Last active
August 5, 2017 22:43
-
-
Save cognifloyd/12db1fc9685f395787d9ec2d72ea69e3 to your computer and use it in GitHub Desktop.
tasks in a role, current solution and approximated solution
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - name: See if authentication is enabled in mongod.conf | |
| check_mode: yes | |
| lineinfile: | |
| path: /etc/mongod.conf | |
| insertafter: 'security:' | |
| line: ' authorization: enabled' | |
| register: mongo_authorization | |
| - name: Add mongo admin when authorization is disabled | |
| mongodb_user: | |
| state: present | |
| update_password: on_create | |
| name: "{{ st2mongo_admin_username }}" | |
| password: "{{ st2mongo_admin_password }}" | |
| database: "{{ st2mongo_admin_db }}" | |
| roles: userAdminAnyDatabase | |
| login_host: "{{ st2mongo_host }}" | |
| login_port: "{{ st2mongo_port }}" | |
| login_user: "{{ st2mongo_admin_username }}" | |
| login_password: "{{ st2mongo_admin_password }}" | |
| when: mongo_authorization|changed | |
| - name: Make sure mongo admin is setup when authorization is enabled | |
| mongodb_user: | |
| state: present | |
| update_password: on_create | |
| name: "{{ st2mongo_admin_username }}" | |
| password: "{{ st2mongo_admin_password }}" | |
| database: "{{ st2mongo_admin_db }}" | |
| roles: userAdminAnyDatabase | |
| login_host: "{{ st2mongo_host }}" | |
| login_port: "{{ st2mongo_port }}" | |
| notify: Restart mongod | |
| when: mongo_authorization|succeeded |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - name: See if authentication is enabled in mongod.conf | |
| check_mode: yes | |
| lineinfile: | |
| path: /etc/mongod.conf | |
| insertafter: 'security:' | |
| line: ' authorization: enabled' | |
| register: mongo_authorization | |
| - name: Add mongo admin | |
| mongodb_user: | |
| state: present | |
| update_password: on_create | |
| name: "{{ st2mongo_admin_username }}" | |
| password: "{{ st2mongo_admin_password }}" | |
| database: "{{ st2mongo_admin_db }}" | |
| roles: userAdminAnyDatabase | |
| login_host: "{{ st2mongo_host }}" | |
| login_port: "{{ st2mongo_port }}" | |
| login_user: "{{ if mongo_authorization|changed then st2mongo_admin_username or omit}}" | |
| login_password: "{{ mongo_authorization|changed then st2mongo_admin_password or omit }}" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - name: See if authorization is enabled in mongod.conf | |
| check_mode: yes | |
| lineinfile: | |
| path: /etc/mongod.conf | |
| insertafter: 'security:' | |
| line: ' authorization: enabled' | |
| register: mongo_authorization | |
| # changed = line not in file, authorization is disabled | |
| # succeeded = line in file, authorization is enabled | |
| - name: Add mongo admin | |
| mongodb_user: | |
| state: present | |
| update_password: on_create | |
| name: "{{ st2mongo_admin_username }}" | |
| password: "{{ st2mongo_admin_password }}" | |
| database: "{{ st2mongo_admin_db }}" | |
| roles: userAdminAnyDatabase | |
| login_host: "{{ st2mongo_host }}" | |
| login_port: "{{ st2mongo_port }}" | |
| login_user: "{{ mongo_authorization|changed | ternary(omit, st2mongo_admin_username) }}" | |
| login_password: "{{ mongo_authorization|changed | ternary(omit, st2mongo_admin_password) }}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment