diff --git a/.travis.yml b/.travis.yml index 7fd971585..a76b1f612 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,10 +10,10 @@ before_install: matrix: fast_finish: true include: - - rvm: 2.3.1 + - rvm: 2.4.0 bundler_args: --without system_tests - env: PUPPET_GEM_VERSION="~> 4.0" - - rvm: 2.1.7 + env: PUPPET_GEM_VERSION="~> 5.0" + - rvm: 2.1.9 bundler_args: --without system_tests env: PUPPET_GEM_VERSION="~> 4.0" notifications: diff --git a/CHANGELOG.md b/CHANGELOG.md index 7200b83c1..6933d3952 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,51 +1,75 @@ -## Release 0.17.0 +# Change log + +All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) +and this project adheres to [Semantic Versioning](http://semver.org). + +## Unsupported Release [1.0.0] +### Summary +Major release removing Puppet 3 support. + +#### Added +- `ssl_weak_cert` param in `mongodb::server` type +- `system_logrotate` param in `mongodb`, `mongodb::server`, and `mongodb::server::config` +- `handle_creds` to handle credentials outside of Puppet ([MODULES-1754](https://tickets.puppet.com/browse/MODULES-1754)) +- `sslMode` when SSL is used +- ability to use unencrypted passwords + +#### Changed +- **lower bound of Puppet requirement to 4.7.0** +- use of `sslMode` to `sslOnNormalPorts` to determine if SSL is enabled + +#### Fixed +- `database` property in `mongodb_user` to allow hyphens ([MODULES-4444](https://tickets.puppet.com/browse/MODULES-4444)) +- gsub pattern for `is_master` fact +- `mongodb_version` fact +- selinux dbpath contexts in `mongodb::server::config` +- Debian-based repo paths +- `$pidfilepath` for Debian +- syntax error in net.ipv6 configuration option +- spec failure caused by Puppet 5 +- is_master in mongodb provider + +## Unsupported Release [0.17.0] ### Summary Adding features to improve spec testing, and added ability to manage pidfile creation -## Bugfixes -- gettext and spec.opts fixes -- MODULES-3631 - msync Gemfile for 1.0 frozen strings -- MODULES-3956 - MongoDB 3.12 creates pid file and checks in init script -- MODULES-3704 - Update gemfile template to be identical -- Allow deprecation errors +#### Fixed +- gettext and spec.opts +- msync Gemfile for 1.0 frozen strings ([MODULES-3631](https://tickets.puppet.com/browse/MODULES-3631)) +- MongoDB 3.12 creates pid file and checks in init script ([MODULES-3956](https://tickets.puppet.com/browse/MODULES-3956)) +- gemfile template to be identical ([MODULES-3704](https://tickets.puppet.com/browse/MODULES-3704)) +- deprecation errors -## Release 0.16.0 +## Unsupported Release [0.16.0] ### Summary We fixed a critical bug where we lost idempotency in 0.15.0. The patch that fix this problem will be part of this release. -### Bugfixes +#### Fixed - Recursively manage only user/group for dbpath -## Release 0.15.0 +## Unsupported Release [0.15.0] ### Summary The addition of several new functional features which will help with management and multiple bug fixes. -### Features +#### Added - Added ability to set PID file mode. - Recursively manage the contents of dbpath directory. - Now alllows custom templates. - Addition of mongo listen port before creating facter. -### Bugfixes +#### Fixed - Now allows hyphens in database names. - Now converts MongoDB ObjectID objects to generic JSON. - Use the same regex that the mongodb provider does when correcting for ObjectID values in the isMaster response. - Fixes to ensure that the auth property for config is parsed correctly. - Now checks if mongo is up before evaluating is_master fact. -## Release 0.14.0 +## Unsupported Release [0.14.0] ### Summary This breaking release increases the lower bound of the puppetlabs-apt dependency to the 2.x series of apt and puppetlabs-stdlib to >= 4.4.0. The operating system metadata is also updated to reflect modern systems. -### Backwards-incompatible change -- Increase apt lower dependency to >= 2.1.0 -- Increase stdlib lower dependency to >= 4.4.0 -- Drop RHEL & Centos 5 -- Drop Debian 6 -- Drop Ubuntu 10.04 - -### Features +#### Added - Add `mongodb_is_master` fact - Add `mongodb::db::db_name` parameter for exported resource deduplication - Add Debian 8 compatibility @@ -53,16 +77,23 @@ This breaking release increases the lower bound of the puppetlabs-apt dependency - Add Ubuntu 16.04 compatibility - Add puppet 3.x 4.x compatibility metadata -### Bugfixes +#### Changed +- Increase apt lower dependency to >= 2.1.0 +- Increase stdlib lower dependency to >= 4.4.0 +- Drop RHEL & Centos 5 +- Drop Debian 6 +- Drop Ubuntu 10.04 + +#### Fixed - Catch unconfigured replset configuration queries - Fix timestamp and other javascript object removal - Correct permissions on .mongorc.js to 600 -## Release 0.13.0 +## Unsupported Release [0.13.0] ### Summary Adds several new large features, including the support of mongodb 3.x. Also applies numerous bugfixes, mainly around fixing errors being thrown and syntax issues. -#### Features +#### Added - Adds mongodb_version fact. - Add mongodb 3.x. - Update to current msync configs. @@ -74,7 +105,7 @@ Adds several new large features, including the support of mongodb 3.x. Also appl - Added $maxconns to mongodb::server::config. - Added Suse to operating systems. -#### Bugfixes +#### Fixed - Removes empty lines between doc and definition. - Fix when using admin params : catalog: Found 1 dependency cycle: issue. - Some syntax error fixes. @@ -83,11 +114,11 @@ Adds several new large features, including the support of mongodb 3.x. Also appl - Checks if $version is defined before versioncmp. - Fixed deprecation warning for use of configtimeout. -## 2016-02-08 - Release 0.12.0 +## Unsupported Release [0.12.0] ### Summary There are a number of bugfixes and features added in this release including, mongo db 3 engine support, ipv6 support and repo and yum improvements. -#### Features +#### Added - Distinguish between repo and package mgmt - Immplement retries for MongoDB shell commands - Initiate replica set creation from localhost if auth is enabled @@ -98,7 +129,7 @@ There are a number of bugfixes and features added in this release including, mon - Add yum proxy options - Enable IPv6 in mongodb provider -#### Bugfixes +#### Fixed - Fix mongodb_user username => name - ensure that the client install does not start before the repo setup - Fix replset not working on mongo 3.x @@ -111,43 +142,43 @@ There are a number of bugfixes and features added in this release including, mon - Do not add blank parameter in ipv4 - Apply module sync -## 2015-06-22 - Release 0.11.0 +## Unsupported Release [0.11.0] ### Summary -#### Features -- Add arbiter support to to `mongodb_replset` -- Add `mongod_service_manage`, `mongos_service_manage`, and `ipv6` to `mongodb::globals` -- Add `service_manage`, `unitxsocketprefix`, `pidfilepath`, `logpath`, `fork`, `bind_ip`, `port`, and `restart` to `mongodb::mongos` class -- Add `key`, `ipv6`, `service_manage`, and `restart` to `mongodb::server` class +#### Added +- arbiter support to to `mongodb_replset` +- `mongod_service_manage`, `mongos_service_manage`, and `ipv6` to `mongodb::globals` +- `service_manage`, `unitxsocketprefix`, `pidfilepath`, `logpath`, `fork`, `bind_ip`, `port`, and `restart` to `mongodb::mongos` class +- `key`, `ipv6`, `service_manage`, and `restart` to `mongodb::server` class - Allow mongodb\_conn\_validator to take an array of nodes via composite namevar -#### Bugfixes +#### Fixed - Update to long apt repo key and bump compatibility to include apt 2 - Fix `nohttpinterface` on >= 2.6 - Fix connection validation when bind\_ip is 0.0.0.0 - Fix mongodb\_conn\_validator to use default port in shard mode -##2015-01-13 - Release 0.10.0 -###Summary +## Unsupported Release [0.10.0] +### Summary This release adds a number of significant features and several bug fixes. -####Features +#### Added - Adds support for sharding - Adds support for RHEL 7 - Adds rudimentary support for SSL configuration - Adds support for the enterprise repository -####Bugfixes +#### Fixed - Fixes support for running on non-default ports - Fixes the idempotency of password setting (for mongo 2.6) -##2014-11-25 - Release 0.9.0 -###Summary +## Unsupported Release [0.9.0] +### Summary This release has a number of new parameters, support for 2.6, improved providers, and several bugfixes. -####Features +#### Added - New parameters: `mongodb::globals` - `$service_ensure` - `$service_enable` @@ -162,20 +193,20 @@ This release has a number of new parameters, support for 2.6, improved providers - Reimplement `mongodb_user` and `mongodb_database` provider - Added `mongodb_conn_validator` type -####Bugfixes +#### Fixed - Use hkp for the apt keyserver - Fix mongodb database existance check - Fix `$server_package_name` problem (MODULES-690) - Make sure `pidfilepath` doesn't have any spaces - Providers need the client command before they can work (MODULES-1285) -##2014-05-27 - Release 0.8.0 -###Summary +## Unsupported Release [0.8.0] +### Summary This feature features a rewritten mongodb_replset{} provider, includes several important bugfixes, ruby 1.8 support, and two new features. -####Features +#### Added - Rewritten mongodb_replset{}, featuring puppet resource support, prefetching, and flushing. - Add Ruby 1.8 compatibility. @@ -183,56 +214,77 @@ and flushing. - Add mongodb::replset, a wrapper class for hiera users. - Improved testing! -####Bugfixes +#### Fixed - Fixes the package names to work since 10gen renamed them again. - Fix provider name in the README. - Disallow `nojournal` and `journal` to be set at the same time. - Changed - to = for versioned install on Ubuntu. -##2014-1-29 - Release 0.7.0 -###Summary +## Unsupported Release [0.7.0] +### Summary Added Replica Set Type and Provider -##2014-1-17 - Release 0.6.0 -###Summary +## Unsupported Release [0.6.0] +### Summary Added support for installing MongoDB client on RHEL family systems. -##2014-01-10 Release 0.5.0 -###Summary +## Unsupported Release [0.5.0] +### Summary Added types for providers for Mongo users and databases. -##2013-12 Release 0.4.0 +## Unsupported Release [0.4.0] Major refactoring of the MongoDB module. Includes a new 'mongodb::globals' that consolidates many shared parameters into one location. This is an API-breaking release in anticipation of a 1.0 release. -##2013-10-31 - Release 0.3.0 -###Summary +## Unsupported Release [0.3.0] +### Summary Adds a number of parameters and fixes some platform specific bugs in module deployment. -##2013-09-25 - Release 0.2.0 -###Summary +## Unsupported Release [0.2.0] +### Summary This release fixes a duplicate parameter. -####Bugfixes +#### Fixed - Fix a duplicated parameter. -##2012-07-13 - Release 0.1.0 +## Unsupported Release [0.1.0] - Add support for RHEL/CentOS - Change default mongodb install location to OS repo -##2012-05-29 - Release 0.0.2 +## Unsupported Release [0.0.2] - Fix Modulefile typo. - Remove repo pin. - Update spec tests and add travis support. -##2012-05-03 - Release 0.0.1 +## Unsupported Release [0.0.1] - Initial Release. + +[1.0.0]: https://github.com/puppetlabs/puppetlabs-mongodb/compare/0.17.0...1.0.0 +[0.17.0]: https://github.com/puppetlabs/puppetlabs-mongodb/compare/0.16.0...0.17.0 +[0.16.0]: https://github.com/puppetlabs/puppetlabs-mongodb/compare/0.15.0...0.16.0 +[0.15.0]: https://github.com/puppetlabs/puppetlabs-mongodb/compare/0.14.0...0.15.0 +[0.14.0]: https://github.com/puppetlabs/puppetlabs-mongodb/compare/0.13.0...0.14.0 +[0.13.0]: https://github.com/puppetlabs/puppetlabs-mongodb/compare/0.12.0...0.13.0 +[0.12.0]: https://github.com/puppetlabs/puppetlabs-mongodb/compare/0.11.0...0.12.0 +[0.11.0]: https://github.com/puppetlabs/puppetlabs-mongodb/compare/0.10.0...0.11.0 +[0.10.0]: https://github.com/puppetlabs/puppetlabs-mongodb/compare/0.9.0...0.10.0 +[0.9.0]: https://github.com/puppetlabs/puppetlabs-mongodb/compare/0.8.0...0.9.0 +[0.8.0]: https://github.com/puppetlabs/puppetlabs-mongodb/compare/0.7.0...0.8.0 +[0.7.0]: https://github.com/puppetlabs/puppetlabs-mongodb/compare/0.6.0...0.7.0 +[0.6.0]: https://github.com/puppetlabs/puppetlabs-mongodb/compare/0.5.0...0.6.0 +[0.5.0]: https://github.com/puppetlabs/puppetlabs-mongodb/compare/0.4.0...0.5.0 +[0.4.0]: https://github.com/puppetlabs/puppetlabs-mongodb/compare/0.3.0...0.4.0 +[0.3.0]: https://github.com/puppetlabs/puppetlabs-mongodb/compare/0.2.0...0.3.0 +[0.2.0]: https://github.com/puppetlabs/puppetlabs-mongodb/compare/0.1.0...0.2.0 +[0.1.0]: https://github.com/puppetlabs/puppetlabs-mongodb/compare/0.0.2...0.1.0 +[0.0.2]: https://github.com/puppetlabs/puppetlabs-mongodb/compare/0.0.1...0.0.2 +[0.0.1]: https://github.com/puppetlabs/puppetlabs-mongodb/tree/0.0.1 diff --git a/Gemfile b/Gemfile index 46cb2eace..a9f0161c7 100644 --- a/Gemfile +++ b/Gemfile @@ -33,13 +33,13 @@ ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments minor_version = "#{ruby_version_segments[0]}.#{ruby_version_segments[1]}" group :development do - gem "puppet-module-posix-default-r#{minor_version}", :require => false, :platforms => "ruby" - gem "puppet-module-win-default-r#{minor_version}", :require => false, :platforms => ["mswin", "mingw", "x64_mingw"] - gem "puppet-module-posix-dev-r#{minor_version}", :require => false, :platforms => "ruby" - gem "puppet-module-win-dev-r#{minor_version}", :require => false, :platforms => ["mswin", "mingw", "x64_mingw"] - gem "json_pure", '<= 2.0.1', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') - gem "fast_gettext", '1.1.0', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') - gem "fast_gettext", :require => false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') + gem "puppet-module-posix-default-r#{minor_version}", :require => false, :platforms => "ruby" + gem "puppet-module-win-default-r#{minor_version}", :require => false, :platforms => ["mswin", "mingw", "x64_mingw"] + gem "puppet-module-posix-dev-r#{minor_version}", :require => false, :platforms => "ruby" + gem "puppet-module-win-dev-r#{minor_version}", '0.0.7', :require => false, :platforms => ["mswin", "mingw", "x64_mingw"] + gem "json_pure", '<= 2.0.1', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') + gem "fast_gettext", '1.1.0', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') + gem "fast_gettext", :require => false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') end group :system_tests do @@ -50,6 +50,7 @@ group :system_tests do gem "beaker-rspec", *location_for(ENV['BEAKER_RSPEC_VERSION']) gem "beaker-hostgenerator", *location_for(ENV['BEAKER_HOSTGENERATOR_VERSION']) gem "beaker-abs", *location_for(ENV['BEAKER_ABS_VERSION'] || '~> 0.1') + gem "puppet-blacksmith", '~> 3.4', :require => false end gem 'puppet', *location_for(ENV['PUPPET_GEM_VERSION']) diff --git a/README.md b/README.md index 49626027f..7beccfbcc 100644 --- a/README.md +++ b/README.md @@ -534,6 +534,10 @@ Administrator user roles ##### `store_creds` Store admin credentials in mongorc.js file. Uses with `create_admin` parameter +##### `handle_creds` +Set this to false to avoid having puppet handle .mongorc.js in case you wish to deliver it by other means. +This is needed for facts to work if you have auth set to true. Default is true. + #### Class: mongodb::mongos class. This class should only be used if you want to implement sharding within @@ -648,7 +652,10 @@ mongodb_user { testuser: Name of the mongodb user. ##### `password_hash` -Hex encoded md5 hash of "$username:mongo:$password". +Hex encoded md5 hash of "$username:mongo:$password". Only available on MongoDB 3.0 and later. + +##### `password` +Plaintext password of the user. ##### `database` Name of database. It will be created, if not exists. diff --git a/lib/puppet/parser/functions/mongodb_password.rb b/lib/puppet/parser/functions/mongodb_password.rb index e61bcb9da..79a97e846 100644 --- a/lib/puppet/parser/functions/mongodb_password.rb +++ b/lib/puppet/parser/functions/mongodb_password.rb @@ -1,4 +1,4 @@ -require 'digest/md5' +require File.expand_path(File.join(File.dirname(__FILE__),'..','..','util','mongodb_md5er')) module Puppet::Parser::Functions newfunction(:mongodb_password, :type => :rvalue, :doc => <<-EOS @@ -9,6 +9,6 @@ module Puppet::Parser::Functions raise(Puppet::ParseError, 'mongodb_password(): Wrong number of arguments ' + "given (#{args.size} for 2)") if args.size != 2 - Digest::MD5.hexdigest("#{args[0]}:mongo:#{args[1]}") + Puppet::Util::MongodbMd5er.md5(args[0],args[1]) end end diff --git a/lib/puppet/provider/mongodb.rb b/lib/puppet/provider/mongodb.rb index 34068459f..10ed8010c 100644 --- a/lib/puppet/provider/mongodb.rb +++ b/lib/puppet/provider/mongodb.rb @@ -138,20 +138,13 @@ def self.get_conn_string end def self.db_ismaster - cmd_ismaster = 'printjson(db.isMaster())' + cmd_ismaster = 'db.isMaster().ismaster' if mongorc_file cmd_ismaster = mongorc_file + cmd_ismaster end db = 'admin' - out = mongo_cmd(db, get_conn_string, cmd_ismaster) - out.gsub!(/ObjectId\(([^)]*)\)/, '\1') - out.gsub!(/ISODate\((.+?)\)/, '\1 ') - out.gsub!(/^Error\:.+/, '') - out.gsub!(/^.*warning\:.+/, '') # remove warnings if sslAllowInvalidHostnames is true - out.gsub!(/^.*The server certificate does not match the host name.+/, '') # remove warnings if sslAllowInvalidHostnames is true mongo 3.x - res = JSON.parse out - - return res['ismaster'] + res = mongo_cmd(db, get_conn_string, cmd_ismaster).to_s.chomp() + res.eql?('true') ? true : false end def db_ismaster diff --git a/lib/puppet/provider/mongodb_replset/mongo.rb b/lib/puppet/provider/mongodb_replset/mongo.rb index 3006debda..196e5ae62 100644 --- a/lib/puppet/provider/mongodb_replset/mongo.rb +++ b/lib/puppet/provider/mongodb_replset/mongo.rb @@ -270,7 +270,7 @@ def self.mongo_command(command, host=nil, retries=4) end # Dirty hack to remove JavaScript objects - output.gsub!(/\w+\((?!")(\d+).+?(? @resource[:username], - :pwd => @resource[:password_hash], - :roles => @resource[:roles] - } - - mongo_eval("db.addUser(#{user.to_json})", @resource[:database]) + if @resource[:password_hash] + Puppet.fail("password_hash can't be set on MongoDB older than 3.0; use password instead") + end + user = { + :user => @resource[:username], + :pwd => @resource[:password], + :roles => @resource[:roles] + } + + mongo_eval("db.addUser(#{user.to_json})", @resource[:database]) else - cmd_json=<<-EOS.gsub(/^\s*/, '').gsub(/$\n/, '') - { - "createUser": "#{@resource[:username]}", - "pwd": "#{@resource[:password_hash]}", - "customData": {"createdBy": "Puppet Mongodb_user['#{@resource[:name]}']"}, - "roles": #{@resource[:roles].to_json}, - "digestPassword": false - } - EOS + if password_hash = @resource[:password_hash] + elsif @resource[:password] + password_hash = Puppet::Util::MongodbMd5er.md5(@resource[:username],@resource[:password]) + end + cmd_json=<<-EOS.gsub(/^\s*/, '').gsub(/$\n/, '') + { + "createUser": "#{@resource[:username]}", + "pwd": "#{password_hash}", + "customData": {"createdBy": "Puppet Mongodb_user['#{@resource[:name]}']"}, + "roles": #{@resource[:roles].to_json}, + "digestPassword": false + } + EOS mongo_eval("db.runCommand(#{cmd_json})", @resource[:database]) end + else + Puppet.warning 'User creation is available only from master host' @property_hash[:ensure] = :present @property_hash[:username] = @resource[:username] @@ -88,8 +97,6 @@ def create @property_hash[:roles] = @resource[:roles] exists? ? (return true) : (return false) - else - Puppet.warning 'User creation is available only from master host' end end @@ -125,6 +132,21 @@ def password_hash=(value) end end + def password=(value) + if mongo_24? + mongo_eval("db.changeUserPassword('#{@resource[:username]}','#{value}')", @resource[:database]) + else + cmd_json=<<-EOS.gsub(/^\s*/, '').gsub(/$\n/, '') + { + "updateuser": "#{@resource[:username]}", + "pwd": "#{@resource[:password]}", + "digestpassword": true + } + EOS + + mongo_eval("db.runCommand(#{cmd_json})", @resource[:database]) + end + end def roles=(roles) if db_ismaster if mongo_24? diff --git a/lib/puppet/type/mongodb_user.rb b/lib/puppet/type/mongodb_user.rb index 2e46a0e2a..cb4f23f14 100644 --- a/lib/puppet/type/mongodb_user.rb +++ b/lib/puppet/type/mongodb_user.rb @@ -1,3 +1,4 @@ +require File.expand_path(File.join(File.dirname(__FILE__),'..','util','mongodb_md5er')) Puppet::Type.newtype(:mongodb_user) do @doc = 'Manage a MongoDB user. This includes management of users password as well as privileges.' @@ -51,13 +52,32 @@ def is_to_s(value) end newproperty(:password_hash) do - desc "The password hash of the user. Use mongodb_password() for creating hash." + desc "The password hash of the user. Use mongodb_password() for creating hash. Only available on MongoDB 3.0 and later." defaultto do - fail("Property 'password_hash' must be set. Use mongodb_password() for creating hash.") if provider.database == :absent + if @resource[:password].nil? + fail("Property 'password_hash' must be set. Use mongodb_password() for creating hash.") if provider.database == :absent + end end newvalue(/^\w+$/) end + newproperty(:password) do + desc "The plaintext password of the user." + # magic should/is comparison because mongo only returns hashes, but can only + # consume plaintext on pre-3.0 + def should_to_s(value = @should) + # Why is this an array sometimes? Ubuntu 14.04... + value = value.first if value.is_a? Array + Puppet::Util::MongodbMd5er.md5(@resource[:username],value) + end + def is_to_s(value = @is) + @resource.provider.password_hash + end + def insync?(is) + self.should_to_s == self.is_to_s + end + end + autorequire(:package) do 'mongodb_client' end @@ -65,4 +85,12 @@ def is_to_s(value) autorequire(:service) do 'mongodb' end + + validate do + if self[:password_hash].nil? and self[:password].nil? and self.provider.password.nil? and self.provider.password_hash.nil? + err("Either 'password_hash' or 'password' should be provided") + elsif !self[:password_hash].nil? and !self[:password].nil? + err("Only one of 'password_hash' or 'password' should be provided") + end + end end diff --git a/lib/puppet/util/mongodb_md5er.rb b/lib/puppet/util/mongodb_md5er.rb new file mode 100644 index 000000000..d59565d2d --- /dev/null +++ b/lib/puppet/util/mongodb_md5er.rb @@ -0,0 +1,11 @@ +require 'digest/md5' + +module Puppet + module Util + class MongodbMd5er + def self.md5(username,password) + Digest::MD5.hexdigest("#{username}:mongo:#{password}") + end + end + end +end diff --git a/lib/puppet/util/mongodb_validator.rb b/lib/puppet/util/mongodb_validator.rb index 7d6f075a8..aa8d41d7a 100644 --- a/lib/puppet/util/mongodb_validator.rb +++ b/lib/puppet/util/mongodb_validator.rb @@ -20,7 +20,7 @@ def initialize(mongodb_resource_name, mongodb_server, mongodb_port) @mongodb_server = IPAddr.new(uri.host).to_s @mongodb_port = uri.port rescue - @mongodb_server = IPAddr.new(mongodb_server).to_s + @mongodb_server = mongodb_server.to_s @mongodb_port = mongodb_port end end diff --git a/manifests/db.pp b/manifests/db.pp index ea95c9b2f..0a69431b8 100644 --- a/manifests/db.pp +++ b/manifests/db.pp @@ -35,7 +35,8 @@ mongodb_user { "User ${user} on db ${db_name}": ensure => present, - password_hash => $hash, + password_hash => $password_hash, + password => $password, username => $user, database => $db_name, roles => $roles, diff --git a/manifests/mongos/service.pp b/manifests/mongos/service.pp index 552fcaf5e..43ae2f664 100644 --- a/manifests/mongos/service.pp +++ b/manifests/mongos/service.pp @@ -29,27 +29,25 @@ $bind_ip_real = $bind_ip } - if $::osfamily == 'RedHat' { - file { '/etc/sysconfig/mongos' : + if $service_manage { + if $::osfamily == 'RedHat' { + file { '/etc/sysconfig/mongos' : + ensure => file, + owner => 'root', + group => 'root', + mode => '0755', + content => 'OPTIONS="--quiet -f /etc/mongodb-shard.conf"', + before => Service['mongos'], + } + } + file { '/etc/init.d/mongos' : ensure => file, + content => template("mongodb/mongos/${::osfamily}/mongos.erb"), owner => 'root', group => 'root', mode => '0755', - content => 'OPTIONS="--quiet -f /etc/mongodb-shard.conf"', before => Service['mongos'], } - } - - file { '/etc/init.d/mongos' : - ensure => file, - content => template("mongodb/mongos/${::osfamily}/mongos.erb"), - owner => 'root', - group => 'root', - mode => '0755', - before => Service['mongos'], - } - - if $service_manage { service { 'mongos': ensure => $service_ensure_real, name => $service_name, diff --git a/manifests/params.pp b/manifests/params.pp index af61af290..2e14cec46 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -10,6 +10,7 @@ $restart = true $create_admin = false $admin_username = 'admin' + $handle_creds = true $store_creds = false $rcfile = "${::root_home}/.mongorc.js" $dbpath_fix = true diff --git a/manifests/server.pp b/manifests/server.pp index 3831c57e0..9fc17cd80 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -1,8 +1,10 @@ # This installs a MongoDB server. See README.md for more details. class mongodb::server ( $ensure = $mongodb::params::ensure, + $user = $mongodb::params::user, $group = $mongodb::params::group, + $config = $mongodb::params::config, $dbpath = $mongodb::params::dbpath, $dbpath_fix = $mongodb::params::dbpath_fix, @@ -10,14 +12,17 @@ $pidfilemode = $mongodb::params::pidfilemode, $manage_pidfile = $mongodb::params::manage_pidfile, $rcfile = $mongodb::params::rcfile, + $service_manage = $mongodb::params::service_manage, $service_provider = $mongodb::params::service_provider, $service_name = $mongodb::params::service_name, $service_enable = $mongodb::params::service_enable, $service_ensure = $mongodb::params::service_ensure, $service_status = $mongodb::params::service_status, + $package_ensure = $mongodb::params::package_ensure, $package_name = $mongodb::params::server_package_name, + $logpath = $mongodb::params::logpath, $bind_ip = $mongodb::params::bind_ip, $ipv6 = undef, @@ -45,7 +50,7 @@ $nohttpinterface = undef, $noscripting = undef, $notablescan = undef, - $noprealloc = undef, + $noprealloc = undef, $nssize = undef, $mms_token = undef, $mms_name = undef, @@ -71,15 +76,18 @@ $ssl_invalid_hostnames = false, $restart = $mongodb::params::restart, $storage_engine = undef, + $create_admin = $mongodb::params::create_admin, $admin_username = $mongodb::params::admin_username, $admin_password = undef, + $handle_creds = $mongodb::params::handle_creds, $store_creds = $mongodb::params::store_creds, $admin_roles = ['userAdmin', 'readWrite', 'dbAdmin', 'dbAdminAnyDatabase', 'readAnyDatabase', 'readWriteAnyDatabase', 'userAdminAnyDatabase', 'clusterAdmin', 'clusterManager', 'clusterMonitor', 'hostManager', 'root', 'restore'], + # Deprecated parameters $master = undef, $slave = undef, diff --git a/manifests/server/config.pp b/manifests/server/config.pp index ea839179d..a2cf98eca 100644 --- a/manifests/server/config.pp +++ b/manifests/server/config.pp @@ -1,74 +1,75 @@ # PRIVATE CLASS: do not call directly class mongodb::server::config { - $ensure = $mongodb::server::ensure - $user = $mongodb::server::user - $group = $mongodb::server::group - $config = $mongodb::server::config - $config_content = $mongodb::server::config_content - $config_template = $mongodb::server::config_template - $dbpath = $mongodb::server::dbpath - $dbpath_fix = $mongodb::server::dbpath_fix - $pidfilepath = $mongodb::server::pidfilepath - $pidfilemode = $mongodb::server::pidfilemode - $manage_pidfile = $mongodb::server::manage_pidfile - $logpath = $mongodb::server::logpath - $logappend = $mongodb::server::logappend - $system_logrotate = $mongodb::server::system_logrotate - $fork = $mongodb::server::fork - $port = $mongodb::server::port - $journal = $mongodb::server::journal - $nojournal = $mongodb::server::nojournal - $smallfiles = $mongodb::server::smallfiles - $cpu = $mongodb::server::cpu - $auth = $mongodb::server::auth - $noath = $mongodb::server::noauth - $create_admin = $mongodb::server::create_admin - $admin_username = $mongodb::server::admin_username - $admin_password = $mongodb::server::admin_password - $store_creds = $mongodb::server::store_creds - $rcfile = $mongodb::server::rcfile - $verbose = $mongodb::server::verbose - $verbositylevel = $mongodb::server::verbositylevel - $objcheck = $mongodb::server::objcheck - $quota = $mongodb::server::quota - $quotafiles = $mongodb::server::quotafiles - $diaglog = $mongodb::server::diaglog - $oplog_size = $mongodb::server::oplog_size - $nohints = $mongodb::server::nohints - $nohttpinterface = $mongodb::server::nohttpinterface - $noscripting = $mongodb::server::noscripting - $notablescan = $mongodb::server::notablescan - $noprealloc = $mongodb::server::noprealloc - $nssize = $mongodb::server::nssize - $mms_token = $mongodb::server::mms_token - $mms_name = $mongodb::server::mms_name - $mms_interval = $mongodb::server::mms_interval - $master = $mongodb::server::master - $slave = $mongodb::server::slave - $only = $mongodb::server::only - $source = $mongodb::server::source - $configsvr = $mongodb::server::configsvr - $shardsvr = $mongodb::server::shardsvr - $replset = $mongodb::server::replset - $rest = $mongodb::server::rest - $quiet = $mongodb::server::quiet - $slowms = $mongodb::server::slowms - $keyfile = $mongodb::server::keyfile - $key = $mongodb::server::key - $ipv6 = $mongodb::server::ipv6 - $bind_ip = $mongodb::server::bind_ip - $directoryperdb = $mongodb::server::directoryperdb - $profile = $mongodb::server::profile - $maxconns = $mongodb::server::maxconns - $set_parameter = $mongodb::server::set_parameter - $syslog = $mongodb::server::syslog - $ssl = $mongodb::server::ssl - $ssl_key = $mongodb::server::ssl_key - $ssl_ca = $mongodb::server::ssl_ca - $ssl_weak_cert = $mongodb::server::ssl_weak_cert + $ensure = $mongodb::server::ensure + $user = $mongodb::server::user + $group = $mongodb::server::group + $config = $mongodb::server::config + $config_content = $mongodb::server::config_content + $config_template = $mongodb::server::config_template + $dbpath = $mongodb::server::dbpath + $dbpath_fix = $mongodb::server::dbpath_fix + $pidfilepath = $mongodb::server::pidfilepath + $pidfilemode = $mongodb::server::pidfilemode + $manage_pidfile = $mongodb::server::manage_pidfile + $logpath = $mongodb::server::logpath + $logappend = $mongodb::server::logappend + $system_logrotate = $mongodb::server::system_logrotate + $fork = $mongodb::server::fork + $port = $mongodb::server::port + $journal = $mongodb::server::journal + $nojournal = $mongodb::server::nojournal + $smallfiles = $mongodb::server::smallfiles + $cpu = $mongodb::server::cpu + $auth = $mongodb::server::auth + $noath = $mongodb::server::noauth + $create_admin = $mongodb::server::create_admin + $admin_username = $mongodb::server::admin_username + $admin_password = $mongodb::server::admin_password + $handle_creds = $mongodb::server::handle_creds + $store_creds = $mongodb::server::store_creds + $rcfile = $mongodb::server::rcfile + $verbose = $mongodb::server::verbose + $verbositylevel = $mongodb::server::verbositylevel + $objcheck = $mongodb::server::objcheck + $quota = $mongodb::server::quota + $quotafiles = $mongodb::server::quotafiles + $diaglog = $mongodb::server::diaglog + $oplog_size = $mongodb::server::oplog_size + $nohints = $mongodb::server::nohints + $nohttpinterface = $mongodb::server::nohttpinterface + $noscripting = $mongodb::server::noscripting + $notablescan = $mongodb::server::notablescan + $noprealloc = $mongodb::server::noprealloc + $nssize = $mongodb::server::nssize + $mms_token = $mongodb::server::mms_token + $mms_name = $mongodb::server::mms_name + $mms_interval = $mongodb::server::mms_interval + $master = $mongodb::server::master + $slave = $mongodb::server::slave + $only = $mongodb::server::only + $source = $mongodb::server::source + $configsvr = $mongodb::server::configsvr + $shardsvr = $mongodb::server::shardsvr + $replset = $mongodb::server::replset + $rest = $mongodb::server::rest + $quiet = $mongodb::server::quiet + $slowms = $mongodb::server::slowms + $keyfile = $mongodb::server::keyfile + $key = $mongodb::server::key + $ipv6 = $mongodb::server::ipv6 + $bind_ip = $mongodb::server::bind_ip + $directoryperdb = $mongodb::server::directoryperdb + $profile = $mongodb::server::profile + $maxconns = $mongodb::server::maxconns + $set_parameter = $mongodb::server::set_parameter + $syslog = $mongodb::server::syslog + $ssl = $mongodb::server::ssl + $ssl_key = $mongodb::server::ssl_key + $ssl_ca = $mongodb::server::ssl_ca + $ssl_weak_cert = $mongodb::server::ssl_weak_cert $ssl_invalid_hostnames = $mongodb::server::ssl_invalid_hostnames - $storage_engine = $mongodb::server::storage_engine - $version = $mongodb::server::version + $storage_engine = $mongodb::server::storage_engine + $version = $mongodb::server::version File { owner => $user, @@ -260,17 +261,19 @@ } } - if $auth and $store_creds { - file { $rcfile: - ensure => present, - content => template('mongodb/mongorc.js.erb'), - owner => 'root', - group => 'root', - mode => '0600', - } - } else { - file { $rcfile: - ensure => absent, + if $handle_creds { + if $auth and $store_creds { + file { $rcfile: + ensure => present, + content => template('mongodb/mongorc.js.erb'), + owner => 'root', + group => 'root', + mode => '0600', + } + } else { + file { $rcfile: + ensure => absent, + } } } } diff --git a/metadata.json b/metadata.json index 513e9fc56..11e3e4487 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-mongodb", - "version": "0.17.0", + "version": "1.0.0", "author": "puppetlabs", "summary": "Installs MongoDB on RHEL/Ubuntu/Debian.", "license": "Apache-2.0", @@ -41,11 +41,11 @@ "requirements": [ { "name": "puppet", - "version_requirement": ">= 3.0.0 < 5.0.0" + "version_requirement": ">= 4.7.0 < 6.0.0" } ], "dependencies": [ - {"name":"puppetlabs/apt","version_requirement":">= 2.1.0 <3.0.0"}, - {"name":"puppetlabs/stdlib","version_requirement":">= 4.4.0 <5.0.0"} + {"name":"puppetlabs/apt","version_requirement":">= 2.1.0 < 5.0.0"}, + {"name":"puppetlabs/stdlib","version_requirement":">= 4.4.0 < 5.0.0"} ] } diff --git a/spec/acceptance/nodesets/ubuntu-1404-vcloud.yml b/spec/acceptance/nodesets/ubuntu-1404-vcloud.yml new file mode 100644 index 000000000..77b0c6ad1 --- /dev/null +++ b/spec/acceptance/nodesets/ubuntu-1404-vcloud.yml @@ -0,0 +1,15 @@ +HOSTS: + 'ubuntu-1404-64': + roles: + - master + platform: ubuntu-14.04-amd64 + hypervisor: vcloud + template: ubuntu-1404-x86_64 +CONFIG: + type: foss + ssh: + keys: "~/.ssh/id_rsa-acceptance" + datastore: instance0 + folder: Delivery/Quality Assurance/Enterprise/Dynamic + resourcepool: delivery/Quality Assurance/Enterprise/Dynamic + pooling_api: http://vcloud.delivery.puppetlabs.net/ diff --git a/spec/unit/puppet/type/mongodb_user_spec.rb b/spec/unit/puppet/type/mongodb_user_spec.rb index 26a8c496b..b9960b4d9 100644 --- a/spec/unit/puppet/type/mongodb_user_spec.rb +++ b/spec/unit/puppet/type/mongodb_user_spec.rb @@ -22,11 +22,16 @@ expect(@user[:tries]).to eq(5) end - it 'should accept a password' do + it 'should accept a password hash' do @user[:password_hash] = 'foo' expect(@user[:password_hash]).to eq('foo') end + it 'should accept a plaintext password' do + @user[:password] = 'foo' + expect(@user[:password]).to eq('foo') + end + it 'should use default role' do expect(@user[:roles]).to eq(['dbAdmin']) end