- Cosmetic - Switch to mongodb-org packages - Disable auth by default - Change configuration file format - Add possibility ti deploy replica set without auth - Wait 10 sec before replica set initialization Change-Id: I088b98587967e872282db620635b5d62fd9b1d87 Related-PROD: PROD-19866

6 years ago · a92e01ed57
--- a/metadata/service/server/cluster.yml
+++ b/metadata/service/server/cluster.yml
 classes:
 - service.mongodb.support
 parameters:
  _param:
    mongodb_server_replica_set: default
  mongodb:
    server:
      enabled: true
      admin:
        user: admin
        password: ${_param:mongodb_admin_password}
      bind:
        address: 0.0.0.0
        port: 27017
      replica_set: ${_param:mongodb_server_replica_set}
      shared_key: ${_param:mongodb_shared_key}
      members: ${_param:mongodb_server_members}
      master: ${_param:mongodb_master}
      replica_set: rs0
--- a/metadata/service/server/single.yml
+++ b/metadata/service/server/single.yml
  mongodb:
    server:
      enabled: true
      admin:
        user: admin
        password: ${_param:mongodb_admin_password}
      bind:
        address: 0.0.0.0
        address: 127.0.0.1
        port: 27017
      shard_service: False
      config_service: False
      shared_key: ${_param:mongodb_shared_key}
--- a/mongodb/files/mongodb.conf
+++ b/mongodb/files/mongodb.conf
 {%- from "mongodb/map.jinja" import server with context %}
 # mongodb.conf
 # Where to store the data.
 dbpath=/var/lib/mongodb
 # for documentation of all options, see:
 #   http://docs.mongodb.org/manual/reference/configuration-options/
 #where to log
 logpath=/var/log/mongodb/mongodb.log
 port={{ server.bind.port }}
 bind_ip={{ server.bind.address }}
 logpath=/var/log/mongodb/mongod.log
 logappend=true
 bind_ip = {{ server.bind.address }}
 #port = 27017
 # Enable journaling, http://www.mongodb.org/display/DOCS/Journaling
 dbpath=/var/lib/mongodb
 journal=true
 # Enables periodic logging of CPU utilization and I/O wait
 #cpu = true
 keyFile = /etc/mongodb.key
 {%- if server.replica_set is defined %}
 replSet = {{ server.replica_set }}
 {%- if server.authorization.get('enabled', False) %}
 auth=true
 {%- endif %}
 # Turn on/off security.  Off is currently the default
 #noauth = true
 auth = true
 # Inspect all client data for validity on receipt (useful for
 # developing drivers)
 #objcheck = true
 # Enable db quota management
 #quota = true
 #OpenStack guide for Juno
 smallfiles = true
 # Verbose logging output.
 verbose = {{ server.logging.get('verbose', False)|lower }}
 # logLevel
 setParameter = logLevel={{ server.logging.get('logLevel', 1) }}
 # Set oplogging level where n is
 #   0=off (default)
 #   1=W
 #   2=R
 #   3=both
 #   7=W+some reads
 {%- if server.logging.oplogLevel is defined %}
 oplog = {{ server.logging.get('oplogLevel') }}
 {%- if server.shared_key is defined %}
 keyFile=/etc/mongodb.key
 {%- endif %}
 # Diagnostic/debugging option
 #nocursors = true
 # Ignore query hints
 #nohints = true
 # Disable the HTTP interface (Defaults to localhost:27018).
 #nohttpinterface = true
 # Turns off server-side scripting.  This will result in greatly limited
 # functionality
 #noscripting = true
 # Turns off table scans.  Any query that would do a table scan fails.
 #notablescan = true
 # Disable data file preallocation.
 #noprealloc = true
 # Specify .ns file size for new databases.
 # nssize = <size>
 # Accout token for Mongo monitoring server.
 #mms-token = <token>
 # Server name for Mongo monitoring server.
 #mms-name = <server-name>
 # Ping interval for Mongo monitoring server.
 #mms-interval = <seconds>
 # Replication Options
 # in replicated mongo databases, specify here whether this is a slave or master
 #slave = true
 #source = master.example.com
 # Slave only: specify a single database to replicate
 #only = master.example.com
 # or
 #master = true
 #source = slave.example.com
 # Address of a server to pair with.
 #pairwith = <server:port>
 # Address of arbiter server.
 #arbiter = <server:port>
 # Automatically resync if slave data is stale
 #autoresync
 # Custom size for replication operation log.
 #oplogSize = <MB>
 # Size limit for in-memory storage of op ids.
 #opIdMem = <bytes>
 # SSL options
 # Enable SSL on normal ports
 #sslOnNormalPorts = true
 # SSL Key file and password
 #sslPEMKeyFile = /etc/ssl/mongodb.pem
 #sslPEMKeyPassword = pass
 {%- if server.replica_set is defined %}
 replSet={{ server.replica_set }}
 {%- endif %}
--- a/mongodb/map.jinja
+++ b/mongodb/map.jinja
 {% set server = salt['grains.filter_by']({
    'Debian': {
        'pkgs': ['mongodb-server', 'mongodb', 'python-pymongo', 'mongodb-clients'],
        'pkgs': ['mongodb-server', 'mongodb', 'mongodb-clients'],
        'service': 'mongodb',
        'lock_dir': "/var/lock/mongodb",
        'logging': {},
        'bind': {
          'address': '0.0.0.0',
          'address': '127.0.0.1',
          'port': 27017
        },
        'config_service': False,
        'shard_service': True,
        'authorization': {},
        'admin': {
          'username': 'root'
        }
    },
    'RedHat': {
        'pkgs': ['mongodb-server', 'mongodb', 'python-pymongo', 'mongodb-clients'],
        'pkgs': ['mongodb-server', 'mongodb', 'mongodb-clients'],
        'service': 'mongod',
        'lock_dir': "/var/lock/mongodb",
        'logging': {},
        'bind': {
          'address': '0.0.0.0',
          'address': '127.0.0.1',
          'port': 27017
        },
        'config_service': False,
        'shard_service': True,
        'authorization': {},
        'admin': {
          'username': 'root'
        }
--- a/mongodb/server.sls
+++ b/mongodb/server.sls
 {%- from "mongodb/map.jinja" import server with context %}
 {%- if server.enabled %}
 {%- if server.get('enabled', False) %}
 mongodb_packages:
  pkg.installed:
  - names: {{ server.pkgs }}
    - pkg: mongodb_packages
 {%- if server.shared_key is defined %}
 /etc/mongodb.key:
  file.managed:
  - contents_pillar: mongodb:server:shared_key
    - pkg: mongodb_packages
  - watch_in:
    - service: mongodb_service
 {%- endif %}
 {{ server.lock_dir }}:
  - watch:
    - file: /etc/mongodb.conf
 {%- if server.members is not defined  or server.master == pillar.linux.system.name %}
 {# We are not a cluster or we are master #}
 {%- if server.members is defined and server.master == pillar.linux.system.name %}
 /var/tmp/mongodb_cluster.js:
  file.managed:
  - source: salt://mongodb/files/cluster.js
  - template: jinja
  - mode: 600
  - user: root
 mongodb_setup_cluster_wait:
  cmd.run:
  - name: 'sleep 10'
  - unless: 'mongo localhost:27017 --quiet --eval "rs.conf()" | grep -i object -q'
  - require:
    - service: mongodb_service
    - file: /var/tmp/mongodb_cluster.js
 mongodb_setup_cluster:
  cmd.run:
  - name: 'mongo localhost:27017 /var/tmp/mongodb_cluster.js && mongo localhost:27017 --quiet --eval "rs.conf()" | grep -i object -q'
  - unless: 'mongo localhost:27017 --quiet --eval "rs.conf()" | grep -i object -q'
  - require:
    - service: mongodb_service
    - file: /var/tmp/mongodb_cluster.js
    - cmd: mongodb_setup_cluster_wait
 {%- endif %}
 {%- if server.members is not defined or server.master == pillar.linux.system.name %}
 {%- if server.authorization.get('enabled', False) %}
 /var/tmp/mongodb_user.js:
  file.managed:
  - source: salt://mongodb/files/user.js
 {%- endfor %}
 {%- if server.members is defined %}
 /var/tmp/mongodb_cluster.js:
  file.managed:
  - source: salt://mongodb/files/cluster.js
  - template: jinja
  - mode: 600
  - user: root
 mongodb_setup_cluster:
  cmd.run:
  - name: 'mongo localhost:27017/admin /var/tmp/mongodb_cluster.js && mongo localhost:27017/admin --quiet --eval "rs.conf()" | grep object -q'
  - unless: 'mongo localhost:27017/admin -u admin -p {{ server.admin.password }} --quiet --eval "rs.conf()" | grep object -q'
  - require:
    - service: mongodb_service
    - file: /var/tmp/mongodb_cluster.js
  - require_in:
    - cmd: mongodb_change_root_password
 {%- endif %}
 {%- endif %}