116 lines
2.7 KiB
YAML
116 lines
2.7 KiB
YAML
---
|
|
- name: Create group
|
|
ansible.builtin.group:
|
|
name: mongod
|
|
gid: 1006
|
|
|
|
- name: Create user
|
|
ansible.builtin.user:
|
|
name: mongod
|
|
comment: Service MongoDB
|
|
createhome: false
|
|
group: mongod
|
|
home: /var/empty
|
|
shell: /sbin/nologin
|
|
uid: 1006
|
|
|
|
- name: Enable repository
|
|
ansible.builtin.yum_repository:
|
|
name: mongodb
|
|
baseurl: https://repo.mongodb.org/yum/redhat/8/mongodb-org/5.0/x86_64
|
|
description: MongoDB
|
|
gpgcheck: true
|
|
gpgkey: https://www.mongodb.org/static/pgp/server-5.0.asc
|
|
enabled: true
|
|
|
|
- name: Install packages
|
|
ansible.builtin.package:
|
|
name: "{{ item }}"
|
|
state: installed
|
|
with_items:
|
|
- mongodb-org-server
|
|
- mongodb-org-shell
|
|
|
|
- name: Set SELinux file contexts on data directory
|
|
community.general.sefcontext:
|
|
path: "/export/mongodb(/.*)?"
|
|
setype: mongod_var_lib_t
|
|
|
|
- name: Create data directory
|
|
ansible.builtin.file:
|
|
path: /export/mongodb
|
|
state: directory
|
|
mode: 0700
|
|
owner: mongod
|
|
group: mongod
|
|
setype: _default
|
|
|
|
- name: Link data directory
|
|
ansible.builtin.file:
|
|
path: /srv/mongodb
|
|
src: /export/mongodb
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
state: link
|
|
follow: false
|
|
|
|
- name: Generate combined certificate/private key file contents
|
|
ansible.builtin.command:
|
|
argv:
|
|
- /bin/cat
|
|
- "{{ tls_certs }}/{{ inventory_hostname }}.crt"
|
|
- "{{ tls_private }}/{{ inventory_hostname }}.key"
|
|
changed_when: false
|
|
register: mongodb_cert_key
|
|
|
|
- name: Create combined certificate/private key file
|
|
ansible.builtin.copy:
|
|
dest: "{{ tls_private }}/mongodb.pem"
|
|
content: "{{ mongodb_cert_key.stdout }}"
|
|
mode: 0640
|
|
owner: root
|
|
group: mongod
|
|
notify: restart mongod
|
|
|
|
- name: Configure logrotate
|
|
ansible.builtin.copy:
|
|
dest: /etc/logrotate.d/mongod
|
|
src: mongod.logrotate
|
|
mode: 0644
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
|
|
- name: Configure startup options
|
|
ansible.builtin.copy:
|
|
dest: /etc/sysconfig/mongod
|
|
content: |
|
|
OPTIONS="-f /etc/mongod.conf --logRotate reopen"
|
|
mode: 0644
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
notify: restart mongod
|
|
|
|
- name: Create configuration
|
|
ansible.builtin.template:
|
|
dest: /etc/mongod.conf
|
|
src: mongod.conf.j2
|
|
mode: 0644
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
notify: restart mongod
|
|
|
|
- name: Enable service
|
|
ansible.builtin.service:
|
|
name: mongod
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Create mongo alias cmd for root
|
|
ansible.builtin.lineinfile:
|
|
path: /root/.bashrc
|
|
line: >
|
|
alias mongo='mongo
|
|
--tlsCertificateKeyFile {{ tls_private }}/mongodb.pem
|
|
--tlsCAFile {{ tls_certs }}/ca.crt
|
|
--tls mongodb://{{ inventory_hostname }}/'
|
|
regexp: ^alias mongo=.*
|