foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

mongosh: Use startup params and enable replset

Browse source
This commit is contained in:
Timo Makinen 2024-03-16 16:13:56 +00:00
parent 7489a0c895
commit 1f10474860
2 changed files with 33 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

43
roles/mongodb/tasks/main.yml
View file

@ -82,20 +82,39 @@
owner: root
group: "{{ ansible_wheel }}"
- name: Create configuration directory
ansible.builtin.file:
path: /etc/mongod
state: directory
mode: 0750
owner: root
group: mongod
- name: Copy keyfile
ansible.builtin.copy:
dest: /etc/mongod/mongod.key
src: "{{ ansible_private }}/files/mongod/mongod.key"
mode: "0400"
owner: mongod
group: mongod
notify: Restart mongod
- name: Configure startup options
ansible.builtin.copy:
dest: /etc/sysconfig/mongod
content: |
OPTIONS="-f /etc/mongod.conf --logRotate reopen"
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart mongod
- name: Create configuration
ansible.builtin.template:
dest: /etc/mongod.conf
src: mongod.conf.j2
OPTIONS="-f /etc/mongod.conf \
--auth \
--bind_ip_all \
--dbpath /srv/mongodb \
--keyFile /etc/mongod/mongod.key \
--logRotate reopen \
--nounixsocket
--replSet rs0 \
--tlsMode requireTLS \
--tlsCertificateKeyFile {{ tls_private }}/mongodb.pem
--tlsCAFile {{ tls_certs }}/ca.crt
--tlsDisabledProtocols TLS1_0,TLS1_1,TLS1_2"
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
@ -114,5 +133,7 @@
alias mongosh='mongosh
--tlsCertificateKeyFile {{ tls_private }}/mongodb.pem
--tlsCAFile {{ tls_certs }}/ca.crt
--username root
--password {{ mongodb_root_password }}
--tls mongodb://{{ inventory_hostname }}/'
regexp: ^alias mongo=.*
regexp: ^alias mongosh=.*

2
roles/mongodb/templates/mongod.conf.j2
View file

@ -19,5 +19,5 @@ net:
bindIpAll: true
tls:
mode: requireTLS
certificateKeyFile: /etc/pki/tls/private/mongodb.pem
certificateKeyFile: {{ tls_private }}/mongodb.pem
CAFile: {{ tls_certs }}/ca.crt