrics exports
mongodb_metrics_username: metrics
mongodb_net_bindip: 127.0.0.1
Enable HTTP interface
mongodb_net_http_enabled: false
Enable IPv6 support
mongodb_net_ipv6: false
Max number of simultaneous connections
mongodb_net_maxconns: 51200
mongodb_net_port: 27017
Enable if the system supports NUMA policies
mongodb_numa_enabled: true
Mode for operation profiling
mongodb_operation_profiling_mode: off
Profiling slow operations threshold in ms
mongodb_operation_profiling_slow_op_threshold_ms: 100
List of oplog users to create
mongodb_oplog_users: []
mongodb_oplog_users:
- username: oplog1
password: p455w0rd
- username: oplog2
password: p455w0rd
update_password: on_create
List of packages to install for mongodb
mongodb_packages:
- mongodb-org
- numactl
- python3-pip
- python3-pymongo
Path to the pid file
mongodb_pidfile_path: /run/mongodb/mongod.pid
mongodb_pymongo_version: false
Enforce recursively data ownership
mongodb_recursive_enforce_owner: false
Enable or disable majority read concern, should be false for PSA
mongodb_replication_enable_majority_read_concern: true
Specifies a maximum size in megabytes for the replication operation log
mongodb_replication_oplogsize: 1024
Replication host configuration or parameters
mongodb_replication_params:
mongodb_replication_params:
- host_name: mongo-01,
host_port: "{{ mongodb_net_port }}"
host_type: replica
- host_name: mongo-02
host_port: "{{ mongodb_net_port }}"
host_type: replica
- host_name: mongo-03
host_port: "{{ mongodb_net_port }}"
host_type: replica
Specify index prefetching behavior if secondary like none, _id_only, all
mongodb_replication_replindexprefetch: all
Enable replication in the form of [/]
mongodb_replication_replset:
mongodb_root_admin_password: p455w0rd
mongodb_root_admin_username: root
Define when root admin password should be changed
mongodb_root_update_password: always
Disable or enable security
mongodb_security_authorization: disabled
Enable javascript integration
mongodb_security_javascript_enabled: false
Specify the port number to listen to
mongodb_server_version: '8.0'
mongodb_set_parameters: {}
mongodb_set_parameters:
enableLocalhostAuthBypass: "true"
authenticationMechanisms: SCRAM-SHA-1,MONGODB-CR
Use one directory per database
mongodb_storage_dirperdb: false
mongodb_storage_engine: wiredTiger
Enable journaling
mongodb_storage_journal_enabled: true
mongodb_storage_path: /var/lib/mongodb
Limit each database to a certain number of files
mongodb_storage_quota_enforced: false
Number of quota files per database
mongodb_storage_quota_maxfiles: 8
Very useful for non-data nodes
mongodb_storage_smallfiles: false
Append to the logging file
mongodb_systemlog_logappend: true
Define the used storage engine
mongodb_systemlog_logrotate: reopen
Path to the logging file
mongodb_systemlog_path: /var/log/mongodb/mongod.log
Name of the user owning MongoDB
mongodb_user: mongodb
mongodb_user_admin_password: p455w0rd
mongodb_user_admin_username: siteUserAdmin
Define when user admin password should be changed
mongodb_user_update_password: on_create
List of volumes/disks used to store the data tweaked by blockdev
mongodb_volumes: []
Config String for the wiredtiger engine
Cache size for wiredtiger cache size
mongodb_wiredtiger_cache_size:
mongodb_wiredtiger_config_string:
Directory per index for wiredtiger engine
mongodb_wiredtiger_directory_for_indexes: true
mongodb
mongodb-exporter
Apache-2.0