|
|
|
|
|
---
|
|
|
|
|
|
- name: Install required packages
|
|
|
|
|
|
apt:
|
|
|
|
|
|
name:
|
|
|
|
|
|
- curl
|
|
|
|
|
|
- gnupg
|
|
|
|
|
|
state: present
|
|
|
|
|
|
|
|
|
|
|
|
#- name: Add mongo ppa key (new way of adding an apt repository key)
|
|
|
|
|
|
# ansible.builtin.get_url:
|
|
|
|
|
|
# url: https://pgp.mongodb.com/server-7.0.asc
|
|
|
|
|
|
# dest: /etc/apt/trusted.gpg.d/mongodb-server-7.0.gpg
|
|
|
|
|
|
# mode: '0644'
|
|
|
|
|
|
# force: true
|
|
|
|
|
|
|
|
|
|
|
|
- name: Add mongo ppa key (new way of adding an apt repository key)
|
|
|
|
|
|
ansible.builtin.shell: curl -fsSL https://pgp.mongodb.com/server-7.0.asc | gpg --dearmor -o /etc/apt/trusted.gpg.d/mongodb-server-7.0.gpg
|
|
|
|
|
|
args:
|
|
|
|
|
|
creates: /etc/apt/trusted.gpg.d/mongodb-server-7.0.gpg
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Add the mongo repository to the source list
|
|
|
|
|
|
ansible.builtin.shell: echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/7.0 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-7.0.list
|
|
|
|
|
|
args:
|
|
|
|
|
|
creates: /etc/apt/sources.list.d/mongodb-org-7.0.list
|
|
|
|
|
|
|
|
|
|
|
|
#- name: Add specified repository into sources list
|
|
|
|
|
|
# ansible.builtin.apt_repository:
|
|
|
|
|
|
# repo: deb-src http://repo.mongodb.org/apt/debian bookworm/mongodb-org/8.0 stable main
|
|
|
|
|
|
# state: present
|
|
|
|
|
|
|
|
|
|
|
|
#- name: Update system after the addition of the mongo repo
|
|
|
|
|
|
# apt:
|
|
|
|
|
|
# update_cache: yes
|
|
|
|
|
|
# upgrade: dist
|
|
|
|
|
|
|
|
|
|
|
|
- name: Update all packages after the addition of the mongo repo
|
|
|
|
|
|
ansible.builtin.apt:
|
|
|
|
|
|
name: "*"
|
|
|
|
|
|
state: latest
|
|
|
|
|
|
|
|
|
|
|
|
- name: Mongodb-org installation
|
|
|
|
|
|
apt:
|
|
|
|
|
|
name: mongodb-org
|
|
|
|
|
|
state: latest
|
|
|
|
|
|
update_cache: yes
|
|
|
|
|
|
|
|
|
|
|
|
#- name: Add server Ip in mongod.conf
|
|
|
|
|
|
# ansible.builtin.lineinfile:
|
|
|
|
|
|
# path: /etc/mongod.conf
|
|
|
|
|
|
# search_string: ' bindIp: 127.0.0.1'
|
|
|
|
|
|
# line: ' bindIp: 127.0.0.1, {{ mongodb_ip }}'
|
|
|
|
|
|
|
|
|
|
|
|
- name: Start the mongodb daemon
|
|
|
|
|
|
ansible.builtin.shell: systemctl start mongod
|
|
|
|
|
|
|
|
|
|
|
|
- name: Verify the mongodb service status
|
|
|
|
|
|
ansible.builtin.systemd:
|
|
|
|
|
|
state: started
|
|
|
|
|
|
name: mongod
|
|
|
|
|
|
register: mongo_status
|
|
|
|
|
|
|
|
|
|
|
|
- debug:
|
|
|
|
|
|
var: mongo_status.status.ActiveState
|
|
|
|
|
|
|
|
|
|
|
|
- name: Enable the mongod service and ensure it is not masked
|
|
|
|
|
|
ansible.builtin.systemd:
|
|
|
|
|
|
name: mongod
|
|
|
|
|
|
enabled: true
|
|
|
|
|
|
masked: no
|
|
|
|
|
|
|
|
|
|
|
|
#- name: Check if user database admin exists
|
|
|
|
|
|
# become: false
|
|
|
|
|
|
# ansible.builtin.script:
|
|
|
|
|
|
# executable: python3
|
|
|
|
|
|
# cmd: "check_admin_user.py {{ mongodb_ip }} {{ mongodb_admin }} {{mongodb_password}}"
|
|
|
|
|
|
# register: admin_exists
|
|
|
|
|
|
# #delegate_to: 127.0.0.1
|
|
|
|
|
|
# ignore_errors: true
|
|
|
|
|
|
|
|
|
|
|
|
# check_admin_user (check if admin user exists)
|
|
|
|
|
|
- name: Create working directory for mongo admin scripts
|
|
|
|
|
|
become: false
|
|
|
|
|
|
ansible.builtin.file:
|
|
|
|
|
|
path: /home/{{ user }}/tmp/
|
|
|
|
|
|
state: directory
|
|
|
|
|
|
mode: '0755'
|
|
|
|
|
|
|
|
|
|
|
|
- name: Installing workplace script librairies
|
|
|
|
|
|
become: false
|
|
|
|
|
|
ansible.builtin.pip:
|
|
|
|
|
|
name: pymongo
|
|
|
|
|
|
virtualenv: /home/{{ user }}/tmp/.venv
|
|
|
|
|
|
|
|
|
|
|
|
- name: Upload check_admin_user python script
|
|
|
|
|
|
become: false
|
|
|
|
|
|
ansible.builtin.copy:
|
|
|
|
|
|
src: files/check_admin_user.py
|
|
|
|
|
|
dest: "/home/{{ user }}/tmp/"
|
|
|
|
|
|
mode: '0755'
|
|
|
|
|
|
|
|
|
|
|
|
- name: Run check_admin_user python script
|
|
|
|
|
|
become: false
|
|
|
|
|
|
ansible.builtin.shell: "cd /home/{{ user }}/tmp && . .venv/bin/activate && ./check_admin_user.py {{ mongodb_ip }} {{ mongodb_admin }} {{mongodb_password}}"
|
|
|
|
|
|
register: admin_exists
|
|
|
|
|
|
args:
|
|
|
|
|
|
executable: /bin/bash
|
|
|
|
|
|
ignore_errors: true
|
|
|
|
|
|
|
|
|
|
|
|
- debug:
|
|
|
|
|
|
var: admin_exists
|
|
|
|
|
|
|
|
|
|
|
|
#- name: Add mongo database admin
|
|
|
|
|
|
# become: false
|
|
|
|
|
|
# ansible.builtin.script:
|
|
|
|
|
|
# executable: python3
|
|
|
|
|
|
# cmd: "add_admin_user.py {{ mongodb_ip }} {{ mongodb_admin }} {{mongodb_password}}"
|
|
|
|
|
|
# delegate_to: 127.0.0.1
|
|
|
|
|
|
# when: admin_exists.rc == 0
|
|
|
|
|
|
|
|
|
|
|
|
- name: Upload add_admin_user python script
|
|
|
|
|
|
become: false
|
|
|
|
|
|
ansible.builtin.copy:
|
|
|
|
|
|
src: files/add_admin_user.py
|
|
|
|
|
|
dest: "/home/{{ user }}/tmp/"
|
|
|
|
|
|
mode: '0755'
|
|
|
|
|
|
|
|
|
|
|
|
- name: Installing workplace script librairies
|
|
|
|
|
|
become: false
|
|
|
|
|
|
ansible.builtin.pip:
|
|
|
|
|
|
name: pymongo
|
|
|
|
|
|
virtualenv: /home/{{ user }}/tmp/.venv
|
|
|
|
|
|
|
|
|
|
|
|
- name: Run add_admin_user python script
|
|
|
|
|
|
ansible.builtin.shell: "cd /home/{{ user }}/tmp && . .venv/bin/activate && ./add_admin_user.py {{ mongodb_ip }} {{ mongodb_admin }} {{mongodb_password}}"
|
|
|
|
|
|
args:
|
|
|
|
|
|
executable: /bin/bash
|
|
|
|
|
|
when: admin_exists.rc == 0
|
|
|
|
|
|
ignore_errors: true
|
|
|
|
|
|
|
|
|
|
|
|
- name: Enable restricted authentication over mongodb
|
|
|
|
|
|
ansible.builtin.replace:
|
|
|
|
|
|
path: /etc/mongod.conf
|
|
|
|
|
|
regexp: '#security:'
|
|
|
|
|
|
replace: "security: \n authorization: enabled"
|
|
|
|
|
|
|
|
|
|
|
|
- name: Restart the mongodb daemon
|
|
|
|
|
|
ansible.builtin.shell: systemctl restart mongod
|
|
|
|
|
|
|
|
|
|
|
|
- name: Verify the mongodb service status
|
|
|
|
|
|
ansible.builtin.systemd:
|
|
|
|
|
|
state: started
|
|
|
|
|
|
name: mongod
|
|
|
|
|
|
register: mongo_status
|
|
|
|
|
|
|
|
|
|
|
|
- debug:
|
|
|
|
|
|
var: mongo_status.status.ActiveState
|
|
|
|
|
|
|
