Update mongodb to a5d6e5d36fb1007534bca85fd277a678e6c5a2ee

a5d6e5d36fb1007534bca85fd277a678e6c5a2ee Merge pull request redhat-openstack#242 from jschlyter/speling 6cab31854b4e015299052248e34c3df7a5f623d4 typo b676878f3989cee7e72cabb4c382eb51e7eee0bc Merge pull request redhat-openstack#233 from fatmcgav/fix_role_management 273463aef7767bad6bbda454cb093b3aeb83bcdc (MODULES-2636) Switch to comparing current roles value with @property_hash[:roles] value, and fix failing tests as a result 97cdfc2097f22173c3c94a3d485d010c410e8888 Merge pull request redhat-openstack#194 from fatmcgav/support_auth 56c0014aee8356caec60596f32bf03776f548fbe (MODULES-1947) Improve support for MongoDB authentication and replicaset management. Adds the ability to create an 'administration' MongoDB user account, which then gets stored in a mongorc.js file which enables Puppet to connect to MongoDB without credentials. Admin username and password can be over-ridden via 'admin_username' and 'admin_password' parameters. Replica set configuration can be completed as part of mongodb::server class by either providing a list of members using 'replset_members', or a full replica set config hash using 'replset_config'. Alternatively, mongodb::replset can be used to configure replicaset seperately. Any attempt to manage mongodb_db or mongodb_user resources on non-master replicaset members will generate a warning instead of failing. 9262b8ad127a09fcec7f97a0f8bb56b1b44ecd74 globals: fix, add pidfilepath to globals when used in params e399acf9c32f9442c33802414832f632cb55fd3d added an option to set a custom repository location Change-Id: I6776ae2d43f6e4991b2bb5d712c7d4f2db1e9ef6
xbezdick · Nov 25, 2015 · bb69436 · bb69436
1 parent 3e28722
commit bb69436
Show file tree

Hide file tree

Showing 22 changed files with 818 additions and 153 deletions.
diff --git a/Puppetfile b/Puppetfile
@@ -119,7 +119,7 @@ mod 'module-data',
   :git => 'https://github.com/ripienaar/puppet-module-data.git'
 
 mod 'mongodb',
-  :commit => 'f8d89eb6cc4d52a01dbc1020b76c2c562a56eb66',
+  :commit => 'a5d6e5d36fb1007534bca85fd277a678e6c5a2ee',
   :git => 'https://github.com/puppetlabs/puppetlabs-mongodb.git'
 
 mod 'mysql',

diff --git a/mongodb/.gitignore b/mongodb/.gitignore
@@ -7,3 +7,5 @@ spec/fixtures/
 coverage/
 .idea/
 *.iml
+.ruby-*
+log/
diff --git a/mongodb/README.md b/mongodb/README.md
@@ -398,6 +398,22 @@ Use this setting to enable shard server mode for mongod.
 Use this setting to configure replication with replica sets. Specify a replica
 set name as an argument to this set. All hosts must have the same set name.
 
+#####`replset_members`
+An array of member hosts for the replica set.
+Mutually exclusive with `replset_config` param.
+
+#####`replset_config`
+A hash that is used to configure the replica set.
+Mutually exclusive with `replset_members` param.
+
+```puppet
+class mongodb::server {
+  replset        => 'rsmain',
+  replset_config => { 'rsmain' => { ensure  => present, members => ['host1:27017', 'host2:27017', 'host3:27017']  }  }
+
+}
+```
+
 #####`rest`
 Set to true to enable a simple REST interface. Default: false
 
@@ -473,6 +489,23 @@ You should not set this for MongoDB versions < 3.x
 #####`restart`
 Specifies whether the service should be restarted on config changes. Default: 'true'
 
+#####`create_admin`
+Allows to create admin user for admin database.
+Redefine these parameters if needed:
+
+#####`admin_username`
+Administrator user name
+
+#####`admin_password`
+Administrator user password
+
+#####`admin_roles`
+Administrator user roles
+
+#####`store_creds`
+Store admin credentials in mongorc.js file. Uses with `create_admin` parameter
+
+
 ####Class: mongodb::mongos
 class. This class should only be used if you want to implement sharding within
 your mongodb deployment.
@@ -565,6 +598,9 @@ The maximum amount of two second tries to wait MongoDB startup. Default: 10
 #### Provider: mongodb_user
 'mongodb_user' can be used to create and manage users within MongoDB database.
 
+*Note:* if replica set is enabled, replica initialization has to come before
+any user operations.
+
 ```puppet
 mongodb_user { testuser:
   name          => 'testuser',

diff --git a/mongodb/lib/puppet/provider/mongodb.rb b/mongodb/lib/puppet/provider/mongodb.rb
@@ -1,4 +1,5 @@
 require 'yaml'
+require 'json'
 class Puppet::Provider::Mongodb < Puppet::Provider
 
   # Without initvars commands won't work.
@@ -74,9 +75,44 @@ def self.get_conn_string
     "#{ip_real}:#{port_real}"
   end
 
+  def self.db_ismaster
+    cmd_ismaster = 'printjson(db.isMaster())'
+    if mongorc_file
+        cmd_ismaster = mongorc_file + cmd_ismaster
+    end
+    out = mongo(['admin', '--quiet', '--host', get_conn_string, '--eval', cmd_ismaster])
+    out.gsub!(/ObjectId\(([^)]*)\)/, '\1')
+    out.gsub!(/ISODate\((.+?)\)/, '\1 ')
+    out.gsub!(/^Error\:.+/, '')
+    res = JSON.parse out
+
+    return res['ismaster']
+  end
+
+  def db_ismaster
+    self.class.db_ismaster
+  end
+
+  def self.auth_enabled
+    auth_enabled = false
+    file = get_mongod_conf_file
+    config = YAML.load_file(file)
+    if config.kind_of?(Hash)
+      auth_enabled = config['security.authorization']
+    else # It has to be a key-value store
+      config = {}
+      File.readlines(file).collect do |line|
+        k,v = line.split('=')
+        config[k.rstrip] = v.lstrip.chomp if k and v
+      end
+      auth_enabled = config['auth']
+    end
+    return auth_enabled
+  end
+
   # Mongo Command Wrapper
-  def self.mongo_eval(cmd, db = 'admin')
-    retry_count = 10
+  def self.mongo_eval(cmd, db = 'admin', retries = 10, host = nil)
+    retry_count = retries
     retry_sleep = 3
     if mongorc_file
         cmd = mongorc_file + cmd
@@ -85,25 +121,30 @@ def self.mongo_eval(cmd, db = 'admin')
     out = nil
     retry_count.times do |n|
       begin
-        out = mongo([db, '--quiet', '--host', get_conn_string, '--eval', cmd])
+        if host
+          out = mongo([db, '--quiet', '--host', host, '--eval', cmd])
+        else
+          out = mongo([db, '--quiet', '--host', get_conn_string, '--eval', cmd])
+        end
       rescue => e
-        debug "Request failed: '#{e.message}' Retry: '#{n}'"
+        Puppet.debug "Request failed: '#{e.message}' Retry: '#{n}'"
         sleep retry_sleep
         next
       end
       break
     end
 
     if !out
-     fail "Could not evalute MongoDB shell command: #{cmd}"
+      raise Puppet::ExecutionFailure, "Could not evalute MongoDB shell command: #{cmd}"
     end
 
     out.gsub!(/ObjectId\(([^)]*)\)/, '\1')
+    out.gsub!(/^Error\:.+/, '')
     out
   end
 
-  def mongo_eval(cmd, db = 'admin')
-    self.class.mongo_eval(cmd, db)
+  def mongo_eval(cmd, db = 'admin', retries = 10, host = nil)
+    self.class.mongo_eval(cmd, db, retries, host)
   end
 
   # Mongo Version checker

diff --git a/mongodb/lib/puppet/provider/mongodb_database/mongodb.rb b/mongodb/lib/puppet/provider/mongodb_database/mongodb.rb
@@ -26,11 +26,19 @@ def self.prefetch(resources)
   end
 
   def create
-    mongo_eval('db.dummyData.insert({"created_by_puppet": 1})', @resource[:name])
+    if db_ismaster
+      mongo_eval('db.dummyData.insert({"created_by_puppet": 1})', @resource[:name])
+    else
+      Puppet.warning 'Database creation is available only from master host'
+    end
   end
 
   def destroy
-    mongo_eval('db.dropDatabase()', @resource[:name])
+    if db_ismaster
+      mongo_eval('db.dropDatabase()', @resource[:name])
+    else
+      Puppet.warning 'Database removal is available only from master host'
+    end
   end
 
   def exists?
-Original file line number
+Diff line change
@@ Expand Up / @@ -7,3 +7,5 @@ spec/fixtures/ @@
     coverage/
     .idea/
     *.iml
+    .ruby-*
+    log/