- Cosmetic - Switch to mongodb-org packages - Disable auth by default - Change configuration file format - Add possibility ti deploy replica set without auth - Wait 10 sec before replica set initialization Change-Id: I088b98587967e872282db620635b5d62fd9b1d87 Related-PROD: PROD-19866master
@@ -3,19 +3,10 @@ applications: | |||
classes: | |||
- service.mongodb.support | |||
parameters: | |||
_param: | |||
mongodb_server_replica_set: default | |||
mongodb: | |||
server: | |||
enabled: true | |||
admin: | |||
user: admin | |||
password: ${_param:mongodb_admin_password} | |||
bind: | |||
address: 0.0.0.0 | |||
port: 27017 | |||
replica_set: ${_param:mongodb_server_replica_set} | |||
shared_key: ${_param:mongodb_shared_key} | |||
members: ${_param:mongodb_server_members} | |||
master: ${_param:mongodb_master} | |||
replica_set: rs0 |
@@ -6,12 +6,6 @@ parameters: | |||
mongodb: | |||
server: | |||
enabled: true | |||
admin: | |||
user: admin | |||
password: ${_param:mongodb_admin_password} | |||
bind: | |||
address: 0.0.0.0 | |||
address: 127.0.0.1 | |||
port: 27017 | |||
shard_service: False | |||
config_service: False | |||
shared_key: ${_param:mongodb_shared_key} |
@@ -1,116 +1,25 @@ | |||
{%- from "mongodb/map.jinja" import server with context %} | |||
# mongodb.conf | |||
# Where to store the data. | |||
dbpath=/var/lib/mongodb | |||
# for documentation of all options, see: | |||
# http://docs.mongodb.org/manual/reference/configuration-options/ | |||
#where to log | |||
logpath=/var/log/mongodb/mongodb.log | |||
port={{ server.bind.port }} | |||
bind_ip={{ server.bind.address }} | |||
logpath=/var/log/mongodb/mongod.log | |||
logappend=true | |||
bind_ip = {{ server.bind.address }} | |||
#port = 27017 | |||
# Enable journaling, http://www.mongodb.org/display/DOCS/Journaling | |||
dbpath=/var/lib/mongodb | |||
journal=true | |||
# Enables periodic logging of CPU utilization and I/O wait | |||
#cpu = true | |||
keyFile = /etc/mongodb.key | |||
{%- if server.replica_set is defined %} | |||
replSet = {{ server.replica_set }} | |||
{%- if server.authorization.get('enabled', False) %} | |||
auth=true | |||
{%- endif %} | |||
# Turn on/off security. Off is currently the default | |||
#noauth = true | |||
auth = true | |||
# Inspect all client data for validity on receipt (useful for | |||
# developing drivers) | |||
#objcheck = true | |||
# Enable db quota management | |||
#quota = true | |||
#OpenStack guide for Juno | |||
smallfiles = true | |||
# Verbose logging output. | |||
verbose = {{ server.logging.get('verbose', False)|lower }} | |||
# logLevel | |||
setParameter = logLevel={{ server.logging.get('logLevel', 1) }} | |||
# Set oplogging level where n is | |||
# 0=off (default) | |||
# 1=W | |||
# 2=R | |||
# 3=both | |||
# 7=W+some reads | |||
{%- if server.logging.oplogLevel is defined %} | |||
oplog = {{ server.logging.get('oplogLevel') }} | |||
{%- if server.shared_key is defined %} | |||
keyFile=/etc/mongodb.key | |||
{%- endif %} | |||
# Diagnostic/debugging option | |||
#nocursors = true | |||
# Ignore query hints | |||
#nohints = true | |||
# Disable the HTTP interface (Defaults to localhost:27018). | |||
#nohttpinterface = true | |||
# Turns off server-side scripting. This will result in greatly limited | |||
# functionality | |||
#noscripting = true | |||
# Turns off table scans. Any query that would do a table scan fails. | |||
#notablescan = true | |||
# Disable data file preallocation. | |||
#noprealloc = true | |||
# Specify .ns file size for new databases. | |||
# nssize = <size> | |||
# Accout token for Mongo monitoring server. | |||
#mms-token = <token> | |||
# Server name for Mongo monitoring server. | |||
#mms-name = <server-name> | |||
# Ping interval for Mongo monitoring server. | |||
#mms-interval = <seconds> | |||
# Replication Options | |||
# in replicated mongo databases, specify here whether this is a slave or master | |||
#slave = true | |||
#source = master.example.com | |||
# Slave only: specify a single database to replicate | |||
#only = master.example.com | |||
# or | |||
#master = true | |||
#source = slave.example.com | |||
# Address of a server to pair with. | |||
#pairwith = <server:port> | |||
# Address of arbiter server. | |||
#arbiter = <server:port> | |||
# Automatically resync if slave data is stale | |||
#autoresync | |||
# Custom size for replication operation log. | |||
#oplogSize = <MB> | |||
# Size limit for in-memory storage of op ids. | |||
#opIdMem = <bytes> | |||
# SSL options | |||
# Enable SSL on normal ports | |||
#sslOnNormalPorts = true | |||
# SSL Key file and password | |||
#sslPEMKeyFile = /etc/ssl/mongodb.pem | |||
#sslPEMKeyPassword = pass | |||
{%- if server.replica_set is defined %} | |||
replSet={{ server.replica_set }} | |||
{%- endif %} |
@@ -1,30 +1,28 @@ | |||
{% set server = salt['grains.filter_by']({ | |||
'Debian': { | |||
'pkgs': ['mongodb-server', 'mongodb', 'python-pymongo', 'mongodb-clients'], | |||
'pkgs': ['mongodb-server', 'mongodb', 'mongodb-clients'], | |||
'service': 'mongodb', | |||
'lock_dir': "/var/lock/mongodb", | |||
'logging': {}, | |||
'bind': { | |||
'address': '0.0.0.0', | |||
'address': '127.0.0.1', | |||
'port': 27017 | |||
}, | |||
'config_service': False, | |||
'shard_service': True, | |||
'authorization': {}, | |||
'admin': { | |||
'username': 'root' | |||
} | |||
}, | |||
'RedHat': { | |||
'pkgs': ['mongodb-server', 'mongodb', 'python-pymongo', 'mongodb-clients'], | |||
'pkgs': ['mongodb-server', 'mongodb', 'mongodb-clients'], | |||
'service': 'mongod', | |||
'lock_dir': "/var/lock/mongodb", | |||
'logging': {}, | |||
'bind': { | |||
'address': '0.0.0.0', | |||
'address': '127.0.0.1', | |||
'port': 27017 | |||
}, | |||
'config_service': False, | |||
'shard_service': True, | |||
'authorization': {}, | |||
'admin': { | |||
'username': 'root' | |||
} |
@@ -1,6 +1,6 @@ | |||
{%- from "mongodb/map.jinja" import server with context %} | |||
{%- if server.enabled %} | |||
{%- if server.get('enabled', False) %} | |||
mongodb_packages: | |||
pkg.installed: | |||
- names: {{ server.pkgs }} | |||
@@ -13,7 +13,6 @@ mongodb_packages: | |||
- pkg: mongodb_packages | |||
{%- if server.shared_key is defined %} | |||
/etc/mongodb.key: | |||
file.managed: | |||
- contents_pillar: mongodb:server:shared_key | |||
@@ -23,7 +22,6 @@ mongodb_packages: | |||
- pkg: mongodb_packages | |||
- watch_in: | |||
- service: mongodb_service | |||
{%- endif %} | |||
{{ server.lock_dir }}: | |||
@@ -43,9 +41,37 @@ mongodb_service: | |||
- watch: | |||
- file: /etc/mongodb.conf | |||
{%- if server.members is not defined or server.master == pillar.linux.system.name %} | |||
{# We are not a cluster or we are master #} | |||
{%- if server.members is defined and server.master == pillar.linux.system.name %} | |||
/var/tmp/mongodb_cluster.js: | |||
file.managed: | |||
- source: salt://mongodb/files/cluster.js | |||
- template: jinja | |||
- mode: 600 | |||
- user: root | |||
mongodb_setup_cluster_wait: | |||
cmd.run: | |||
- name: 'sleep 10' | |||
- unless: 'mongo localhost:27017 --quiet --eval "rs.conf()" | grep -i object -q' | |||
- require: | |||
- service: mongodb_service | |||
- file: /var/tmp/mongodb_cluster.js | |||
mongodb_setup_cluster: | |||
cmd.run: | |||
- name: 'mongo localhost:27017 /var/tmp/mongodb_cluster.js && mongo localhost:27017 --quiet --eval "rs.conf()" | grep -i object -q' | |||
- unless: 'mongo localhost:27017 --quiet --eval "rs.conf()" | grep -i object -q' | |||
- require: | |||
- service: mongodb_service | |||
- file: /var/tmp/mongodb_cluster.js | |||
- cmd: mongodb_setup_cluster_wait | |||
{%- endif %} | |||
{%- if server.members is not defined or server.master == pillar.linux.system.name %} | |||
{%- if server.authorization.get('enabled', False) %} | |||
/var/tmp/mongodb_user.js: | |||
file.managed: | |||
- source: salt://mongodb/files/user.js | |||
@@ -92,25 +118,6 @@ mongodb_{{ database_name }}_fix_role: | |||
{%- endfor %} | |||
{%- if server.members is defined %} | |||
/var/tmp/mongodb_cluster.js: | |||
file.managed: | |||
- source: salt://mongodb/files/cluster.js | |||
- template: jinja | |||
- mode: 600 | |||
- user: root | |||
mongodb_setup_cluster: | |||
cmd.run: | |||
- name: 'mongo localhost:27017/admin /var/tmp/mongodb_cluster.js && mongo localhost:27017/admin --quiet --eval "rs.conf()" | grep object -q' | |||
- unless: 'mongo localhost:27017/admin -u admin -p {{ server.admin.password }} --quiet --eval "rs.conf()" | grep object -q' | |||
- require: | |||
- service: mongodb_service | |||
- file: /var/tmp/mongodb_cluster.js | |||
- require_in: | |||
- cmd: mongodb_change_root_password | |||
{%- endif %} | |||
{%- endif %} |