stone-payments.mongodb
stone-payments.mongodb
Role for Ansible that manages MongoDB, either as a standalone setup or in a replica set.
Supported Systems
To keep our development focused, we only support distributions that:
- Are currently supported by their developers (not end-of-life);
- Are currently supported by MongoDB.org (this requirement may change soon);
- Use systemd;
- Have a significant user base.
Currently, we support:
- Enterprise Linux (CentOS and RHEL)
- 7.3
- 7.4
- 7.5
- Ubuntu
- 16.04
More distributions may be supported upon request if they meet the above criteria.
Usage
Quickstart
To set up a basic, passwordless, standalone MongoDB, add this to your play:
- name: install mongodb
hosts: all
roles: stone-payments.mongodb
Replica Set Setup
To create a replica set, you need to tell the master it's a master, and specify which master a replica should connect to. Use the following:
- name: install mongodb replica set
hosts: all
roles: stone-payments.mongodb
vars:
mongodb_conf_bindIp: "0.0.0.0"
mongodb_replSet_enabled: true
mongodb_replSet_name: "someReplicaSetName"
mongodb_replSet_master: "1.2.3.4" # must be an IP address
mongodb_replSet_key: "someLongKey" # optional, cross-replica authentication key
mongodb_replSet_member: "{{ ansible_eth1['ipv4']['address'] }}" # optional, specify another interface for replication
mongodb_replSet_arbiter: "{{ true if inventory_hostname == 'hostThatIsArbiter' else false }}"
Authentication
To enable authentication and create an admin account:
- name: install mongodb with authentication
hosts: all
roles: stone-payments.mongodb
vars:
mongodb_conf_auth: true
mongodb_admin_user: "admin"
mongodb_admin_password: "somePassword"
Logging
You can set any logging option using the mongodb_conf_logging dictionary:
- name: install mongodb with network debug logging
hosts: all
roles: stone-payments.mongodb
vars:
mongodb_conf_logging:
verbosity: 0
component:
network:
verbosity: 5
destination: file
path: /var/log/mongodb/mongod.log
Firewall
Use this rule to configure ufw or firewalld to allow incoming connections by default. Customize it with these options:
- name: install mongodb with custom firewall settings
hosts: all
roles: stone-payments.mongodb
vars:
mongodb_firewall_zone: "public" # firewalld only
mongodb_firewall_interface: "eth0" # ufw only
mongodb_firewall_source: "192.168.0.0/24" # ufw only
You can disable firewall configuration by setting mongodb_install_firewall: false.
Linux Security Modules
This role configures Linux Security Modules (LSMs) by default (currently only SELinux is supported). Disable it by setting:
mongodb_install_lsm: false.
Other Configs
Most other configurations are straightforward or linked to MongoDB features. Change values in defaults/main.yml to apply them to your system.
Testing
This role uses Molecule with Docker for unit tests, supporting Molecule 2.0 and above. Some tests use Vagrant with VirtualBox for scenarios that require a complete VM but currently lack CI support for nested virtualization.
Docker Environment Setup
To set up Molecule and the Docker library in a virtual environment, run:
sudo pip install docker-py
virtualenv .venv
.venv/bin/activate
pip install molecule docker-py
You also need the libselinux-python library on SELinux-enabled hosts:
sudo yum install python2-libselinux
Vagrant Environment Setup
To install Molecule in a virtual environment:
virtualenv .venv
.venv/bin/activate
pip install molecule
Running the Test
After setting up Molecule, run the tests with:
molecule converge [-s scenario_name]
scenario_name is the name of the test case; if omitted, the default test case runs.
Contributing
Feel free to open a pull request. We welcome contributions!
To Do List
Some suggestions for improvement:
- Support using MongoDB provided by the distribution.
- Write more standalone tests with serverspec or testinfra.
- Enhance the test case for the replica set.
License
This role is released under the MIT license.
ansible-galaxy install stone-payments.mongodb