Rework mongodb formula (ubuntu packages: 2.4, 2.6)
- Cosmetic
- Switch to mongodb-org packages
- Disable auth by default
- Change configuration file format
- Add possibility ti deploy replica set without auth
- Wait 10 sec before replica set initialization
Change-Id: I088b98587967e872282db620635b5d62fd9b1d87
Related-PROD: PROD-19866
diff --git a/metadata/service/server/cluster.yml b/metadata/service/server/cluster.yml
index 5ecaaec..1c4b4d9 100644
--- a/metadata/service/server/cluster.yml
+++ b/metadata/service/server/cluster.yml
@@ -3,19 +3,10 @@
classes:
- service.mongodb.support
parameters:
- _param:
- mongodb_server_replica_set: default
mongodb:
server:
enabled: true
- admin:
- user: admin
- password: ${_param:mongodb_admin_password}
bind:
address: 0.0.0.0
port: 27017
- replica_set: ${_param:mongodb_server_replica_set}
- shared_key: ${_param:mongodb_shared_key}
- members: ${_param:mongodb_server_members}
- master: ${_param:mongodb_master}
-
+ replica_set: rs0
diff --git a/metadata/service/server/single.yml b/metadata/service/server/single.yml
index 1208309..0f8574e 100644
--- a/metadata/service/server/single.yml
+++ b/metadata/service/server/single.yml
@@ -6,12 +6,6 @@
mongodb:
server:
enabled: true
- admin:
- user: admin
- password: ${_param:mongodb_admin_password}
bind:
- address: 0.0.0.0
+ address: 127.0.0.1
port: 27017
- shard_service: False
- config_service: False
- shared_key: ${_param:mongodb_shared_key}
diff --git a/mongodb/files/mongodb.conf b/mongodb/files/mongodb.conf
index c5ac17c..a126120 100644
--- a/mongodb/files/mongodb.conf
+++ b/mongodb/files/mongodb.conf
@@ -1,116 +1,25 @@
{%- from "mongodb/map.jinja" import server with context %}
-
# mongodb.conf
-# Where to store the data.
-dbpath=/var/lib/mongodb
+# for documentation of all options, see:
+# http://docs.mongodb.org/manual/reference/configuration-options/
-#where to log
-logpath=/var/log/mongodb/mongodb.log
+port={{ server.bind.port }}
+bind_ip={{ server.bind.address }}
+logpath=/var/log/mongodb/mongod.log
logappend=true
-bind_ip = {{ server.bind.address }}
-#port = 27017
-
-# Enable journaling, http://www.mongodb.org/display/DOCS/Journaling
+dbpath=/var/lib/mongodb
journal=true
-# Enables periodic logging of CPU utilization and I/O wait
-#cpu = true
-
-keyFile = /etc/mongodb.key
+{%- if server.authorization.get('enabled', False) %}
+auth=true
+{%- endif %}
+{%- if server.shared_key is defined %}
+keyFile=/etc/mongodb.key
+{%- endif %}
{%- if server.replica_set is defined %}
-replSet = {{ server.replica_set }}
+replSet={{ server.replica_set }}
{%- endif %}
-
-# Turn on/off security. Off is currently the default
-#noauth = true
-auth = true
-
-# Inspect all client data for validity on receipt (useful for
-# developing drivers)
-#objcheck = true
-
-# Enable db quota management
-#quota = true
-
-#OpenStack guide for Juno
-smallfiles = true
-
-# Verbose logging output.
-verbose = {{ server.logging.get('verbose', False)|lower }}
-
-# logLevel
-setParameter = logLevel={{ server.logging.get('logLevel', 1) }}
-
-# Set oplogging level where n is
-# 0=off (default)
-# 1=W
-# 2=R
-# 3=both
-# 7=W+some reads
-{%- if server.logging.oplogLevel is defined %}
-oplog = {{ server.logging.get('oplogLevel') }}
-{%- endif %}
-
-# Diagnostic/debugging option
-#nocursors = true
-
-# Ignore query hints
-#nohints = true
-
-# Disable the HTTP interface (Defaults to localhost:27018).
-#nohttpinterface = true
-
-# Turns off server-side scripting. This will result in greatly limited
-# functionality
-#noscripting = true
-
-# Turns off table scans. Any query that would do a table scan fails.
-#notablescan = true
-
-# Disable data file preallocation.
-#noprealloc = true
-
-# Specify .ns file size for new databases.
-# nssize = <size>
-
-# Accout token for Mongo monitoring server.
-#mms-token = <token>
-
-# Server name for Mongo monitoring server.
-#mms-name = <server-name>
-
-# Ping interval for Mongo monitoring server.
-#mms-interval = <seconds>
-
-# Replication Options
-
-# in replicated mongo databases, specify here whether this is a slave or master
-#slave = true
-#source = master.example.com
-# Slave only: specify a single database to replicate
-#only = master.example.com
-# or
-#master = true
-#source = slave.example.com
-
-# Address of a server to pair with.
-#pairwith = <server:port>
-# Address of arbiter server.
-#arbiter = <server:port>
-# Automatically resync if slave data is stale
-#autoresync
-# Custom size for replication operation log.
-#oplogSize = <MB>
-# Size limit for in-memory storage of op ids.
-#opIdMem = <bytes>
-
-# SSL options
-# Enable SSL on normal ports
-#sslOnNormalPorts = true
-# SSL Key file and password
-#sslPEMKeyFile = /etc/ssl/mongodb.pem
-#sslPEMKeyPassword = pass
diff --git a/mongodb/map.jinja b/mongodb/map.jinja
index 983f3f0..1e3ba9f 100644
--- a/mongodb/map.jinja
+++ b/mongodb/map.jinja
@@ -1,30 +1,28 @@
{% set server = salt['grains.filter_by']({
'Debian': {
- 'pkgs': ['mongodb-server', 'mongodb', 'python-pymongo', 'mongodb-clients'],
+ 'pkgs': ['mongodb-server', 'mongodb', 'mongodb-clients'],
'service': 'mongodb',
'lock_dir': "/var/lock/mongodb",
'logging': {},
'bind': {
- 'address': '0.0.0.0',
+ 'address': '127.0.0.1',
'port': 27017
},
- 'config_service': False,
- 'shard_service': True,
+ 'authorization': {},
'admin': {
'username': 'root'
}
},
'RedHat': {
- 'pkgs': ['mongodb-server', 'mongodb', 'python-pymongo', 'mongodb-clients'],
+ 'pkgs': ['mongodb-server', 'mongodb', 'mongodb-clients'],
'service': 'mongod',
'lock_dir': "/var/lock/mongodb",
'logging': {},
'bind': {
- 'address': '0.0.0.0',
+ 'address': '127.0.0.1',
'port': 27017
},
- 'config_service': False,
- 'shard_service': True,
+ 'authorization': {},
'admin': {
'username': 'root'
}
diff --git a/mongodb/server.sls b/mongodb/server.sls
index 7068c3b..e7a342d 100644
--- a/mongodb/server.sls
+++ b/mongodb/server.sls
@@ -1,6 +1,6 @@
{%- from "mongodb/map.jinja" import server with context %}
-{%- if server.enabled %}
+{%- if server.get('enabled', False) %}
mongodb_packages:
pkg.installed:
- names: {{ server.pkgs }}
@@ -13,7 +13,6 @@
- pkg: mongodb_packages
{%- if server.shared_key is defined %}
-
/etc/mongodb.key:
file.managed:
- contents_pillar: mongodb:server:shared_key
@@ -23,7 +22,6 @@
- pkg: mongodb_packages
- watch_in:
- service: mongodb_service
-
{%- endif %}
{{ server.lock_dir }}:
@@ -43,9 +41,37 @@
- watch:
- file: /etc/mongodb.conf
-{%- if server.members is not defined or server.master == pillar.linux.system.name %}
-{# We are not a cluster or we are master #}
+{%- if server.members is defined and server.master == pillar.linux.system.name %}
+/var/tmp/mongodb_cluster.js:
+ file.managed:
+ - source: salt://mongodb/files/cluster.js
+ - template: jinja
+ - mode: 600
+ - user: root
+
+mongodb_setup_cluster_wait:
+ cmd.run:
+ - name: 'sleep 10'
+ - unless: 'mongo localhost:27017 --quiet --eval "rs.conf()" | grep -i object -q'
+ - require:
+ - service: mongodb_service
+ - file: /var/tmp/mongodb_cluster.js
+
+mongodb_setup_cluster:
+ cmd.run:
+ - name: 'mongo localhost:27017 /var/tmp/mongodb_cluster.js && mongo localhost:27017 --quiet --eval "rs.conf()" | grep -i object -q'
+ - unless: 'mongo localhost:27017 --quiet --eval "rs.conf()" | grep -i object -q'
+ - require:
+ - service: mongodb_service
+ - file: /var/tmp/mongodb_cluster.js
+ - cmd: mongodb_setup_cluster_wait
+
+{%- endif %}
+
+{%- if server.members is not defined or server.master == pillar.linux.system.name %}
+
+{%- if server.authorization.get('enabled', False) %}
/var/tmp/mongodb_user.js:
file.managed:
- source: salt://mongodb/files/user.js
@@ -92,25 +118,6 @@
{%- endfor %}
-{%- if server.members is defined %}
-
-/var/tmp/mongodb_cluster.js:
- file.managed:
- - source: salt://mongodb/files/cluster.js
- - template: jinja
- - mode: 600
- - user: root
-
-mongodb_setup_cluster:
- cmd.run:
- - name: 'mongo localhost:27017/admin /var/tmp/mongodb_cluster.js && mongo localhost:27017/admin --quiet --eval "rs.conf()" | grep object -q'
- - unless: 'mongo localhost:27017/admin -u admin -p {{ server.admin.password }} --quiet --eval "rs.conf()" | grep object -q'
- - require:
- - service: mongodb_service
- - file: /var/tmp/mongodb_cluster.js
- - require_in:
- - cmd: mongodb_change_root_password
-
{%- endif %}
{%- endif %}