Backport MongoDB fixes to old manifests
In order to provide working rollback feature for Mongo role we should backport mongo-related fixes to installed 5.0 and 5.0.1 manifests. Change-Id: I8abd3af86485408fb45ef4550eec711c1dac272f Closes-Bug: #1360289
This commit is contained in:
Igor Kalnitsky
parent
74a97d500b
commit
1c130a706d
|
|
@ -0,0 +1,61 @@
|
|||
module MongoCommon
|
||||
|
||||
def mongo_local(cmd, database = @resource[:admin_database], username = @resource[:admin_username], password = @resource[:admin_password])
|
||||
mongo_cmd = [
|
||||
@resource[:mongo_path],
|
||||
'--quiet',
|
||||
'--eval',
|
||||
cmd,
|
||||
database,
|
||||
]
|
||||
output = Puppet::Util::Execution.execute(mongo_cmd, :failonfail => false, :combine => false)
|
||||
rc = $?.exitstatus
|
||||
Puppet.debug "Local Mongo: #{cmd} -> #{rc}: #{output}"
|
||||
[output, rc]
|
||||
end
|
||||
|
||||
def mongo_remote(cmd, database = @resource[:admin_database], username = @resource[:admin_username], password = @resource[:admin_password])
|
||||
mongo_cmd = [
|
||||
@resource[:mongo_path],
|
||||
'--username',
|
||||
username,
|
||||
'--password',
|
||||
password,
|
||||
'--host',
|
||||
@resource[:admin_host],
|
||||
'--port',
|
||||
@resource[:admin_port],
|
||||
'--quiet',
|
||||
'--eval',
|
||||
cmd,
|
||||
database,
|
||||
]
|
||||
output = Puppet::Util::Execution.execute(mongo_cmd, :failonfail => false, :combine => false)
|
||||
rc = $?.exitstatus
|
||||
Puppet.debug "Remote Mongo: #{cmd} -> #{rc}: #{output}"
|
||||
[output, rc]
|
||||
end
|
||||
|
||||
def mongo(cmd, database = @resource[:admin_database], username = @resource[:admin_username], password = @resource[:admin_password])
|
||||
output, rc = mongo_remote(cmd, database,username,password)
|
||||
return output if rc == 0
|
||||
output, rc = mongo_local(cmd, database,username,password)
|
||||
return output if rc == 0
|
||||
raise Puppet::ExecutionFailure, output
|
||||
end
|
||||
|
||||
def block_until_mongodb(tries = 10)
|
||||
begin
|
||||
mongo('db.getMongo()')
|
||||
rescue => e
|
||||
debug('MongoDB server not ready, retrying')
|
||||
sleep 2
|
||||
if (tries -= 1) > 0
|
||||
retry
|
||||
else
|
||||
raise e
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
Puppet::Type.type(:mongodb_database).provide(:mongodb) do
|
||||
require File.join(File.dirname(__FILE__), '..', 'common.rb')
|
||||
desc "Manages MongoDB database."
|
||||
defaultfor :kernel => 'Linux'
|
||||
include MongoCommon
|
||||
|
||||
def create
|
||||
Puppet.debug "mongo_database: #{@resource[:name]} create"
|
||||
mongo('db.dummyData.insert({"created_by_puppet": 1})', @resource[:name])
|
||||
end
|
||||
|
||||
def destroy
|
||||
Puppet.debug "mongo_database: #{@resource[:name]} destroy"
|
||||
mongo('db.dropDatabase()', @resource[:name])
|
||||
end
|
||||
|
||||
def exists?
|
||||
Puppet.debug "mongo_database: '#{@resource[:name]}' exists?"
|
||||
block_until_mongodb(@resource[:tries])
|
||||
current_databases = mongo('db.getMongo().getDBNames()').strip.split(',')
|
||||
exists = current_databases.include?(@resource[:name])
|
||||
Puppet.debug "mongo_database: '#{@resource[:name]}' all: #{current_databases.inspect} '#{@resource[:name]}' exists? #{exists}"
|
||||
exists
|
||||
end
|
||||
|
||||
end
|
||||
|
|
@ -0,0 +1,49 @@
|
|||
Puppet::Type.type(:mongodb_user).provide(:mongodb) do
|
||||
require File.join(File.dirname(__FILE__), '..', 'common.rb')
|
||||
desc "Manage users for a MongoDB database."
|
||||
defaultfor :kernel => 'Linux'
|
||||
include MongoCommon
|
||||
|
||||
def create
|
||||
Puppet.debug "mongodb_user: #{@resource[:name]} database '#{@resource[:database]}' create"
|
||||
mongo("db.getMongo().getDB('#{@resource[:database]}').system.users.insert({user:'#{@resource[:name]}', pwd:'#{@resource[:password_hash]}', roles: #{@resource[:roles].inspect}})")
|
||||
end
|
||||
|
||||
def destroy
|
||||
Puppet.debug "mongodb_user: #{@resource[:name]} database '#{@resource[:database]}' destroy"
|
||||
mongo("db.getMongo().getDB('#{@resource[:database]}').removeUser('#{@resource[:name]}')")
|
||||
end
|
||||
|
||||
def exists?
|
||||
Puppet.debug "mongodb_user: '#{@resource[:name]}' database '#{@resource[:database]}' exists?"
|
||||
block_until_mongodb(@resource[:tries])
|
||||
exists = mongo("db.getMongo().getDB('#{@resource[:database]}').system.users.find({user:'#{@resource[:name]}'}).count()").strip.to_i > 0
|
||||
Puppet.debug "mongodb_user: '#{@resource[:name]}' database '#{@resource[:database]}' exists? #{exists}"
|
||||
exists
|
||||
end
|
||||
|
||||
def password_hash
|
||||
Puppet.debug "mongodb_user: '#{@resource[:name]}' database '#{@resource[:database]}' password_hash get"
|
||||
hash = mongo("db.getMongo().getDB('#{@resource[:database]}').system.users.findOne({user:'#{@resource[:name]}'})['pwd']").strip
|
||||
Puppet.debug "mongodb_user: '#{@resource[:name]}' database '#{@resource[:database]}' password_hash: #{hash}"
|
||||
hash
|
||||
end
|
||||
|
||||
def password_hash=(value)
|
||||
Puppet.debug "mongodb_user: '#{@resource[:name]}' database '#{@resource[:database]}' password_hash set #{value.inspect}"
|
||||
mongo("db.getMongo().getDB('#{@resource[:database]}').system.users.update({user:'#{@resource[:name]}'}, { $set: {pwd:'#{value}'}})")
|
||||
end
|
||||
|
||||
def roles
|
||||
Puppet.debug "mongodb_user: '#{@resource[:name]}' database '#{@resource[:database]}' roles get"
|
||||
roles = mongo("db.getMongo().getDB('#{@resource[:database]}').system.users.findOne({user:'#{@resource[:name]}'})['roles']").strip.split(',').sort
|
||||
Puppet.debug "mongodb_user: '#{@resource[:name]}' roles: #{roles.inspect}"
|
||||
roles
|
||||
end
|
||||
|
||||
def roles=(value)
|
||||
Puppet.debug "mongodb_user: '#{@resource[:name]}' database '#{@resource[:database]}' roles set #{value.inspect}"
|
||||
mongo("db.getMongo().getDB('#{@resource[:database]}').system.users.update({user:'#{@resource[:name]}'}, { $set: {roles: #{@resource[:roles].inspect}}})")
|
||||
end
|
||||
|
||||
end
|
||||
|
|
@ -0,0 +1,56 @@
|
|||
Puppet::Type.newtype(:mongodb_database) do
|
||||
@doc = "Manage MongoDB databases."
|
||||
|
||||
ensurable
|
||||
|
||||
newparam(:name, :namevar=>true) do
|
||||
desc "The name of the database."
|
||||
newvalues(/^\w+$/)
|
||||
end
|
||||
|
||||
newparam(:admin_username) do
|
||||
desc "Administrator user login"
|
||||
defaultto 'admin'
|
||||
end
|
||||
|
||||
newparam(:admin_password) do
|
||||
desc "Administrator user password"
|
||||
end
|
||||
|
||||
newparam(:admin_host) do
|
||||
desc "Connect to this host as an admin user"
|
||||
defaultto 'localhost'
|
||||
end
|
||||
|
||||
newparam(:admin_port) do
|
||||
desc "Connect to this port as an admin user"
|
||||
defaultto '27017'
|
||||
end
|
||||
|
||||
newparam(:admin_database) do
|
||||
desc "Connect to this database as an admin user"
|
||||
defaultto 'admin'
|
||||
end
|
||||
|
||||
newparam(:mongo_path) do
|
||||
desc "Path to mongo binary"
|
||||
defaultto '/usr/bin/mongo'
|
||||
end
|
||||
|
||||
newparam(:tries) do
|
||||
desc "The maximum amount of two second tries to wait MongoDB startup."
|
||||
defaultto 10
|
||||
newvalues(/^\d+$/)
|
||||
munge do |value|
|
||||
Integer(value)
|
||||
end
|
||||
end
|
||||
|
||||
autorequire(:package) do
|
||||
'mongodb'
|
||||
end
|
||||
|
||||
autorequire(:service) do
|
||||
'mongodb'
|
||||
end
|
||||
end
|
||||
|
|
@ -0,0 +1,92 @@
|
|||
Puppet::Type.newtype(:mongodb_user) do
|
||||
@doc = 'Manage a MongoDB user. This includes management of users password as well as privileges.'
|
||||
|
||||
ensurable
|
||||
|
||||
def initialize(*args)
|
||||
super
|
||||
# Sort roles array before comparison.
|
||||
self[:roles] = Array(self[:roles]).sort!
|
||||
end
|
||||
|
||||
newparam(:name, :namevar=>true) do
|
||||
desc "The name of the user."
|
||||
end
|
||||
|
||||
newparam(:admin_username) do
|
||||
desc "Administrator user login"
|
||||
defaultto 'admin'
|
||||
end
|
||||
|
||||
newparam(:admin_password) do
|
||||
desc "Administrator user password"
|
||||
end
|
||||
|
||||
newparam(:admin_host) do
|
||||
desc "Connect to this host as an admin user"
|
||||
defaultto 'localhost'
|
||||
end
|
||||
|
||||
newparam(:admin_port) do
|
||||
desc "Connect to this port as an admin user"
|
||||
defaultto '27017'
|
||||
end
|
||||
|
||||
newparam(:mongo_path) do
|
||||
desc "Path to mongo binary"
|
||||
defaultto '/usr/bin/mongo'
|
||||
end
|
||||
|
||||
newparam(:admin_database) do
|
||||
desc "Connect to this database as an admin user"
|
||||
defaultto 'admin'
|
||||
end
|
||||
|
||||
newparam(:database) do
|
||||
desc "The user's target database."
|
||||
defaultto do
|
||||
fail("Parameter 'database' must be set")
|
||||
end
|
||||
newvalues(/^\w+$/)
|
||||
end
|
||||
|
||||
newparam(:tries) do
|
||||
desc "The maximum amount of two second tries to wait MongoDB startup."
|
||||
defaultto 10
|
||||
newvalues(/^\d+$/)
|
||||
munge do |value|
|
||||
Integer(value)
|
||||
end
|
||||
end
|
||||
|
||||
newproperty(:roles, :array_matching => :all) do
|
||||
desc "The user's roles."
|
||||
defaultto ['dbAdmin']
|
||||
newvalue(/^\w+$/)
|
||||
|
||||
# Pretty output for arrays.
|
||||
def should_to_s(value)
|
||||
value.inspect
|
||||
end
|
||||
|
||||
def is_to_s(value)
|
||||
value.inspect
|
||||
end
|
||||
end
|
||||
|
||||
newproperty(:password_hash) do
|
||||
desc "The password hash of the user. Use mongodb_password() for creating hash."
|
||||
defaultto do
|
||||
fail("Property 'password_hash' must be set. Use mongodb_password() for creating hash.")
|
||||
end
|
||||
newvalue(/^\w+$/)
|
||||
end
|
||||
|
||||
autorequire(:package) do
|
||||
'mongodb'
|
||||
end
|
||||
|
||||
autorequire(:service) do
|
||||
'mongodb'
|
||||
end
|
||||
end
|
||||
|
|
@ -0,0 +1,55 @@
|
|||
# == Class: mongodb::db
|
||||
#
|
||||
# Class for creating mongodb databases and users.
|
||||
#
|
||||
# == Parameters
|
||||
#
|
||||
# user - Database username.
|
||||
# password_hash - Hashed password. Hex encoded md5 hash of "$username:mongo:$password".
|
||||
# password - Plain text user password. This is UNSAFE, use 'password_hash' unstead.
|
||||
# roles (default: ['dbAdmin']) - array with user roles.
|
||||
# tries (default: 10) - The maximum amount of two second tries to wait MongoDB startup.
|
||||
#
|
||||
define mongodb::db (
|
||||
$user,
|
||||
$password_hash = false,
|
||||
$password = false,
|
||||
$roles = ['dbAdmin'],
|
||||
$tries = 10,
|
||||
$admin_username = undef,
|
||||
$admin_password = undef,
|
||||
$admin_host = undef,
|
||||
$admin_database = undef,
|
||||
) {
|
||||
|
||||
mongodb_database { $name:
|
||||
ensure => present,
|
||||
tries => $tries,
|
||||
admin_username => $admin_username,
|
||||
admin_password => $admin_password,
|
||||
admin_host => $admin_host,
|
||||
admin_database => $admin_database,
|
||||
require => Class['mongodb::server'],
|
||||
}
|
||||
|
||||
if $password_hash {
|
||||
$hash = $password_hash
|
||||
} elsif $password {
|
||||
$hash = mongodb_password($user, $password)
|
||||
} else {
|
||||
fail("Parameter 'password_hash' or 'password' should be provided to mongodb::db.")
|
||||
}
|
||||
|
||||
mongodb_user { $user:
|
||||
ensure => present,
|
||||
password_hash => $hash,
|
||||
database => $name,
|
||||
roles => $roles,
|
||||
admin_username => $admin_username,
|
||||
admin_password => $admin_password,
|
||||
admin_host => $admin_host,
|
||||
admin_database => $admin_database,
|
||||
require => Mongodb_database[$name],
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,58 @@
|
|||
# == Class: openstack::mongo
|
||||
|
||||
class openstack::mongo (
|
||||
$ceilometer_database = "ceilometer",
|
||||
$ceilometer_user = "ceilometer",
|
||||
$ceilometer_metering_secret = undef,
|
||||
$ceilometer_db_password = "ceilometer",
|
||||
$ceilometer_metering_secret = "ceilometer",
|
||||
$mongodb_port = 27017,
|
||||
$mongodb_bind_address = ['0.0.0.0'],
|
||||
$verbose = false,
|
||||
$use_syslog = true,
|
||||
) {
|
||||
|
||||
class {'::mongodb::client':
|
||||
} ->
|
||||
|
||||
class {'::mongodb::server':
|
||||
port => $mongodb_port,
|
||||
verbose => $verbose,
|
||||
use_syslog => $use_syslog,
|
||||
bind_ip => $mongodb_bind_address,
|
||||
auth => true,
|
||||
} ->
|
||||
|
||||
mongodb::db { $ceilometer_database:
|
||||
user => $ceilometer_user,
|
||||
password => $ceilometer_db_password,
|
||||
roles => ['readWrite', 'dbAdmin', 'dbOwner'],
|
||||
admin_username => 'admin',
|
||||
admin_password => $ceilometer_db_password,
|
||||
admin_database => 'admin',
|
||||
} ->
|
||||
|
||||
mongodb::db { 'admin':
|
||||
user => 'admin',
|
||||
password => $ceilometer_db_password,
|
||||
roles => [
|
||||
'userAdmin',
|
||||
'readWrite',
|
||||
'dbAdmin',
|
||||
'dbAdminAnyDatabase',
|
||||
'readAnyDatabase',
|
||||
'readWriteAnyDatabase',
|
||||
'userAdminAnyDatabase',
|
||||
'clusterAdmin',
|
||||
'clusterManager',
|
||||
'clusterMonitor',
|
||||
'hostManager',
|
||||
'root',
|
||||
'restore',
|
||||
],
|
||||
admin_username => 'admin',
|
||||
admin_password => $ceilometer_db_password,
|
||||
admin_database => 'admin',
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,82 @@
|
|||
# == Class: openstack::mongo_primary
|
||||
|
||||
class openstack::mongo_primary (
|
||||
$ceilometer_database = "ceilometer",
|
||||
$ceilometer_user = "ceilometer",
|
||||
$ceilometer_metering_secret = undef,
|
||||
$ceilometer_db_password = "ceilometer",
|
||||
$ceilometer_metering_secret = "ceilometer",
|
||||
$ceilometer_replset_members = ['mongo2', 'mongo3'],
|
||||
$mongodb_bind_address = ['0.0.0.0'],
|
||||
$mongodb_port = 27017,
|
||||
$use_syslog = true,
|
||||
$verbose = false,
|
||||
) {
|
||||
|
||||
if size($ceilometer_replset_members) > 0 {
|
||||
$replset_setup = true
|
||||
$keyfile = '/etc/mongodb.key'
|
||||
$replset = 'ceilometer'
|
||||
} else {
|
||||
$replset_setup = false
|
||||
$keyfile = undef
|
||||
$replset = undef
|
||||
}
|
||||
|
||||
notify {"MongoDB params: $mongodb_bind_address" :} ->
|
||||
|
||||
class {'::mongodb::client':
|
||||
} ->
|
||||
|
||||
class {'::mongodb::server':
|
||||
port => $mongodb_port,
|
||||
verbose => $verbose,
|
||||
use_syslog => $use_syslog,
|
||||
bind_ip => $mongodb_bind_address,
|
||||
auth => true,
|
||||
replset => $replset,
|
||||
keyfile => $keyfile,
|
||||
} ->
|
||||
|
||||
class {'::mongodb::replset':
|
||||
replset_setup => $replset_setup,
|
||||
replset_members => $ceilometer_replset_members,
|
||||
} ->
|
||||
|
||||
notify {"mongodb configuring databases" :} ->
|
||||
|
||||
mongodb::db { $ceilometer_database:
|
||||
user => $ceilometer_user,
|
||||
password => $ceilometer_db_password,
|
||||
roles => [ 'readWrite', 'dbAdmin', 'dbOwner' ],
|
||||
admin_username => 'admin',
|
||||
admin_password => $ceilometer_db_password,
|
||||
admin_database => 'admin',
|
||||
} ->
|
||||
|
||||
mongodb::db { 'admin':
|
||||
user => 'admin',
|
||||
password => $ceilometer_db_password,
|
||||
roles => [
|
||||
'userAdmin',
|
||||
'readWrite',
|
||||
'dbAdmin',
|
||||
'dbAdminAnyDatabase',
|
||||
'readAnyDatabase',
|
||||
'readWriteAnyDatabase',
|
||||
'userAdminAnyDatabase',
|
||||
'clusterAdmin',
|
||||
'clusterManager',
|
||||
'clusterMonitor',
|
||||
'hostManager',
|
||||
'root',
|
||||
'restore',
|
||||
],
|
||||
admin_username => 'admin',
|
||||
admin_password => $ceilometer_db_password,
|
||||
admin_database => 'admin',
|
||||
} ->
|
||||
|
||||
notify {"mongodb primary finished": }
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,61 @@
|
|||
module MongoCommon
|
||||
|
||||
def mongo_local(cmd, database = @resource[:admin_database], username = @resource[:admin_username], password = @resource[:admin_password])
|
||||
mongo_cmd = [
|
||||
@resource[:mongo_path],
|
||||
'--quiet',
|
||||
'--eval',
|
||||
cmd,
|
||||
database,
|
||||
]
|
||||
output = Puppet::Util::Execution.execute(mongo_cmd, :failonfail => false, :combine => false)
|
||||
rc = $?.exitstatus
|
||||
Puppet.debug "Local Mongo: #{cmd} -> #{rc}: #{output}"
|
||||
[output, rc]
|
||||
end
|
||||
|
||||
def mongo_remote(cmd, database = @resource[:admin_database], username = @resource[:admin_username], password = @resource[:admin_password])
|
||||
mongo_cmd = [
|
||||
@resource[:mongo_path],
|
||||
'--username',
|
||||
username,
|
||||
'--password',
|
||||
password,
|
||||
'--host',
|
||||
@resource[:admin_host],
|
||||
'--port',
|
||||
@resource[:admin_port],
|
||||
'--quiet',
|
||||
'--eval',
|
||||
cmd,
|
||||
database,
|
||||
]
|
||||
output = Puppet::Util::Execution.execute(mongo_cmd, :failonfail => false, :combine => false)
|
||||
rc = $?.exitstatus
|
||||
Puppet.debug "Remote Mongo: #{cmd} -> #{rc}: #{output}"
|
||||
[output, rc]
|
||||
end
|
||||
|
||||
def mongo(cmd, database = @resource[:admin_database], username = @resource[:admin_username], password = @resource[:admin_password])
|
||||
output, rc = mongo_remote(cmd, database,username,password)
|
||||
return output if rc == 0
|
||||
output, rc = mongo_local(cmd, database,username,password)
|
||||
return output if rc == 0
|
||||
raise Puppet::ExecutionFailure, output
|
||||
end
|
||||
|
||||
def block_until_mongodb(tries = 10)
|
||||
begin
|
||||
mongo('db.getMongo()')
|
||||
rescue => e
|
||||
debug('MongoDB server not ready, retrying')
|
||||
sleep 2
|
||||
if (tries -= 1) > 0
|
||||
retry
|
||||
else
|
||||
raise e
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
Puppet::Type.type(:mongodb_database).provide(:mongodb) do
|
||||
require File.join(File.dirname(__FILE__), '..', 'common.rb')
|
||||
desc "Manages MongoDB database."
|
||||
defaultfor :kernel => 'Linux'
|
||||
include MongoCommon
|
||||
|
||||
def create
|
||||
Puppet.debug "mongo_database: #{@resource[:name]} create"
|
||||
mongo('db.dummyData.insert({"created_by_puppet": 1})', @resource[:name])
|
||||
end
|
||||
|
||||
def destroy
|
||||
Puppet.debug "mongo_database: #{@resource[:name]} destroy"
|
||||
mongo('db.dropDatabase()', @resource[:name])
|
||||
end
|
||||
|
||||
def exists?
|
||||
Puppet.debug "mongo_database: '#{@resource[:name]}' exists?"
|
||||
block_until_mongodb(@resource[:tries])
|
||||
current_databases = mongo('db.getMongo().getDBNames()').strip.split(',')
|
||||
exists = current_databases.include?(@resource[:name])
|
||||
Puppet.debug "mongo_database: '#{@resource[:name]}' all: #{current_databases.inspect} '#{@resource[:name]}' exists? #{exists}"
|
||||
exists
|
||||
end
|
||||
|
||||
end
|
||||
|
|
@ -0,0 +1,49 @@
|
|||
Puppet::Type.type(:mongodb_user).provide(:mongodb) do
|
||||
require File.join(File.dirname(__FILE__), '..', 'common.rb')
|
||||
desc "Manage users for a MongoDB database."
|
||||
defaultfor :kernel => 'Linux'
|
||||
include MongoCommon
|
||||
|
||||
def create
|
||||
Puppet.debug "mongodb_user: #{@resource[:name]} database '#{@resource[:database]}' create"
|
||||
mongo("db.getMongo().getDB('#{@resource[:database]}').system.users.insert({user:'#{@resource[:name]}', pwd:'#{@resource[:password_hash]}', roles: #{@resource[:roles].inspect}})")
|
||||
end
|
||||
|
||||
def destroy
|
||||
Puppet.debug "mongodb_user: #{@resource[:name]} database '#{@resource[:database]}' destroy"
|
||||
mongo("db.getMongo().getDB('#{@resource[:database]}').removeUser('#{@resource[:name]}')")
|
||||
end
|
||||
|
||||
def exists?
|
||||
Puppet.debug "mongodb_user: '#{@resource[:name]}' database '#{@resource[:database]}' exists?"
|
||||
block_until_mongodb(@resource[:tries])
|
||||
exists = mongo("db.getMongo().getDB('#{@resource[:database]}').system.users.find({user:'#{@resource[:name]}'}).count()").strip.to_i > 0
|
||||
Puppet.debug "mongodb_user: '#{@resource[:name]}' database '#{@resource[:database]}' exists? #{exists}"
|
||||
exists
|
||||
end
|
||||
|
||||
def password_hash
|
||||
Puppet.debug "mongodb_user: '#{@resource[:name]}' database '#{@resource[:database]}' password_hash get"
|
||||
hash = mongo("db.getMongo().getDB('#{@resource[:database]}').system.users.findOne({user:'#{@resource[:name]}'})['pwd']").strip
|
||||
Puppet.debug "mongodb_user: '#{@resource[:name]}' database '#{@resource[:database]}' password_hash: #{hash}"
|
||||
hash
|
||||
end
|
||||
|
||||
def password_hash=(value)
|
||||
Puppet.debug "mongodb_user: '#{@resource[:name]}' database '#{@resource[:database]}' password_hash set #{value.inspect}"
|
||||
mongo("db.getMongo().getDB('#{@resource[:database]}').system.users.update({user:'#{@resource[:name]}'}, { $set: {pwd:'#{value}'}})")
|
||||
end
|
||||
|
||||
def roles
|
||||
Puppet.debug "mongodb_user: '#{@resource[:name]}' database '#{@resource[:database]}' roles get"
|
||||
roles = mongo("db.getMongo().getDB('#{@resource[:database]}').system.users.findOne({user:'#{@resource[:name]}'})['roles']").strip.split(',').sort
|
||||
Puppet.debug "mongodb_user: '#{@resource[:name]}' roles: #{roles.inspect}"
|
||||
roles
|
||||
end
|
||||
|
||||
def roles=(value)
|
||||
Puppet.debug "mongodb_user: '#{@resource[:name]}' database '#{@resource[:database]}' roles set #{value.inspect}"
|
||||
mongo("db.getMongo().getDB('#{@resource[:database]}').system.users.update({user:'#{@resource[:name]}'}, { $set: {roles: #{@resource[:roles].inspect}}})")
|
||||
end
|
||||
|
||||
end
|
||||
|
|
@ -0,0 +1,56 @@
|
|||
Puppet::Type.newtype(:mongodb_database) do
|
||||
@doc = "Manage MongoDB databases."
|
||||
|
||||
ensurable
|
||||
|
||||
newparam(:name, :namevar=>true) do
|
||||
desc "The name of the database."
|
||||
newvalues(/^\w+$/)
|
||||
end
|
||||
|
||||
newparam(:admin_username) do
|
||||
desc "Administrator user login"
|
||||
defaultto 'admin'
|
||||
end
|
||||
|
||||
newparam(:admin_password) do
|
||||
desc "Administrator user password"
|
||||
end
|
||||
|
||||
newparam(:admin_host) do
|
||||
desc "Connect to this host as an admin user"
|
||||
defaultto 'localhost'
|
||||
end
|
||||
|
||||
newparam(:admin_port) do
|
||||
desc "Connect to this port as an admin user"
|
||||
defaultto '27017'
|
||||
end
|
||||
|
||||
newparam(:admin_database) do
|
||||
desc "Connect to this database as an admin user"
|
||||
defaultto 'admin'
|
||||
end
|
||||
|
||||
newparam(:mongo_path) do
|
||||
desc "Path to mongo binary"
|
||||
defaultto '/usr/bin/mongo'
|
||||
end
|
||||
|
||||
newparam(:tries) do
|
||||
desc "The maximum amount of two second tries to wait MongoDB startup."
|
||||
defaultto 10
|
||||
newvalues(/^\d+$/)
|
||||
munge do |value|
|
||||
Integer(value)
|
||||
end
|
||||
end
|
||||
|
||||
autorequire(:package) do
|
||||
'mongodb'
|
||||
end
|
||||
|
||||
autorequire(:service) do
|
||||
'mongodb'
|
||||
end
|
||||
end
|
||||
|
|
@ -0,0 +1,92 @@
|
|||
Puppet::Type.newtype(:mongodb_user) do
|
||||
@doc = 'Manage a MongoDB user. This includes management of users password as well as privileges.'
|
||||
|
||||
ensurable
|
||||
|
||||
def initialize(*args)
|
||||
super
|
||||
# Sort roles array before comparison.
|
||||
self[:roles] = Array(self[:roles]).sort!
|
||||
end
|
||||
|
||||
newparam(:name, :namevar=>true) do
|
||||
desc "The name of the user."
|
||||
end
|
||||
|
||||
newparam(:admin_username) do
|
||||
desc "Administrator user login"
|
||||
defaultto 'admin'
|
||||
end
|
||||
|
||||
newparam(:admin_password) do
|
||||
desc "Administrator user password"
|
||||
end
|
||||
|
||||
newparam(:admin_host) do
|
||||
desc "Connect to this host as an admin user"
|
||||
defaultto 'localhost'
|
||||
end
|
||||
|
||||
newparam(:admin_port) do
|
||||
desc "Connect to this port as an admin user"
|
||||
defaultto '27017'
|
||||
end
|
||||
|
||||
newparam(:mongo_path) do
|
||||
desc "Path to mongo binary"
|
||||
defaultto '/usr/bin/mongo'
|
||||
end
|
||||
|
||||
newparam(:admin_database) do
|
||||
desc "Connect to this database as an admin user"
|
||||
defaultto 'admin'
|
||||
end
|
||||
|
||||
newparam(:database) do
|
||||
desc "The user's target database."
|
||||
defaultto do
|
||||
fail("Parameter 'database' must be set")
|
||||
end
|
||||
newvalues(/^\w+$/)
|
||||
end
|
||||
|
||||
newparam(:tries) do
|
||||
desc "The maximum amount of two second tries to wait MongoDB startup."
|
||||
defaultto 10
|
||||
newvalues(/^\d+$/)
|
||||
munge do |value|
|
||||
Integer(value)
|
||||
end
|
||||
end
|
||||
|
||||
newproperty(:roles, :array_matching => :all) do
|
||||
desc "The user's roles."
|
||||
defaultto ['dbAdmin']
|
||||
newvalue(/^\w+$/)
|
||||
|
||||
# Pretty output for arrays.
|
||||
def should_to_s(value)
|
||||
value.inspect
|
||||
end
|
||||
|
||||
def is_to_s(value)
|
||||
value.inspect
|
||||
end
|
||||
end
|
||||
|
||||
newproperty(:password_hash) do
|
||||
desc "The password hash of the user. Use mongodb_password() for creating hash."
|
||||
defaultto do
|
||||
fail("Property 'password_hash' must be set. Use mongodb_password() for creating hash.")
|
||||
end
|
||||
newvalue(/^\w+$/)
|
||||
end
|
||||
|
||||
autorequire(:package) do
|
||||
'mongodb'
|
||||
end
|
||||
|
||||
autorequire(:service) do
|
||||
'mongodb'
|
||||
end
|
||||
end
|
||||
|
|
@ -0,0 +1,55 @@
|
|||
# == Class: mongodb::db
|
||||
#
|
||||
# Class for creating mongodb databases and users.
|
||||
#
|
||||
# == Parameters
|
||||
#
|
||||
# user - Database username.
|
||||
# password_hash - Hashed password. Hex encoded md5 hash of "$username:mongo:$password".
|
||||
# password - Plain text user password. This is UNSAFE, use 'password_hash' unstead.
|
||||
# roles (default: ['dbAdmin']) - array with user roles.
|
||||
# tries (default: 10) - The maximum amount of two second tries to wait MongoDB startup.
|
||||
#
|
||||
define mongodb::db (
|
||||
$user,
|
||||
$password_hash = false,
|
||||
$password = false,
|
||||
$roles = ['dbAdmin'],
|
||||
$tries = 10,
|
||||
$admin_username = undef,
|
||||
$admin_password = undef,
|
||||
$admin_host = undef,
|
||||
$admin_database = undef,
|
||||
) {
|
||||
|
||||
mongodb_database { $name:
|
||||
ensure => present,
|
||||
tries => $tries,
|
||||
admin_username => $admin_username,
|
||||
admin_password => $admin_password,
|
||||
admin_host => $admin_host,
|
||||
admin_database => $admin_database,
|
||||
require => Class['mongodb::server'],
|
||||
}
|
||||
|
||||
if $password_hash {
|
||||
$hash = $password_hash
|
||||
} elsif $password {
|
||||
$hash = mongodb_password($user, $password)
|
||||
} else {
|
||||
fail("Parameter 'password_hash' or 'password' should be provided to mongodb::db.")
|
||||
}
|
||||
|
||||
mongodb_user { $user:
|
||||
ensure => present,
|
||||
password_hash => $hash,
|
||||
database => $name,
|
||||
roles => $roles,
|
||||
admin_username => $admin_username,
|
||||
admin_password => $admin_password,
|
||||
admin_host => $admin_host,
|
||||
admin_database => $admin_database,
|
||||
require => Mongodb_database[$name],
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,58 @@
|
|||
# == Class: openstack::mongo
|
||||
|
||||
class openstack::mongo (
|
||||
$ceilometer_database = "ceilometer",
|
||||
$ceilometer_user = "ceilometer",
|
||||
$ceilometer_metering_secret = undef,
|
||||
$ceilometer_db_password = "ceilometer",
|
||||
$ceilometer_metering_secret = "ceilometer",
|
||||
$mongodb_port = 27017,
|
||||
$mongodb_bind_address = ['0.0.0.0'],
|
||||
$verbose = false,
|
||||
$use_syslog = true,
|
||||
) {
|
||||
|
||||
class {'::mongodb::client':
|
||||
} ->
|
||||
|
||||
class {'::mongodb::server':
|
||||
port => $mongodb_port,
|
||||
verbose => $verbose,
|
||||
use_syslog => $use_syslog,
|
||||
bind_ip => $mongodb_bind_address,
|
||||
auth => true,
|
||||
} ->
|
||||
|
||||
mongodb::db { $ceilometer_database:
|
||||
user => $ceilometer_user,
|
||||
password => $ceilometer_db_password,
|
||||
roles => ['readWrite', 'dbAdmin', 'dbOwner'],
|
||||
admin_username => 'admin',
|
||||
admin_password => $ceilometer_db_password,
|
||||
admin_database => 'admin',
|
||||
} ->
|
||||
|
||||
mongodb::db { 'admin':
|
||||
user => 'admin',
|
||||
password => $ceilometer_db_password,
|
||||
roles => [
|
||||
'userAdmin',
|
||||
'readWrite',
|
||||
'dbAdmin',
|
||||
'dbAdminAnyDatabase',
|
||||
'readAnyDatabase',
|
||||
'readWriteAnyDatabase',
|
||||
'userAdminAnyDatabase',
|
||||
'clusterAdmin',
|
||||
'clusterManager',
|
||||
'clusterMonitor',
|
||||
'hostManager',
|
||||
'root',
|
||||
'restore',
|
||||
],
|
||||
admin_username => 'admin',
|
||||
admin_password => $ceilometer_db_password,
|
||||
admin_database => 'admin',
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,82 @@
|
|||
# == Class: openstack::mongo_primary
|
||||
|
||||
class openstack::mongo_primary (
|
||||
$ceilometer_database = "ceilometer",
|
||||
$ceilometer_user = "ceilometer",
|
||||
$ceilometer_metering_secret = undef,
|
||||
$ceilometer_db_password = "ceilometer",
|
||||
$ceilometer_metering_secret = "ceilometer",
|
||||
$ceilometer_replset_members = ['mongo2', 'mongo3'],
|
||||
$mongodb_bind_address = ['0.0.0.0'],
|
||||
$mongodb_port = 27017,
|
||||
$use_syslog = true,
|
||||
$verbose = false,
|
||||
) {
|
||||
|
||||
if size($ceilometer_replset_members) > 0 {
|
||||
$replset_setup = true
|
||||
$keyfile = '/etc/mongodb.key'
|
||||
$replset = 'ceilometer'
|
||||
} else {
|
||||
$replset_setup = false
|
||||
$keyfile = undef
|
||||
$replset = undef
|
||||
}
|
||||
|
||||
notify {"MongoDB params: $mongodb_bind_address" :} ->
|
||||
|
||||
class {'::mongodb::client':
|
||||
} ->
|
||||
|
||||
class {'::mongodb::server':
|
||||
port => $mongodb_port,
|
||||
verbose => $verbose,
|
||||
use_syslog => $use_syslog,
|
||||
bind_ip => $mongodb_bind_address,
|
||||
auth => true,
|
||||
replset => $replset,
|
||||
keyfile => $keyfile,
|
||||
} ->
|
||||
|
||||
class {'::mongodb::replset':
|
||||
replset_setup => $replset_setup,
|
||||
replset_members => $ceilometer_replset_members,
|
||||
} ->
|
||||
|
||||
notify {"mongodb configuring databases" :} ->
|
||||
|
||||
mongodb::db { $ceilometer_database:
|
||||
user => $ceilometer_user,
|
||||
password => $ceilometer_db_password,
|
||||
roles => [ 'readWrite', 'dbAdmin', 'dbOwner' ],
|
||||
admin_username => 'admin',
|
||||
admin_password => $ceilometer_db_password,
|
||||
admin_database => 'admin',
|
||||
} ->
|
||||
|
||||
mongodb::db { 'admin':
|
||||
user => 'admin',
|
||||
password => $ceilometer_db_password,
|
||||
roles => [
|
||||
'userAdmin',
|
||||
'readWrite',
|
||||
'dbAdmin',
|
||||
'dbAdminAnyDatabase',
|
||||
'readAnyDatabase',
|
||||
'readWriteAnyDatabase',
|
||||
'userAdminAnyDatabase',
|
||||
'clusterAdmin',
|
||||
'clusterManager',
|
||||
'clusterMonitor',
|
||||
'hostManager',
|
||||
'root',
|
||||
'restore',
|
||||
],
|
||||
admin_username => 'admin',
|
||||
admin_password => $ceilometer_db_password,
|
||||
admin_database => 'admin',
|
||||
} ->
|
||||
|
||||
notify {"mongodb primary finished": }
|
||||
|
||||
}
|
||||
Loading…
Reference in New Issue